Overview

overview

6

Static

static

1

x-mouse-bu...k1.exe

windows11-21h2-x64

6

Analysis

  • max time kernel
    62s
  • max time network
    59s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20/08/2024, 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x-mouse-button-control-2.20.5-installer_Yes-Xk1.exe

  • Size

    1.7MB

  • MD5

    409730e16e45481178c171b29af42aee

  • SHA1

    666fe3d178e1a80361498739a7e33d203985706e

  • SHA256

    5c4531443feea8e96d6b18fc07521aa309bbfbcb124c6b3941edefa23a3f963c

  • SHA512

    4284b9706be5cdf258df4486769bd9db9ff00f7ae75c71f29cf855f7d9ba3d6c15d3b5d67a546672d9d2f31f8acfd196af1023d55a127aaeab24bc05e9cf219b

  • SSDEEP

    24576:97FUDowAyrTVE3U5F/Da++Brk6Dgn1gr4gUsvQZuEMTcXx:9BuZrEUx+Br3giKhMT+

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 8 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 13 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Control Panel 3 IoCs
    evasion
  • Modifies registry class 33 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2.20.5-installer_Yes-Xk1.exe
    "C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2.20.5-installer_Yes-Xk1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Users\Admin\AppData\Local\Temp\is-JQ00R.tmp\x-mouse-button-control-2.20.5-installer_Yes-Xk1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JQ00R.tmp\x-mouse-button-control-2.20.5-installer_Yes-Xk1.tmp" /SL5="$8024E,837598,832512,C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2.20.5-installer_Yes-Xk1.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4924
      • C:\Users\Admin\Downloads\x-mouse-button-control-2.20.5-installer.exe
        "C:\Users\Admin\Downloads\x-mouse-button-control-2.20.5-installer.exe"
        3⤵
        • Adds Run key to start application
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies Control Panel
        • Modifies registry class
        PID:1152
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbebee3cb8,0x7ffbebee3cc8,0x7ffbebee3cd8
      2⤵
        PID:1400
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
        2⤵
          PID:4828
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2940
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
          2⤵
            PID:1904
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
            2⤵
              PID:1556
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
              2⤵
                PID:276
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
                2⤵
                  PID:4724
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
                  2⤵
                    PID:1000
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3944
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
                    2⤵
                      PID:4532
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
                      2⤵
                        PID:4028
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
                        2⤵
                          PID:1148
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
                          2⤵
                            PID:568
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
                            2⤵
                              PID:3124
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,3259382533924066280,9263741087731090283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
                              2⤵
                                PID:420
                            • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
                              "C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
                              1⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Modifies Control Panel
                              • Modifies system certificate store
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              • Suspicious use of SetWindowsHookEx
                              PID:2168
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4576
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3496
                                • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
                                  "C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /notportable
                                  1⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2552

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
                                  Filesize

                                  364KB

                                  MD5

                                  80d5f32b3fc515402b9e1fe958dedf81

                                  SHA1

                                  a80ffd7907e0de2ee4e13c592b888fe00551b7e0

                                  SHA256

                                  0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

                                  SHA512

                                  1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

                                  Download Submit

                                • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
                                  Filesize

                                  1.7MB

                                  MD5

                                  bb632bc4c4414303c783a0153f6609f7

                                  SHA1

                                  eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

                                  SHA256

                                  7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

                                  SHA512

                                  15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

                                  Download Submit

                                • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll
                                  Filesize

                                  1.0MB

                                  MD5

                                  d62a4279ebba19c9bf0037d4f7cbf0bc

                                  SHA1

                                  5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

                                  SHA256

                                  c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

                                  SHA512

                                  6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  04aa3f476e468ef3c0866e8dedd8f6e4

                                  SHA1

                                  1e9fa8fd586c03447a4c5b4cee261900e9f464ae

                                  SHA256

                                  87b74207d65f6745b38a19dce13336ee839fb4d7929fce446c3d1177aa80c42a

                                  SHA512

                                  7d860bbe9c847ea0b60f210860d865f1e936aa2210a6f9aa87e9fd72f992a022ecb9a1827212eb9b97dd7798540770f55c67362714d90d0bfd080ad1e5e7aaa8

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  db1dacae9540e883ae83489b18cfc326

                                  SHA1

                                  ec3b68e635d8ce3bdafe258bca5187536d43065b

                                  SHA256

                                  3427a8a3b4868bd25a231ee8fe0ebada0b3474f2d8dc0fdd01a8931a8700a37f

                                  SHA512

                                  2e40df3bd1a045c69173f1a169b7080163de8f62a44d41d46c28f1643943657c532caa72f65b44a2175f976fdfd3d8328d989e011730aa851aecbcf02dde4a95

