2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
107s
max time network
111s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
30-08-2024 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMouseButtonControlSetup.2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1420	Process not Found
976	XMouseButtonControl.exe

Loads dropped DLL 9 IoCs

pid	Process
2456	XMouseButtonControlSetup.2.20.5.exe
2456	XMouseButtonControlSetup.2.20.5.exe
2456	XMouseButtonControlSetup.2.20.5.exe
2456	XMouseButtonControlSetup.2.20.5.exe
2456	XMouseButtonControlSetup.2.20.5.exe
2456	XMouseButtonControlSetup.2.20.5.exe
2456	XMouseButtonControlSetup.2.20.5.exe
976	XMouseButtonControl.exe
976	XMouseButtonControl.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	XMouseButtonControlSetup.2.20.5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	XMouseButtonControlSetup.2.20.5.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	XMouseButtonControlSetup.2.20.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XMouseButtonControlSetup.2.20.5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0007000000016a93-133.dat	nsis_installer_1
behavioral1/files/0x0007000000016a93-133.dat	nsis_installer_2

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Control Panel\Desktop	XMouseButtonControlSetup.2.20.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	XMouseButtonControlSetup.2.20.5.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000af4e854eb1fd77ed011bacf53e29a8701884da9c4550aba8f7b512e8d4ea212a000000000e80000000020000200000005d00a1b5e97893915a84012a7e687aad697dec48a824c6aa1ee4743dc828268c20000000769993d0e30c92c709a3ec792cf2eca79c6dae44e18b52edcf919db5a595fb1f40000000bbad227fec5396430b8df44166f2425954914a65b452218f49e2d24caf03258ae14a41823de5bf868a199aa0d0848dac5a861e41cfe72dbdeeedd8edc230bbfc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D40218F1-6718-11EF-B58C-DA960850E1DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9006fea925fbda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000098d5c39cd08289f1995df92f06ed827292bf6bf207879b42fd7881904ed6065000000000e8000000002000020000000a1799707cd99f34025c89535cc4076c5199316c4b8fbcad40448a1c76a3f461190000000ae03d3f578b1361dd883d9481cb2114daa4f47bf7e8c322abfce24d70a07e5456b765cd8b36705f26aa9288df4a30b94b4f2180ccffb325f1e4ad7bf0c00d24f52e040f48e2175647a7fa47a8ff181a39e3714f027981bf329cfc063426f2dd39903a8306e24c65eb58850d170788c39c7f4d6923c6b86c7e762921990cbeda054028888cca0f6f5ff1f5a2f26ce7b7640000000fdc6cf8555aa0f1e7e4ff96cc258659215e3d814bbb1da28b791354e0f3e03e3252dab4d8687282145a11d2ca83ebd82d6fb6ff916ef7dc19b74f970f8609a50	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431216048"	iexplore.exe

Modifies registry class 33 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1556	iexplore.exe
976	XMouseButtonControl.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
976	XMouseButtonControl.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1556	iexplore.exe
1556	iexplore.exe
976	XMouseButtonControl.exe
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE
976	XMouseButtonControl.exe
976	XMouseButtonControl.exe
976	XMouseButtonControl.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 2360	1556	iexplore.exe	31
PID 1556 wrote to memory of 2360	1556	iexplore.exe	31
PID 1556 wrote to memory of 2360	1556	iexplore.exe	31
PID 1556 wrote to memory of 2360	1556	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
PID:2456

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2360

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

Filesize
959B

MD5
d5e98140c51869fc462c8975620faa78

SHA1
07e032e020b72c3f192f0628a2593a19a70f069e

SHA256
5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

SHA512
9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5a41efe19d0a6877104b22270911e903

SHA1
652bbcdf7467aa81b79ce8a31f4d623bd8789788

SHA256
0660a4c767aad8a1f440c468bd68702cddc3874a3ae6d6e53f6562e9a02befd3

SHA512
ab442eebf94599687356b950845769d78f211a1cfb9d55c89352e0e3b2c4ca11cf2a9eed6177d2dcc2de78ab38754a01677fbc17a869c31bd1d616d64ed43847

