2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
132s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
30/08/2024, 15:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

XMouseButtonControlSetup.2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1168	Process not Found
2352	XMouseButtonControl.exe
2764	XMouseButtonControl.exe

Loads dropped DLL 16 IoCs

pid	Process
2440	XMouseButtonControlSetup.2.20.5.exe
2440	XMouseButtonControlSetup.2.20.5.exe
2440	XMouseButtonControlSetup.2.20.5.exe
2440	XMouseButtonControlSetup.2.20.5.exe
2440	XMouseButtonControlSetup.2.20.5.exe
2440	XMouseButtonControlSetup.2.20.5.exe
2440	XMouseButtonControlSetup.2.20.5.exe
2352	XMouseButtonControl.exe
2352	XMouseButtonControl.exe
1168	Process not Found
1168	Process not Found
1168	Process not Found
2764	XMouseButtonControl.exe
2764	XMouseButtonControl.exe
2776	taskmgr.exe
2776	taskmgr.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	XMouseButtonControlSetup.2.20.5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	XMouseButtonControlSetup.2.20.5.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	XMouseButtonControlSetup.2.20.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XMouseButtonControlSetup.2.20.5.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000018c08-133.dat	nsis_installer_1
behavioral1/files/0x0006000000018c08-133.dat	nsis_installer_2

Modifies Control Panel 3 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Control Panel\Desktop	XMouseButtonControlSetup.2.20.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	XMouseButtonControlSetup.2.20.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Control Panel\Desktop\LowLevelHooksTimeout = "200"	XMouseButtonControl.exe

Modifies Internet Explorer settings 1 TTPs 42 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF9C07B1-66E7-11EF-AD83-5E6560CBCC6E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000e60e43383368ef59c2f8c4a3f5a29812fd3f0414ae2dfa8cc0fa4e95f31420c7000000000e80000000020000200000002c91877eb4cba444298cd7efa4b9bb33722aa42a9eddd43cc6c5a8eedb461091200000004bdfe43759dfe7b7971b126d95072560ea31666aa2ecc613dde774bdddd5389f400000004c36afa0e0bbd308f03392e188fac347696aa28aa7a4a18f67367de03f227443c3d60ed32a4754420af6054de6ad22a8c4fc835a431ceba19412acdbb74805cf	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000001339577d071598afb65db424856f0aaf8d213ff6e260d041a6132af3ec436b64000000000e8000000002000020000000fafc02dd0040148c552aa2df8ea58b55e686ef824b5df1b0c40aa049008e13059000000040ed1ca8fae36738ae26df256eb71a6a52b7c9864ccc6c8f0875e4215cfdf290a1fd9c1d671445a0c16eef04fe9f3ee161669f8f1a741de1e0f49bb9bc2b4c956ca6e2d057bf7d04165e772eb012b1fd075f21d48e9d2eb5230ee0624f0fa2ce7dafc231645d6d36fe27d6cad85ebd05ec377ca09714ea1629c523b94e7d0955cca0c3c6a7222b21d43e94855a819a3f400000009a7e3262d98ba6099b55a7a5040b689304d9cf6f05dfd794d3d4d44469da308cc313a12caaefb55c72a6aef76371bd84ed43e353e97af42f194d18ac33fe32bf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431195022"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff790000001e000000ff04000083020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b00b4abaf4fada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Modifies registry class 33 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	XMouseButtonControlSetup.2.20.5.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2352	XMouseButtonControl.exe
2776	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2776	taskmgr.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
2268	iexplore.exe
2352	XMouseButtonControl.exe
2268	iexplore.exe
2352	XMouseButtonControl.exe
2352	XMouseButtonControl.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe

Suspicious use of SendNotifyMessage 46 IoCs

pid	Process
2352	XMouseButtonControl.exe
2352	XMouseButtonControl.exe
2352	XMouseButtonControl.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2352	XMouseButtonControl.exe
2268	iexplore.exe
2268	iexplore.exe
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2352	XMouseButtonControl.exe
2352	XMouseButtonControl.exe
2352	XMouseButtonControl.exe
2764	XMouseButtonControl.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2188	2268	iexplore.exe	33
PID 2268 wrote to memory of 2188	2268	iexplore.exe	33
PID 2268 wrote to memory of 2188	2268	iexplore.exe	33
PID 2268 wrote to memory of 2188	2268	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
PID:2440