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  312B

                                  MD5

                                  ddc6fc0a2450b29cd8741ea61d0b4e2d

                                  SHA1

                                  c8a2c4c0b14be0004b690acc853249472a24dc27

                                  SHA256

                                  231f109c117d67d487404cbfa163da185e806a47433187aad31be04cde5d657a

                                  SHA512

                                  a2815a54e3953dc311464d262802f8e24eca27bed3c8644e7694ccaabb830676ef41cdfd33632d9785c5a085179903fccb06732b40aa6ece7a2e330ef6d6a4b6

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  1KB

                                  MD5

                                  031a8df2c57be009b2c6c226e30d9e93

                                  SHA1

                                  60f06ec51df62331473e74b199db02e5e8268406

                                  SHA256

                                  2c1a3e5e100e495dbfeb09d4d51cd3b96f2dca92310329fbd7f931e7c9b2aca7

                                  SHA512

                                  afd997f50cdb1214c192deff71b23292ea78eae49af02089b8d6d4b4f476b2130a7fba18a6ff33f3699689403f182778a33bd42e19bd55e763cd0fa2ca88f49d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  860db1ee3222d06a8ed15cd8796f3692

                                  SHA1

                                  3e2ff812015811b5582fb10b9149eb8d0f57d137

                                  SHA256

                                  77fecd0f1fe9033595c41d02c8331e77429c13f2797cf85815a81e87c19f2d22

                                  SHA512

                                  4c405e3c069653594df22555f52a0061f81f34bb929dad27af8a492e3683d181073b7380879e2e652a055cd9159259c1e98b0a9874c1fe51e70042f3a1fdfbc7

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  7KB

                                  MD5

                                  f769a15fd3f5da09b519d3e89d5213e0

                                  SHA1

                                  f88d4aaf2ab5718ee3e7f7ed7f4843631e31df20

                                  SHA256

                                  e58ecfe4607624ccbbd7aa95ee424dbb14cfabc42dc1aebbad4f1093e0491608

                                  SHA512

                                  c7e6f5dd6a5e0cf224bceb38af2299d4d84607d75d271f5e3037dfb8502017047bfa06b0db90492f402d0730d6f630c726a658f4e4e99582faf18a353b44a439

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                  Filesize

                                  25KB

                                  MD5

                                  a34680f8b1266e2832acacdd5974cb48

                                  SHA1

                                  8ed0a05cd9bb03b4990ba77cc79662cacb1e9700

                                  SHA256

                                  cebd372ccf5372c18ce3b746cd8dff2d0e01ec59542d1b3079887f9a8d1d1c21

                                  SHA512

                                  6e4739b7489525c9979dd92f7c480d9574b4215aa92f65edee6e5db9aaf555d9c0ba578d6b6ad92c839648060157967e97a16fdb9d66ce173db6f7c82dd8562d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  206702161f94c5cd39fadd03f4014d98

                                  SHA1

                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                  SHA256

                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                  SHA512

                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  360975f167e5315b00843f2f06338815

                                  SHA1

                                  92c0aa02fb00987c7a35e5f8da03fbd0f9884cc3

                                  SHA256

                                  aede966ac5a830539cc32f4656591ad5427c80c239ea25344969285eda98fe00

                                  SHA512

                                  2c112a826166cee1490a74a56976f3a64db99ff9cae19879341762e68d5af41de819d68e52fe825744dfb5d012822c64187dbf5616b9c6e0b33c17f28e0ba0c5

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\is-JQ00R.tmp\x-mouse-button-control-2.20.5-installer_Yes-Xk1.tmp
                                  Filesize

                                  3.1MB

                                  MD5

                                  fb2d36c3c1ef5cec5666c28968787cee

                                  SHA1

                                  5986f4f6a8658b3874b001b8ee1bea1c7b8343b4

                                  SHA256

                                  a7bdb4738cb4e896d2dbc4a4928c54560a3623e133c41cbfc00021863ded75f1

                                  SHA512

                                  5df9002abe6797d7f7d127342a4ca51e085af83c35f40d9e2768d410646be313d37004daaa637736ae1caac36860d2459cb4ee74e2cc34b05f281140fb285417

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\is-RPEFI.tmp\RAV_Cross.png
                                  Filesize