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

Filesize
192B

MD5
9c9b8353723d8503ebc46e91e6e43784

SHA1
e6e9a74b38823bf09691f9dcf06372aef88c1509

SHA256
62c980d325442b4dcdde1ef176f869e8791c31e40b17e96e419c580db0b58c4b

SHA512
c88409e2b30daf5ea3f93c7897ed72c2ffeb73fb17982c06daba36c23dc06b5ed5f3ebe65103faba53c6eef9137c01bfc4404712282b9914b41120f0ac7706cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4c3270ad483b05f6cbc4401b29cae4a

SHA1
70d438fa7717b650354a680be209987aabfaca08

SHA256
a04b3dc52ab583086e51eab9b717b56238a31f1f13f526ba78d73e869f9f6a7b

SHA512
2d0e8610a629c158a5ce34a97335753f4bc596e46e10167fa87024dbd248a24f2a9999572b8f5774ef72a005173e60f990ffb206c63e0beb0fb5ec4a707f657c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18f4ba61414665019a76dffec59118ea

SHA1
5a760a539e1b884a66c06fcaf159abb804516e77

SHA256
53911d5722fca127f97db25901c85409c1b81ce075c8d320479baa3491dd73fd

SHA512
792117b001aa639b7ab8040062b03773867f6fbec2251144c044c3de304db149695eeb4cf715111426c19a8abc71aef875fbe31c5325394c07b4614f5bafb356

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b7e33a19971f4b22f6be2bfa9329571

SHA1
43b29481ea251136fefe7429ff4bf2354dc550d7

SHA256
bb7e4a4c7e92943c156399ea4e0a5e0c25c7df92a80354fe83ac72631a2064f4

SHA512
03d8d3e669a45de984360c32600675416a3f447135dda13b3d44f06f52680b2c07941636b99d7c5e68c4e61910e3db8e37d093247c6600b68656cce066481a66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42de82e5c8e0b80ee7de7f6911bd72c1

SHA1
6c6249253ba7682161b087eca8e16d8d26863092

SHA256
c46505b01921a6456912082acb1f3f353c42ae908167c49757aae2db90504c94

SHA512
cbbeb473dc08bd405aae375f5d3736a4a3b405cf11bc326566e484ef9fe5d74bcfb765aa1d7b8f2fee6b4a67ee1d43449c04030da38b6781da61cbc7f4abc861

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2177f174d52c86eacadbb21623f58da0

SHA1
23c87a59a927e6d5f40bc9f960c69d51af59e908

SHA256
c77992b66fa8226d8c8421cc42f7727989a91440efb757a52234ca5a73580e5b

SHA512
f83976238f2fd68d9fd0b0dfe9529c46d2a9895985bfd2b94b0c7270e1c87fc1e4a2e2aa6c362ce29a41b732c1e6663d0dc2d2d67230cc21f6af73dc15775fc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5337639b2f95e8fd0aefb72319fb8265

SHA1
aaecadc3754f7ddbc46090c4a0b1c52564f213c5

SHA256
ba70671f54adef4388a999f934e71f7df6fa035cb55813114dc0502330dad5c5

SHA512
93614dd049bc4ea3fd1723693ad3c02083cf8a01e5d174ccc5a5995d237a521f395ca2c28ff585e0a43fce30b82cd8d656b897b489d026728b8342425b3f485b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
476421c06879d6f820fe0f8ec784a0c6

SHA1
f9a34f6fb57342a33ea8e7bf6fbf610c22cae647

SHA256
988f5e54b8da9bf41f674f49d5c639398a7ad7cf54aa7891f0afbf6008523aa4

SHA512
9de4073db90ab5a529263d8a9974b36068e9b228bc4017c8e9a8697a923d23453dd96e998dfead68daa200c86a6aafb7f916de1ebf03b8d5ba09faf1fd2f70f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09f85604099809f6dc80bfdd7d7bcc30

SHA1
1a65c02688c315568d919ce2b6cbabd1dc83eea4

SHA256
545d6cc938a9b83eabcd458ee879a873f22202987fbff4fea2e3916b085d4a91

SHA512
8a66056569d6c208dce73777a621c2de000e34ceb57ff279d0eb29f6e15b83ffc9ddbf8f5d601e4707bedf95a5b641cb04aa8c4a997dbb61f64c2f358f58822b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b86e306bd90752c8cf93f7b5d1c46afb