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2188

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Control Panel
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
379d7a0438ef2d8fc63d26cdad9ec32c

SHA1
d0bad640db6d94ce499d5fbff1355162856c75ec

SHA256
0c0ca3f7bad21eabd63edd7abd7b11a79c6e925dd838609222ef666dbed9ac75

SHA512
a13a5d4a8b223a227d589ce39c26a0ce5012cf44e9b55e81123cea6c43d555600e9dfc2728795524081dcac60e48875db9c117b67feeba32eb232bf90de2e0be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f66a829d453b968ed365ddd6e03b4894

SHA1
eced98147e8b12b766252120f6a76b2b3f8c7a9a

SHA256
b4fe7877c5bbe11927e695ecff6fd0927e19456779156c6c71c46eee06857b54

SHA512
49d3adda29d07ed58aca9a05a8186e354cb81af393408a325350b243bc594a4ddbd0cbd3f68c4f07fbad28dcef1cd0447796569829bd2fb003b3785bb88c14d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89c0fe6893f4aaa75bcdc2468ce1f7d5

SHA1
1e5db8783413d30140e30c7bda7a81238bb56a18

SHA256
e5d76adfa126d87068f8218046f66c6d406cf66f8c9d5f4a3395da98581b46e0

SHA512
3786f3a5575be480ee04aa73d20685c2d463a95c98944d5ad5a820de3bca007cc5555e26628404761aad53af99ab56cfe38902c4a00dff89cf09ee1c09648d6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9efa281e6f96d57cdf84be732276b7e7

SHA1
e68dbfdde4e4b938b82e6b9f0ab18d52356618bd

SHA256
f49594aa5ca4e69b64f54083bf9013a1da9efdf3b42099a05deacc6398039a95

SHA512
6920b49aebbc685ada0956c8e830ea71c1ecd875ec8e1140bf3d7dc985e034b9f887c056ace97b9c9706f2533990b99d26e95c64aeb710311e8856b9fea65609

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fba3bf9cda8cd068ba13e67f2f846ae

SHA1
8b9f0f35d78bf15b1283418bf2de947c2cda0f61

SHA256
6a0af642fce0bd6687a79248cae00785bdbbb41b4020f1721670d3fd4a0205d8

SHA512
1d9aaa9fc8ec5444ad01a142b59c53417d350f5d1573e6f1eb8fed11f77ae6f1ef8cfc029e31eb50274ef728b5112c55aa0e1873777e1a5d87b922da783cedce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
965f8715b77a3ffed721d3ef0fa461a7

SHA1
72b36438651488ee4ca24696cce15f6224dbd446

SHA256
8e31138bb4a9f96ecd1284789e48573505ec07fb2b84a3732d722069f8a553bb

SHA512
72ff2c4f274d53bfdb859caeab494c1cb174bd4e3988a4538193950d7241dab5c7f4ff19d67390c432bb6563aa54d8b3ea1717af7e5935c56d4ce414083af547

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c25ccd0b1276e5282942c54d73a9899b

SHA1
ee83f2665ff5e49b39c8369ba0a9e7ce99b80eb1

SHA256
6d19b8ede8a04dbd119e05b6a617d7129b1a39fcaec76eb2423a78326a3af39c

SHA512
56665b7f359dc4b8c95d7e8941c4732315304e314e57edc98198c6a5eaaf4afa0998a740e44631172cdb74ba5ac69342bbdd4077b7d5df98d2031a2589bb5892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e8ab72d439dea513f7da865c8fdf83c

SHA1
96a2ac80a3a1d38be96c0fb5a6b83b816c3baa6d

SHA256
c53c9da3d57169cc0765a3e91c5a860fd6a853019296b392182956d2f4676c14

SHA512
438aa3e050bb36683a85cf8c41e9e61f64af5ef2a02fbc7efd9d6b11b643e86b403922eb64f7418b6adc766772d2e517d8364f175f54274b61e0a29e9f2bbdab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0000116f950c0a1562ced8fa20ab887c

SHA1
332869b14d32776377b48cee3f2e58345e0d6966

SHA256
6a3e1f015a4be1b9ad995ce6c7db1deb5c4c017a292e3206c3f1d10849d449f6

SHA512
177ac5f4c2532ced2a2e233a68558a64bc67233f8bdd2860f526067efa3023f1ae1301ececb927be70f5a8792fd88890e1132c771fad2a975ede1aee759757f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52bde078b9320c76be843b3bb64edef1

SHA1
a2510453010e49479368c46229d81915963fb4a3

SHA256
c4b9e56de5bc748ffb46b813f391a6e60919db50bb32881b2fcb9615b95a3c85

SHA512
c003c4adb6e1fbb6063008752cbdd96f9901327db0053374a0eec5bf656df17f8e1751dbb7bba28a33a3f54e2a7d6958e0f4225a7169f6b26714c26edac79074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29f8b73afe38431a59f418b0a83857ed

SHA1
9d9ecf4078101ecc777af068c4dc60564b7df676

SHA256
cf9074c277c3127ee4a7496dc099dacb91ad236e8ed2898a65cd452f6401fab9

SHA512
be177241c3e75c57e36c7d7abeda19b59b9d0a06ee867b148cf1172c56ab77a8c64566e8da46273865273abc1e2312eae29ca106cdd6c26fc8ac9000d0e112b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be59865b2976a6a013500f2d9f68ee40

SHA1
c551907b3074df6b674fe49aafaf5fdec736d168

SHA256
f686281e543cb34c1f2889c86414314ee343a0ba4df5bb8689863dc6f8da2ea5

SHA512
d3da8e24d560b5b4338b0ee6edef06c383bd4d36263b3ff0893bf77923f82e082c8fed5ca7144899ede705a01a019c0d3742259bf68f6c9706074b999a64c9f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbe56e10ff41719717a2310e57bff482

SHA1
dc8a2867fa24095372faaa993a958ee8d8b19513

SHA256
472fddd477bcdfbb491201a0093363b654acc9d4dcf4916f4e64ffc7c9b68b31

SHA512
a252761de100d9f228a0921558af9eef601466ddcff769471a18570f74aeac14becc8df504e3469a3c51f47b1e84c2cdea429d4d61d1bc784131eb4bf9091c16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14e1b04df24c4d1ae892bce066e4fb93

SHA1
5ea84d2e6811394ec818b71554599fb601a7ccde

SHA256
b8a40af8077466abcf94086686870258dcb627df1c3ea796154ea9d7da8eff78

SHA512
5f603cd47ab50842e5a2c8c5f2e942e5685fcb1af0ae2eec55c20929bcee54f9c024bd5f61f9f6236b9497878a4b5ec07d745a31b0d4ac03b6efec59e2362bdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a4c011f11217cfe02b7e1879adec4ff

SHA1
55e30fefff277f8e4c86ce5c52b2c827c0bd575e

SHA256
38f7298077e4a5defe20a1f542b7e70e5bba4d31b245d2c7031b641eca009c58

SHA512
2e15d206eb87a1b53dbd133732868a53e5d1bf754e33e72c478a377fd1f98ba846504588867d5c5dc54f908b19075e387ddc6b7e1bc017ea9cb85ae0572081f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
745dfba3cfb67bb6ed23f6848d48e244

SHA1
0dad561c01b9f61cf6a28bcf00deaa0b22208db6

SHA256
c3545066cf5b1f5fd1571e42619fb1f277ffce1cedde3ee7a8161cfca6c8073e

SHA512
9cb420beb06acb91d102f856e5b60a29b00c275622390a93e541bbb6408f2a724a2035b3f97890af95e53dc1349d3bfcb5d3cdaf06135ed0ea15f6db9263cb74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5bab260df55bf825633a66ae2442d0e

SHA1
3a81c00d152594157f4e8ec11c87dedbeb8a2b26

SHA256
75f63ba043a3ffa438cca0b8944751a45df9bb0d64d4dcf5afc9eb4f528532fe

SHA512
2c38c3c348dda595f597105be2a82992009619047055ce0cb26846849271b3fd22ec7e8993073c26d4888c709e93013802b62be206bd3aec5a525c47a2ea17aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65b92236a3890911d081356805370d57

SHA1
8f5b36c80fc64089d31620ba88300d20996bb596

SHA256
b23a6f277cc969b44c523c0aa8886e61fa0b05100484e034288878d953a418a2

SHA512
a74b5c7649f57fd6f6477146c505e2f2e568bce15884521e31c7aaac3e66ad5ef663608a4d08aca9285190569cc3bf52559b9ecbc6a985b2b5b1073c94203634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
509559cdb7d760e86e6bc26058a61a12