                                  56KB

                                  MD5

                                  4167c79312b27c8002cbeea023fe8cb5

                                  SHA1

                                  fda8a34c9eba906993a336d01557801a68ac6681

                                  SHA256

                                  c3bf350627b842bed55e6a72ab53da15719b4f33c267a6a132cb99ff6afe3cd8

                                  SHA512

                                  4815746e5e30cbef626228601f957d993752a3d45130feeda335690b7d21ed3d6d6a6dc0ad68a1d5ba584b05791053a4fc7e9ac7b64abd47feaa8d3b919353bb

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\is-RPEFI.tmp\WebAdvisor.png
                                  Filesize

                                  46KB

                                  MD5

                                  5fd73821f3f097d177009d88dfd33605

                                  SHA1

                                  1bacbbfe59727fa26ffa261fb8002f4b70a7e653

                                  SHA256

                                  a6ecce54116936ca27d4be9797e32bf2f3cfc7e41519a23032992970fbd9d3ba

                                  SHA512

                                  1769a6dfaa30aac5997f8d37f1df3ed4aab5bbee2abbcb30bde4230afed02e1ea9e81720b60f093a4c7fb15e22ee15a3a71ff7b84f052f6759640734af976e02

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\is-RPEFI.tmp\mainlogo.jpg
                                  Filesize

                                  2KB

                                  MD5

                                  a13e498a2101fc5997c646aa15233e71

                                  SHA1

                                  01b1dd662a94a6e88e2ee0196dda139f13942aa0

                                  SHA256

                                  a6c71719ddd56cdce310a836779735f6343e734a85b0fc8ee4e537821098d903

                                  SHA512

                                  1a02215b8c3edde648d5c40cf9c0c2bbfe9ff4d64095d9a2786e8364aea4888d0596786f91ccf4566525330089ddede44af15f64d3fd6b27b015a03e27dcac14

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nseC4D8.tmp\InstallOptions.dll
                                  Filesize

                                  14KB

                                  MD5

                                  d753362649aecd60ff434adf171a4e7f

                                  SHA1

                                  3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

                                  SHA256

                                  8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

                                  SHA512

                                  41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nseC4D8.tmp\ShellExecAsUser.dll
                                  Filesize

                                  7KB

                                  MD5

                                  86a81b9ab7de83aa01024593a03d1872

                                  SHA1

                                  8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

                                  SHA256

                                  27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

                                  SHA512

                                  cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nseC4D8.tmp\System.dll
                                  Filesize

                                  10KB

                                  MD5

                                  56a321bd011112ec5d8a32b2f6fd3231

                                  SHA1

                                  df20e3a35a1636de64df5290ae5e4e7572447f78

                                  SHA256

                                  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

                                  SHA512

                                  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nseC4D8.tmp\ioSpecial.ini
                                  Filesize

                                  739B

                                  MD5

                                  3c2af7c0ae6078574fc85294adb4be64

                                  SHA1

                                  6591b7acec6fe69ac6eadb2af40220c9f25ece8a

                                  SHA256

                                  5517e92b03560958a4939c2f5b1d931587bff1520d49aa475a290d492a20002d

                                  SHA512

                                  974fd7eba4fd46a1291c2124ba86fb8a9f0ebe63e0071d831e18540f289f0ab66c44202233523aec60376545071c2c4c6e5f08884731e59d70a2e5717a851c80

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nseC4D8.tmp\ioSpecial.ini
                                  Filesize

                                  696B

                                  MD5

                                  6ef3582db87db45428914f32bf1b5bde

                                  SHA1

                                  0504b5f66ab59b05664e58530d2941b2629648bc

                                  SHA256

                                  9debea2be7fa775c8fd0e512a71d91e35f7f92237bf47043144c6e9a1c089184

                                  SHA512

                                  efdfce2ada9bf1f993c48bd7567aea7c5c4e05cbe4a6ecfdd243548801af71d7873d9c47a41d3eb1adbdd06bd088e40845d5b88816f83c079a2662f868df3afa

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nseC4D8.tmp\ioSpecial.ini
                                  Filesize

                                  696B

                                  MD5

                                  34da9133cd8847b3a2d5d1176fce4551

                                  SHA1

                                  cbf6d87d9520f7200fd28767b58dd1a55af8292d

                                  SHA256

                                  523a70f6f1907f3e940c96f6a6203ff3d7bc63ef0c0873a5b05aaaebd7d944c1

                                  SHA512

                                  366f41d16b537e96284e88723b30d19e41b438411a7682dd69ee4e1b0c4eff0c977b223d2cc67f2aef3c4d99aa470c22a5b34f3fee4076ef5fa550f913c1d5f9

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nseC4D8.tmp\ioSpecial.ini
                                  Filesize