SHA1
a9e356f66304bed25383c36330ca9ecff86f562a

SHA256
0cf0c76b42ced56d00a5be956b86aa991bebc2e34eca92ce753a7a53ab0abdc4

SHA512
be524e037e7967013bdd8c9f0aaaed4dbf1f9eda8a8633ee825498e590be7d5e610ad6d92fda2794f3d9d8ff731706f772732d57dfb5a106aec874ef6ee6d086

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ee9408aa7227fa23482ad0671dd3fcb

SHA1
f34fd073a4063882041f443b6fe8e7ddfc71cb2f

SHA256
65cce8e2db2e131c9af1bc40dec0a9cb5af5bb7ddf984402f757fc547fe75962

SHA512
a121ce768693f28d32b5e3e6384f9500031fab38bddc9e6dba1c175cdeedede4028dbe35c4b28fdd0877bad31943567324f4831991410ddc35b8f43763881724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
759d1943762d757fa55a37abf3ee229e

SHA1
9a23957d42ef59fc657492441be7dc3ed92d2ffc

SHA256
54dfba829ba9bb2d7f1070fc9fd0218b6a4fe7fb1e43bb9a06f94a876f1f4be9

SHA512
6cfdd0c7697cf524f27e4bb36a1506b41f0425acdb1d47e8cb61a26f4b17b1850e652ca68249a9900274fda68d4ef3202a3f620b09ee920a0580ca41359eaf5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83d2ea0d542baf1e1637542d07b64b4a

SHA1
ce743d6cff68caebb93ee6d96177f6ffd1406c4a

SHA256
c6df0bbeaf96e62fc485be73859112498487f6a3b8a01e25fb24d6a394038049

SHA512
37e4d6b1628fa79c90bcda98caa6c2cac71194c5d5a1916ce40833eb2cee0e7a1dc5f1eeca6f0077efa238e6168644cd55d9a43fd5127e0fbd6ce0cc9200f364

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a65624bb9b6793ec0b642e13593875f

SHA1
0a0fb2567423e5abd893b85ffad43d1d7e129db3

SHA256
2aefe428ae73ecdb4c7323500d5fe628fd06e4622d6b15c1341af2e1decd4a1e

SHA512
e42c1ec59fffac2c1b2e1f9895fa5cafd15383dbb386267cb5168797bbd6cc31aa14c3410b1cd2cfbe1079b8b55fec4acb1400004f1db07d9e0f5ae7d910f7ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f90aa4b302b3b1003b5abe58faa731ec

SHA1
df9357a86f09c2b876989819ae0a18268c808f03

SHA256
ababd3efc47d1f6e1cdfaf44f8fa7f78a143229dc5131c40a96a58a658e83909

SHA512
e5ad11e6b44662de8c4f906221bed1d07c2621267b3b7c71f877e9c11e9ebe0e56a56ca632adc7134f5509169539a1720e348dade230a88bc3fe611930c725c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a115ee7f80d50853fadaa896ce6f9bf

SHA1
c551ec0edff806c39428c39625a976779d7353f5

SHA256
97a75e6c0c2a8833773b0de53f24f96378041e027966dd72e44fe859f1634165

SHA512
91fe2da9e271888e32e9bafbf9e0929b5c6a223c2949ff09f1a28b8c958e4a7a70ab8b0dbb69f0c097fcbccef5699071e60b9810e14bb2489c7bd349b389b834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5a04470eb7cbb3d22684c5bc5b52136

SHA1
6fa7cba9d40ac122991f8543e32cc70171604969

SHA256
8569e88893d997d0e64935623c3ca2e5e48374e4fa0849dff25818466741f48d

SHA512
bdf059b69948190332f760d1db31e0555e9a9d11b8183aeb9a9859358f6ce169b6551ed8b1a655a6971234bc9068773a48d019c1f0f12ad6fe84b11fb001e5a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15d6b512d663112176d9a5833f3b87fc