SHA1
d5f326426c869ea8f15d806c2de15eceaca1be37

SHA256
3b16641e92fae4cd84d318ee6836f7ba9d7df8bc0386fb475031b2745960e335

SHA512
51305643a9228630738c9347b6f9e7b504e403d6a367f77c714c1db2473eb6547075733efdb6d0217c2ec2136546c72ac98ec2cd0b417ec31d17c76d628ea0be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
271087791984eff574acce2e7317801c

SHA1
03f14c297f8eb9722b7033b50dc3c4fc675e0c20

SHA256
1b9bb4ca2ac2efa56dd9fddd203b62bef129807c5bd880619f34d645b4150f06

SHA512
a243d12806a48382f61fdd1487632f816fa246466938d4506c4bb5a5c24dd2ee8437b73e518f00ce56f142585fc2f3587c7d5c9085a4b9dbce184326462a6834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7490d1b0efa518e9fbbdd3a3710d6e4

SHA1
342db90ff5fed22f789a8ab54b05fdae94a55270

SHA256
d25e72e1f4cf6e577a1d19ffe7c5707d6ce9a4dd09ebc075b99f50f7c06565e4

SHA512
536eedc7dc448ba4092c5fbd48ced391a221ae35820ce7721208d161e7ab962c6fe3402ed5171e109cf8f1c6f262d0c19c8564a01ac07830eca2c23597f95e3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b9f1ebf07e47e294e53572088ce6950

SHA1
46536807c21e9a5996b3840f537f50787f4f447f

SHA256
2ee90772c69b6952d73b6ef4186a41a75470e6e49b2140085a5cca424a83b967

SHA512
aa6fef7413de2adf3cfbc8ea474a3ed61883459af87701eabe1585d8ae6e2dfbe1fdca9fc12c49c1f4e8c7f440d6b1b6f75c3f58dede8e5b0f56489d33f58930

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb4d65bd267537c574a220936bc4343e

SHA1
5423740bb677129ce68b19760515083b9c10ec89

SHA256
2f57073bd94aad7176c7c15d78c0f88deb9f6c13a37efd9efbe0fc09112c0c16

SHA512
6b5c9600c247c02e03837371411500770d4792c6428ea2df1f9172c92f4af0eb620758f526df23e5e91ff7dca580eabe2e9cabd48305902fd40286ab3328394e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
5fba4fa5fba2c095acf1e79a2b7a17ef

SHA1
03e2f1c4a0aa6805ea39d591425cf2805e6ab611

SHA256
2923b95928f3acf63ddd77e3ea78dce0ed932e7e0ff8401c47baebb0f0a7acea

SHA512
41da0be8614f359ef18d4cbed439fa4587b70718f20d3e8446b9b041b9b8d86f712044fda536dc6562d415efe1e14dfbce5976bbe0b0427dacebadd77dcdd0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\hqw8ypt\imagestore.dat

Filesize
3KB

MD5
ba2ac8975839ed74a60768a593fb921a

SHA1
19d52a55c75301199f9d4f001f8366e5dbf9ac2f

SHA256
b9d09b0c46af876071dc3544baaadf4b77019f0b0ff5f929efb1fc5609118647

SHA512
71f3398a6dce55987ae10d745aaba8e28985f9afffe3e8e0212110900823e411e5f1b6e1e21c21c40b0ed14585e4f4ec9fb848199eab4bb3e2b09f6e9d5a2849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\f[1].txt

Filesize
182KB

MD5
fb6a53270e9e828997ebc45fbbc63dc6

SHA1
90d4789d956da24fbfca85eb84623b4d7de65db0

SHA256
19f8a058279e02a26151688a3a132c87669e150ca38fba757851236e0b527616

SHA512
67d1fd25c4b41fff6ec73c50747868046064d220ec233e5b6bd8cf5815e218bceb7b329ff3af6debb2cd603658d630f4b6673ef64ba002e7ad23db575ed0e883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\xmbc[1].ico

Filesize
3KB

MD5
1279bf31d9659ad2017369ec1b90473c

SHA1
0f21c5a8266c36af7909118899e1fa07590f2df8

SHA256
74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

SHA512
18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5A62.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5A94.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdB711.tmp\ioSpecial.ini

