2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
72s
max time network
86s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMouse_Button_Control_V2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1208	Process not Found
1388	XMouseButtonControl.exe

Loads dropped DLL 12 IoCs

pid	Process
1960	XMouse_Button_Control_V2.20.5.exe
1960	XMouse_Button_Control_V2.20.5.exe
1960	XMouse_Button_Control_V2.20.5.exe
1960	XMouse_Button_Control_V2.20.5.exe
1960	XMouse_Button_Control_V2.20.5.exe
1960	XMouse_Button_Control_V2.20.5.exe
1960	XMouse_Button_Control_V2.20.5.exe
1388	XMouseButtonControl.exe
1388	XMouseButtonControl.exe
1208	Process not Found
1208	Process not Found
1208	Process not Found

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	XMouse_Button_Control_V2.20.5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	XMouse_Button_Control_V2.20.5.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	XMouse_Button_Control_V2.20.5.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XMouse_Button_Control_V2.20.5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x000500000001924c-133.dat	nsis_installer_1
behavioral1/files/0x000500000001924c-133.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Desktop	XMouse_Button_Control_V2.20.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	XMouse_Button_Control_V2.20.5.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D2868591-6CB0-11EF-AE26-F245C6AC432F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000fd481b9a31349c32f0c937630958a288b667c848f0122eeae63e69c612d10c21000000000e80000000020000200000008be44209e0af78a75ef6658975c70a0ddcf8eaabb1a778cacd5a5c8b15ca049a9000000002bf199b62886c0edc642689ca25a5d99df62252a62025bdaf067f102f4e88d9cdfcb82dcbef992c67dfb0f0680a3c1c9dfb9fbfa555ae3e5198c5466d1986c9ff8b4811cbd87bf94d08df0ff5c95574e10b1c6e6f701c57943b60e17268e53261d1ce216f42d01aac1749fb712c9060a258f156bf1bf30dc03af1b8d20fbb980de84e7e35d969fa6c50ec389485b48a400000000f0bb95ed0252463332fd7b8efbca3d95d45da7210857f3bb015be69c125e502e24b271511ca581b0250b46afdd31817420e949e0c39e3f28cb65ffff896c354	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000007efd755253836d7d01866e407e3f7a0b8f71d514df418475a9759e65caa4b68e000000000e8000000002000020000000e853b6948a917b58c9332db09f7a4dbea21012f7570e4c929a13833c391a35a920000000df477eec9d693a64229ab9ffa1f1944255bf29ef27e730c444c06a1dea67c59640000000bdd592c59e8fe094953dc94eeb38e350b99e2d6bffd7d8cedbdfb24efdc39364ecf35cf5fbafde27b67fc33bd9fdec7b13a271ec3c19f58d7a2b9eed79ef1298	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 706715aabd00db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Modifies registry class 33 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	XMouse_Button_Control_V2.20.5.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2104	iexplore.exe
1388	XMouseButtonControl.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
1388	XMouseButtonControl.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1388	XMouseButtonControl.exe
2104	iexplore.exe
2104	iexplore.exe
324	IEXPLORE.EXE
324	IEXPLORE.EXE
1388	XMouseButtonControl.exe
1388	XMouseButtonControl.exe
1388	XMouseButtonControl.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 324	2104	iexplore.exe	33
PID 2104 wrote to memory of 324	2104	iexplore.exe	33
PID 2104 wrote to memory of 324	2104	iexplore.exe	33
PID 2104 wrote to memory of 324	2104	iexplore.exe	33
PID 2500 wrote to memory of 2024	2500	chrome.exe	39
PID 2500 wrote to memory of 2024	2500	chrome.exe	39
PID 2500 wrote to memory of 2024	2500	chrome.exe	39
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2872	2500	chrome.exe	41
PID 2500 wrote to memory of 2600	2500	chrome.exe	42
PID 2500 wrote to memory of 2600	2500	chrome.exe	42
PID 2500 wrote to memory of 2600	2500	chrome.exe	42
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43
PID 2500 wrote to memory of 2620	2500	chrome.exe	43

C:\Users\Admin\AppData\Local\Temp\XMouse_Button_Control_V2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouse_Button_Control_V2.20.5.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
PID:1960

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:324

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1388

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5559758,0x7fef5559768,0x7fef5559778
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1288,i,12063123138352014316,9680704135835267400,131072 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1288,i,12063123138352014316,9680704135835267400,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1288,i,12063123138352014316,9680704135835267400,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1288,i,12063123138352014316,9680704135835267400,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1288,i,12063123138352014316,9680704135835267400,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1288,i,12063123138352014316,9680704135835267400,131072 /prefetch:2
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1288,i,12063123138352014316,9680704135835267400,131072 /prefetch:1
  2⤵
  PID:796

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1332

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /notportable
1⤵
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
23b47f8284f2429a255898985806ea81

SHA1
3a839cd58c70540cf7c1473dafd044ab089ab54c

SHA256
9f94faf3b9c99edd5a6a1bdd64d96410b9c125fc1d384a47d80ea8b02bf09b8f

SHA512
70d4bee1d12812addecc226c4aa95dca7d8b173a4e2f671257707c767d4ac099dd2b8bfe68f01da227628a9a2a6401881ccc81d3fdf191d538787f5675caf6a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
417ba3f05fc0c3e78c1f1e129a55d0c3

SHA1
99fcc72609cdf1be89acc0ae9db585cec673f1d7

SHA256
35db3b649fd1b3fde08a3b952573c08301fc7cb5fee44e571903ec73197c07a4

SHA512
08234120481df2c1eb2df226dbca4a06c9b090e8a11d2f47d4c7e41a33f3c2b8834613937e8fa32aea5c4afa0d24a3e68c2a2a5874c5b0d18a7211ce7e5b1137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
6c86473f408dabecdd0403ae427728cf

SHA1
efa1a6d4346074a26b02d2626820a1ca65c6d096

SHA256
5ac2cc8f2f7cbfdd9c7418ccddcc50d185cbc39df3249ea3b35054ccadfc418c

SHA512
ab5d7c55b131264cb3a933d21c41be8d7fa80eebe36e1fd58a38a70db08bf5b0f86eeecc5552c9c94aa913aa7c63c11e5adb43450a49241f1e3aa24ab5bc5340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29be1546f586a97f6a8df247664d6ff4

SHA1
92140d0303143619cf3038a7a35077717908453e

SHA256
bd25bfea50300b22bfd092a675ade69bc39d6f35e471c9ee68512d5f86bc4b0d

SHA512
7c7dd4217c208f95b2b8fa484c2ccbb2e2e47137f8431526c3dfb0b5b80b7cd4c445046d728e2ea7e44444c789cb31bd5754ed777bc47d122ad23afbe1b5d871

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d5f5a2e4e7d736b0d454c95608064a4

SHA1
afa6c2ff47c3793c319c5fb41077a56cd3ce3093

SHA256
0be2ebe06f5738a7d967d2010a3ee9e2284a45b0b965015a07e9edfd656a8fb5

SHA512
6a4d97cbe3696a184305c3ff9740347117089f2ed084500177dd34ad14c640d3ee7a7847477f8f834eda2a80506805d0026e80356c95e1e355a7f3bd2d36b980

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ece6c004a2b7145e27054ad43342baab

SHA1
ee14a6fa2261cbade80cba7950307878fe70ee32

SHA256
3e150eef050abeb36cc4e9e3b3b953a39e368e031d0a1b316160076c57a4bc19

SHA512
f608d24809f94ba530f961c63419f621be02288f107276bdbed4a0ebd61f34c9c6e2ddd14d8e24bde8a3bedf99e32d588a6b9751704bd86039de2a2abe60f308

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05d5d8e786b025f06ccc776132a17523

SHA1
2717a13ed0397646f90bb210df43ffa4555014c9

SHA256
1a6ee46fa7e38deeb965c323833ca3d4cb0264f3b6185f6c0ea83bb158374883

SHA512
8b702cc066a17a82bc4138cfd7d1c24d801d3a58f2f7b57792ec5c81224b7ebed8b824cfe07e6566cffcb05238d7da09526a0ce24b4f1222595d331642751ba0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f9c82e8ec6071906347bbda0336a0aa

SHA1
236fa5d65e2884044534aab62ba2bdf9924ed43c

SHA256
6dd2efba5e2c612981e7451daebc1be89fab03e8e9c48cb6cb3c1036bec7896e

SHA512
38a691c4d702ed063d0d235d220d3a8643a36f6321a425e90af65e1edd6250ec75ea2f569dc06a7f02b0c6e8891ef5d4a9bac3eb3c773020a252052d06cff3d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ebfff42a47c65b00aea2d2c0c357d99

SHA1
cdda97d7a30ae67ce67a0e43534943e60963fa48

SHA256
1c908803b5a6d7da64154d0aae9c26389bbdf0270de3eead36f034b2b7c517d0

SHA512
a584b54488c4c8a334a70aa0782fa6ec793da58c3d776188c4199312aba39567d26aff61fb72ab2cad64f8cf5c2394117a0feb44febe9cd86fed216abf3eebb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70c698a81bfe4b328dbd3d05e0f1cb01

SHA1
3221a922bf920cf264ba61765642530c672092fd

SHA256
a330ad56b0e590c708187636ed020ba0312a337b089900ce2546a657f9209785

SHA512
a32d393589d58db8cb6e656cdb9ff7d3b55644bcffa08a72fb813606e9d78ac1b7b38ec4fee458318c881ebff7985e077ce77d618079138435b2f42e568ae6a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7eb988618ccbca65dfa573243756fa71

SHA1
4bcd7a0af0ae5ac190f8fa9aa51dded7750c8987

SHA256
c8bc670fdffcd5b9279a02a20bbc8ce32e7d00a2c1c433ef769b08aa38bc5510

SHA512
54404a26d8b4a26db1babc85db7c22d882b67559729ffbe83afa36209004149f5325d8b45ae4eca28ee9f4fe58320fa922b8dc0c4bcc2f6bcf4790cd66e52372

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ddd82a2ac4080d9b35ad455a4e47c09

SHA1
fa2cb7468a151273dfd47d164d54bacb45d11f65

SHA256
3d1b823936c161c5eb11fb24bbde32ca661a993dde9ecad7e6395922b2c9f32e

SHA512
396ba41831ce733f765c02cdb915088705ac8b7acee0d195098cba10d0d1f0c041db9ed9482f7c03656cc45de4b98714034a97a7e848bd8ba6c98583ea1590be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2556860600a28637b0f0895e04dcdd0

SHA1
2c9767e177f6a6aadbc63f53bd4d8f7fb1146fd8

SHA256
cffbcbcc99a87396548f6f95beaf21d860f7ec2302af0693c7a56f83a45e8ce6

SHA512
b14f2793375f67444d7d04355e11551552f95d97cd7dfa6f4e8e3986760cc15c40320bfa340fe7046254fcf7da80ccdf760b8875fc27c20b3f4ca79703dcd692

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97fcc308f62adb608f0f78bee1d278fd

SHA1
60d8a30ae427f7e376c9aee8da153c7faa6442bd

SHA256
22d99bbcee9ae55ad70a527b197e3f8b7bbd91ca2f9513ec78f338caab86f10d

SHA512
2f8a4310ef0f7ceb7db8c253a9fb8e348534de52491e8863f8157b549829e5f9c9c679b632a567e75b5b2c7719810c9bee9455bf21f56a137af1a2b6712cfd56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e2df0c5c5cf1ab974df8f90162296bf

SHA1
3f795f118b454bc65b88fd475def5067006d2d13

SHA256
698a9a597fc63fd86a1b31a84a721a286dbdb678657f3265a5d52beee9e5c0a1

SHA512
1724681e1a6a7ae71dee514516b5ad147244def69d333c8fd3913121e48446bacb3d6acb94db3afaad4e7dab162a011e68334eb10502cd4c7cf6950f524d3172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\70b12b2c-558d-4cb8-8c1f-e1099138e7c3.tmp

Filesize
5KB

MD5
e9441e3b09639b4acd32e04deffbee4d

SHA1
f4b369ddd2ff7f215dd1e5a32c629d697ea04213

SHA256
d219c53949d93fcf47e78bb608e0ed3ae65c5e5fd7d351a274e07146622a38e1

SHA512
d90d96e7a639bed6b11d110df8c9d9c18ccc9237e2ab8fff6228d2b9475e9e02175c0af841c87744d59179b7445c75ff4eec61e8a5fce0064b460b601fc0dae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\guoemn1\imagestore.dat

Filesize
3KB

MD5
3d5a4ee4ff39461e04c2604768e4be29

SHA1
402acf82cf7ab817d2ad45b0956a72def33b7076

SHA256
96c93c538df5142e4518a9ab0cfe0eb4f4464f659186514b3ad95b3ce4ad56ca

SHA512
2934092840f721b65a5e358471953ca97dfce2f3db94e7ee5caabf17b33e23934d070828c91ba0f9e0fb440c57927fee9db86aeae9cf45e9d0b9b6f7af9cd99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\f[1].txt

Filesize
181KB

MD5
312368455773c6b013108dd08abad4ef

SHA1
254fe1eb1c9bbc6e2c73bdeb8caf53ab4b1f7e38

SHA256
cb6e63e5a457807ff606f9d09e6770f26eb59b85eca1e27ca3876c565b0c3345

SHA512
0dc0be72a218697cdbba302073a2d5dd09b2f84e35392d34e4935d9b41ce53f989a55139f3c84b43b0ed86c5db77d7bd0278e969718020276f7463cf123d4073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUBCGJ0A\xmbc[1].ico

Filesize
3KB

MD5
1279bf31d9659ad2017369ec1b90473c

SHA1
0f21c5a8266c36af7909118899e1fa07590f2df8

SHA256
74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

SHA512
18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1A08.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1A1B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstC6F9.tmp\ioSpecial.ini

Filesize
696B

MD5
91c12e94ef488779c9b3655985778139

SHA1
26a47f65faed7057bdac208260fc3e07fac78a57

SHA256
e3ab3fbcdbc1d796367b639d70af479dcd1efada50175fab9d87dbe6410d1076

SHA512
7db28a460936e3acdc962ead38ff13a17314f0714d8c5fbd335428826ad70e90f17d2c475b6a5bee3f89048e89a04e9f6595fc594e3b5c75f6e206963a19a09f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstC6F9.tmp\ioSpecial.ini

Filesize
726B

MD5
d0a2137b530378debfd80f6347583eed

SHA1
68e22f0057ab9da186fb86412d5662a1df92c393

SHA256
7df260383d993b82009479d1189a1dc7610e4e12ca4b62c25b0c3e70ea5b1da3

SHA512
d6e4758ab354d7ad196c7571005dcdefcc9c7c714c158dd71156410a2580c33c1f66edc62643a7923c5ea8339adc0d71bbc43cf2ce5c648f6ea907299bd8d1f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstC6F9.tmp\ioSpecial.ini

Filesize
709B

MD5
15360facc25f559b896b596432476d67

SHA1
f3d4ad0b8e1d9a880bcbf34168649c0f6fabdc7d

SHA256
2ecfe9b7a13a5ee65f9d6c0c766b9dfd34527339854a14c60b5ced496ba0c137

SHA512
0354a3af92c8f26ae8b6ca109d2c556bae8a09bd988cd5f437de405d341affb182d93bba1d97af19ed4b414db1ecbd29e2f9e2920141b4ecbe210fcf7da2bc93

Download Submit
C:\Users\Admin\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\Persist.xmbcps

Filesize
16B

MD5
4ae71336e44bf9bf79d2752e234818a5

SHA1
e129f27c5103bc5cc44bcdf0a15e160d445066ff

SHA256
374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

SHA512
0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

Download Submit
C:\Users\Admin\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\XMouseButtonControl.log

Filesize
2KB

MD5
83e4020a90cd26a56ef36d3bd68f5ad9

SHA1
53b33f64b775feef9e3b83870d81cf8ba1538d4f

SHA256
779556292910e8da5844caf05a0928711435f9bf7c4312a2abe0f07dedb3daef

SHA512
af23e899a10fe9d50e80b6fb5d15b19911a99a29c1253a66d643e2ecf115014637d5fd2411b115e1d87146109373ab5d357f1955f7ac29d5a8a30889d73a7507

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe

Filesize
74KB

MD5
bfffc38fff05079b15a5317e279dc7a9

SHA1
0c18db954f11646d65d0300e58fefcd9ff7634de

SHA256
c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

SHA512
d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

Download Submit
\Users\Admin\AppData\Local\Temp\nstC6F9.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nstC6F9.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nstC6F9.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nstC6F9.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/1960-232-0x0000000002700000-0x0000000002702000-memory.dmp

Filesize
8KB

Download