SHA1
44b43e60c058da4bf3b2f547568c5eacb952146d

SHA256
ead320e965e9cf1990aed74731295e4d47db6cd4096386081e4e0d2059b3b799

SHA512
c69b1ba113b3b15e042e7f5b93584fd11b407c2de311f1d2be81a0b142748fd60fc5540327db3ccbb1bc6c9151553d1055bbb150e70224302e2753f4f3d56768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a150818475dfc5072fde1ee87e46fbed

SHA1
6c50800ef057d99c7e8e94822d88f2a8c471e7b1

SHA256
b54177e7cfe55f3d6d119a3015bf3a2a661e93b4b90930fd2a6ef90efb59066b

SHA512
932b584a260339eca0a12edc02c1c3cbf9d64fbea5be97dc5d77e3325603d264aafb12831ba9060546924f82bd63bd0224c0c3e926200e142ae58f574ceff346

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9a5973a4300450aa7db243a7ea8d8cb

SHA1
200384427439da2c1bd8fe51367f2f6eb646ab5e

SHA256
2e9ef4634d5283697038dc8600df8c5402143a4d4ed538662c05706e62b94420

SHA512
5c4ea60a9d4bd21f95837bd275b343bb0146729fc3020e81a30eb095e845f465ac4b8bb9dc254788bb1947fafd9d93b0e2404299923e037729e7b39aaabe56fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb4514e40166ce7ac0977ec1a0d4b61b

SHA1
2e0314f82c9c758f959466302123dc160ddf4460

SHA256
c64669eebe7e7feac9451311a923847b89a233da0d1bc70c53b79944aba056a8

SHA512
b87ae283c8a2c0d3878f8d25554df615d9acdfab37dff3f08bccf21509631a63f37528b16035d3cd86cb35cd77ea57e9946384c3201a7d2e691823c1187945c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae333b044584d056b802295bb27161e0

SHA1
666c1dd22954fdb91d942cc4946ba033c17dec81

SHA256
65087e4c2de7c7f126c4b6b419af95ca220225867cbf4ca142d2dd9f50b8fd6a

SHA512
2f2f6ddf3454d62011af7a08c0a0f52a650c89b3b7c66670bfe53b24d6f7e15cacb4a2bc0b9c42b6c7db0a4a98fccef403b5acfc55fba423433bc67ec871fe23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a0d0b3116832a6e39c5ca095b8ffc9e

SHA1
710f891bc613484d10d666072e4581124452671e

SHA256
9daaf6d376b8f497e164ca024e34f580fe461b412c7956d4a598fc440680ef46

SHA512
3fd344e79697a7adedb6ea8941867856cc3edc18523251f7270cc04212c2a68d12c8ce56b8006120ec1c4e79d7b96e10c05231f0008f8bdf44ee3a5527a25eb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31e2905552fffdb8274468eac51aea47

SHA1
ede486c959a4783fcc09fcaa9e1e2110d5261146

SHA256
901e59507d2dbd30bcd28a948a458cdfc15a1bc051a7bb00f92a09baaac984f9

SHA512
13c052725b27faeea0d8468b13c08af8348bd22095aa1d2bcf3fa99c8750df732fdbba04aee467d3ec991a5ca717565bfe0c1185be36363e707d11f9e7c1de43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8ed16652a04b0cb307f819760665b56

SHA1
83138bddcf592b33ac2f58196156b92c3fda167c

SHA256
c6978232389246b4cb5c1346e94f9fb7b61ea9a4711ad396400c88d6ad46de1b

SHA512
6dd563603f60592ea95a5cdf2c950d73583eed3f11c7e3d1e2d998d747b3ed366bb8430020497e286ebb066ae094ea558e3326c0b02f3ca53371bd2aa8bc0a8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1b2478bf4b558194e613a4e2a50b841

SHA1
21c27b83bfeb355fdd9b45f6e56935a03db44695

SHA256
10c82f7b4831ec2518394859a71fe86cab23b2269595e2c20ac40f4a0db5a4a2

SHA512
2da64e943cc5f4ab9dabc35af27717fdbc5bad35cb7e88475af1b5c66d1bc599276acbf896712c7ce4ba87bc0be470c187bb56ccb5b459b53d0c3f5ee3cfec55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
6ff91e677e8bc6ba3ef671c0d8a8aaa1