Filesize
726B

MD5
98fc7071c44f4bb5e66941d938649a03

SHA1
34628c81d34ac8ce552592b5013ea48ce242c6e3

SHA256
344dff3e4d611585a47ce0637b794e99fde98f8fb1df2626453e6d9ef4cdcd65

SHA512
05c3c6e8f3d383819445d4538a9d5ccdbf61feffbfbd3e8a5bae0c2091fdb8758dc2aeb4a158ad3728686245f0628ec1665c9318101cea9edfe7bbd3d14dff2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdB711.tmp\ioSpecial.ini

Filesize
696B

MD5
517f9d320762feeebf9d1a434da6191d

SHA1
b62f2b597b2204763b074359c69fd95cdd7235a8

SHA256
936c63335ad47c09e4439211c25e39a7e87c07a777d054a5e3e9a73e3974de3f

SHA512
85549a3dee25b91cafbc50448662ca76a4983f046dedd106de6f7c7ee7ecfa6f6d850d5511b8e364c75f36c463624c4434b2075cd2ae7e0a60a9fda133dc196f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdB711.tmp\ioSpecial.ini

Filesize
709B

MD5
8802e2e013b94204ee686c39e7928359

SHA1
8b2b22a0b7486a98b417f1cc7e6945888a3c995a

SHA256
e06e144a1017aecd8443399571851e7af180fe9f78888bfa5b7e00b1b8ca4bd5

SHA512
e66a2607cdbe4cfda50b39f46780170b59e826b4229ab0e0c135fa81dbe859d7ecf2ae4ffd164f67aeb7601c14bd4769495c7ee75f8900b2cd8501dd2b3400f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdB711.tmp\ioSpecial.ini

Filesize
765B

MD5
3df85e510fcd5ac2f7e59d42a0cf8537

SHA1
57f511d4cd6bf58ba9a659bebcd4b9ee4fd0921e

SHA256
0b3eb0262e4dc308b1b0fdb35cad4c2f1138145426e1331f09428e0863ed6b73

SHA512
652b64fd87d0732623cb668de23295442ab832bff32e69bdf983eb26846124f35b20a965bee2cb7d97b7392415d7c74d77a945ce49946f78f571295bcd5b0a24

Download Submit
C:\Users\Admin\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\Persist.xmbcps

Filesize
16B

MD5
4ae71336e44bf9bf79d2752e234818a5

SHA1
e129f27c5103bc5cc44bcdf0a15e160d445066ff

SHA256
374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

SHA512
0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

Download Submit
C:\Users\Admin\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\XMBCSettings.xml

Filesize
41KB

MD5
c0c5f91da9480fee3247f944bb9f6d50

SHA1
b80fa373e20e9d4bd4b7912f6eaf0d9c29cb0ba0

SHA256
ce7a2ef47f29f253f698e5ad3039424f11680ff6c9c358c3401dc0c057553f75

SHA512
c27ac779c9b2b7b3baa71fca97fc0b7985f78e63d2af887362ba25f593777b74138b638bfcbf4cfa3214301129b675680cde7231299bc12b2cb4325addddfa50

Download Submit
C:\Users\Admin\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\XMouseButtonControl.log

Filesize
5KB

MD5
185bde34f9fbc099ab7d5faf9fc8e1ce

SHA1
ed5025bf0980f295081209ac8d6fd067a0b466d4

SHA256
ee062636f59a201d46a9dd326db329a2fe1cb0f2d85393557f8b458419362c29

SHA512
7be833cb780367462fbffbfa24184648f54289c119898f5ac7690172ea58ac35d54cd86be023b9fe8523ff1ccbdc0fe19a11c71cfc931cebb5f7f891e6d60ec5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe

Filesize
74KB

MD5
bfffc38fff05079b15a5317e279dc7a9

SHA1
0c18db954f11646d65d0300e58fefcd9ff7634de

SHA256
c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

SHA512
d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

Download Submit
\Users\Admin\AppData\Local\Temp\nsdB711.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nsdB711.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nsdB711.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsdB711.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/2440-232-0x0000000002700000-0x0000000002702000-memory.dmp

Filesize
8KB

Download
memory/2776-1141-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2776-1140-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2776-1139-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download