                                  709B

                                  MD5

                                  66a48accb6400f2d6568d970199667e9

                                  SHA1

                                  c19f247298580d41ca88d895a76632f00984f342

                                  SHA256

                                  0fa7b81ca2d3d7865b60a999ed3bab8baef9b213bd6f8a56efb183105a966e4b

                                  SHA512

                                  04022ec8b2898d07f6f8ab542d0e271959371196771f92b5c2e917c9fce07aeb8f72c31e2fc7ade37b4a372b52306ec58034e3fba7287fe959fb83a6a26868b3

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nseC4D8.tmp\nsDialogs.dll
                                  Filesize

                                  9KB

                                  MD5

                                  f832e4279c8ff9029b94027803e10e1b

                                  SHA1

                                  134ff09f9c70999da35e73f57b70522dc817e681

                                  SHA256

                                  4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

                                  SHA512

                                  bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\Persist.xmbcps
                                  Filesize

                                  16B

                                  MD5

                                  4ae71336e44bf9bf79d2752e234818a5

                                  SHA1

                                  e129f27c5103bc5cc44bcdf0a15e160d445066ff

                                  SHA256

                                  374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

                                  SHA512

                                  0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\XMouseButtonControl.log
                                  Filesize

                                  1KB

                                  MD5

                                  bb55462b7d89fe4cf0298b23c9ff8099

                                  SHA1

                                  bd2e245d2fcdf93d896bbfa73e3493e744ca51c4

                                  SHA256

                                  6d2970ec9676ba3a1531a63b2636b5a021e78f83d8bc138f6789b68cebc7d2f4

                                  SHA512

                                  36cc965cfe3a35e5adbf3f7259e66ae79543fc77fe7bfa7ada7a6878bae5eac5510e133127fca2937ae1f0511a527286a248ebe4301a585766166781654c8474

                                  Download Submit

                                • C:\Users\Admin\Downloads\x-mouse-button-control-2.20.5-installer.exe
                                  Filesize

                                  2.9MB

                                  MD5

                                  2e9725bc1d71ad1b8006dfc5a2510f88

                                  SHA1

                                  6e1f7d12881696944bf5e030a7d131b969de0c6c

                                  SHA256

                                  2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

                                  SHA512

                                  62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39

                                  Download Submit

                                • memory/1168-154-0x0000000000400000-0x00000000004D8000-memory.dmp

                                  Filesize

                                  864KB

                                  Download

                                • memory/1168-0-0x0000000000401000-0x00000000004B7000-memory.dmp

                                  Filesize

                                  728KB

                                  Download

                                • memory/1168-21-0x0000000000400000-0x00000000004D8000-memory.dmp

                                  Filesize

                                  864KB

                                  Download

                                • memory/1168-1-0x0000000000400000-0x00000000004D8000-memory.dmp

                                  Filesize

                                  864KB

                                  Download

                                • memory/4924-27-0x0000000000400000-0x000000000071C000-memory.dmp

                                  Filesize

                                  3.1MB

                                  Download

                                • memory/4924-152-0x0000000000400000-0x000000000071C000-memory.dmp

                                  Filesize

                                  3.1MB

                                  Download

                                • memory/4924-49-0x0000000000400000-0x000000000071C000-memory.dmp

                                  Filesize

                                  3.1MB

                                  Download

                                • memory/4924-47-0x0000000002EC0000-0x0000000003000000-memory.dmp

                                  Filesize

                                  1.2MB

                                  Download

                                • memory/4924-33-0x0000000000400000-0x000000000071C000-memory.dmp

                                  Filesize

                                  3.1MB

                                  Download

                                • memory/4924-32-0x0000000002EC0000-0x0000000003000000-memory.dmp

                                  Filesize

                                  1.2MB

                                  Download

                                • memory/4924-28-0x0000000000400000-0x000000000071C000-memory.dmp

                                  Filesize

                                  3.1MB

                                  Download

                                • memory/4924-26-0x0000000002EC0000-0x0000000003000000-memory.dmp

                                  Filesize

                                  1.2MB

                                  Download

                                • memory/4924-22-0x0000000000400000-0x000000000071C000-memory.dmp

                                  Filesize

                                  3.1MB

                                  Download

                                • memory/4924-20-0x0000000000400000-0x000000000071C000-memory.dmp

                                  Filesize

                                  3.1MB

                                  Download

                                • memory/4924-19-0x0000000002EC0000-0x0000000003000000-memory.dmp

                                  Filesize

                                  1.2MB

                                  Download

                                • memory/4924-6-0x0000000000400000-0x000000000071C000-memory.dmp

                                  Filesize

                                  3.1MB

                                  Download