SHA1
1d165d48d9da6b1cdc9de7654c94b1cdbaa778fb

SHA256
c5786b34d7f02d0ddf5a07edbf34f5f4ac1c77b0cdf57630b5dbf99b01e4228f

SHA512
5d57f451ab4e509a0a78ff0427eac9c03f0d5b9edb9780c86ac35577e20c5ed97cdb430e5ef715b127197637ca06360ce7ad7e4aad90734efaf16d068926d659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jmgc6we\imagestore.dat

Filesize
3KB

MD5
076f00d4f48b4f2e21d2c79a7c18c19a

SHA1
5ec838549e218e65c6e84204424cf94d30a6e232

SHA256
f83be9576527c4327789edb031f17d4cbef0b20e3f46b6747efd08825c6ee094

SHA512
ded2937925493baa06ba28a14e9e076dbe4cb49f8db80fa3b270e0c55c2ea278d436ac85e85cf42a4d0e0ca24df256969ed1aeec58a803f70011632b980f6707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\xmbc[1].ico

Filesize
3KB

MD5
1279bf31d9659ad2017369ec1b90473c

SHA1
0f21c5a8266c36af7909118899e1fa07590f2df8

SHA256
74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

SHA512
18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\f[1].txt

Filesize
182KB

MD5
e7f26c905dc8b390fd772b46aaa8fa06

SHA1
fcd895380e1d1c81dd46a3b29db578ea85d61c1d

SHA256
6f271a3c51ce392076529b00b96b6f42288ffa50e72e5431146fced8fc7655c7

SHA512
2da163722c97e2aed8bba37bb2fa47bebaf3cb779c93ca2de20aff81897316e99d1ff876c474c1405c1872c1f1e7cf4bca9b6db717730118c56348f03a23f992

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab81FE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8210.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskE2F2.tmp\ioSpecial.ini

Filesize
709B

MD5
7ed5c644c0aac3ee4012fb3b6b0f5b31

SHA1
b26baaa85c7a05646660136e81322611344c1e26

SHA256
121ff4bc357d0797a9a3be56a2d6c4d9c34c6d0d19e8ad40d9f31acdee5e9086

SHA512
ca4609033b9c4f9d39a45878ba2c9a4adf34d0a3458989c8fc4319e9e4269f3fe90d240c30d34443a148928985eb66ac925a6824a335c36954be8502455bfe31

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskE2F2.tmp\ioSpecial.ini

Filesize
726B

MD5
400c7db786ed4f91f6660bc2dc8d991e

SHA1
1d9640fad2534f1c1104e1301eac8da26572475b

SHA256
b3d61621abd2cda2d4f8764477843ce03819d014ecfdbac148d558a1a239cb92

SHA512
b47550ac0f596ed7fd59993bc044b48d94f0a1e6ec173bd813ebafcc7fdf1917141aab46b83ada0c666e440608a34701b1a261dab1eb648a76bb46ad9003eb38

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskE2F2.tmp\ioSpecial.ini

Filesize
765B

MD5
08b642bc805a363f3303e16787867733

SHA1
416a4e6c7be3a03bac16be1de72969f3fbb19b01

SHA256
63b3b375c634e2496cd1eaaac3b128d31568a6828c25d3eeb5bde21667304bd3

SHA512
4674de571e4db2f8f0ca0d89ea94baa400544e84d6fbab9fce7d574187abdbb9cd483b804df55ef32ef5acf07a6931992f15e5ea95f4da4e58362c4e2a082537

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe

Filesize
74KB

MD5
bfffc38fff05079b15a5317e279dc7a9

SHA1
0c18db954f11646d65d0300e58fefcd9ff7634de

SHA256
c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

SHA512
d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

Download Submit
\Users\Admin\AppData\Local\Temp\nskE2F2.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nskE2F2.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nskE2F2.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nskE2F2.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/2456-232-0x00000000027D0000-0x00000000027D2000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads