General Info

File name

Setup_TheFastestMouseClicker_2_1_5_0.exe

Full analysis
https://app.any.run/tasks/2bdc9ed2-5ebe-42a9-beb4-f35fa778bd37
Verdict
Suspicious activity
Analysis date
08/04/2019, 10:49:40
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

fb8e52a91a21be38a8c7070b27b70a70

SHA1

ced4e0de5efebebb84508a7470e5dbb7a71a90f9

SHA256

c77cf8ebd52d044362c7f5d1a8e3fc444488371985a8c0f2902420b93bc44001

SSDEEP

24576:CxGKTsmJXrf4iZd50fd7MmamUQhTQ9vTzly/rgRBVLj9o6k1vh/BZS0hUX:nGJXjdQQJmzs3sgR/fmDJo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • InnoSetupDownloader.exe (PID: 2036)
Application was dropped or rewritten from another process
  • InnoSetupDownloader.exe (PID: 2036)
  • TheFastestMouseClicker.exe (PID: 3912)
Executable content was dropped or overwritten
  • Setup_TheFastestMouseClicker_2_1_5_0.exe (PID: 3980)
  • Setup_TheFastestMouseClicker_2_1_5_0.tmp (PID: 2832)
  • InnoSetupDownloader.exe (PID: 2036)
Uses TASKKILL.EXE to kill process
  • Setup_TheFastestMouseClicker_2_1_5_0.tmp (PID: 2832)
Reads Windows owner or organization settings
  • Setup_TheFastestMouseClicker_2_1_5_0.tmp (PID: 2832)
Reads the Windows organization settings
  • Setup_TheFastestMouseClicker_2_1_5_0.tmp (PID: 2832)
Creates files in the user directory
  • Setup_TheFastestMouseClicker_2_1_5_0.tmp (PID: 2832)
  • InnoSetupDownloader.exe (PID: 2036)
Loads dropped or rewritten executable
  • Setup_TheFastestMouseClicker_2_1_5_0.tmp (PID: 2832)
Application was dropped or rewritten from another process
  • Setup_TheFastestMouseClicker_2_1_5_0.tmp (PID: 2832)
Creates a software uninstall entry
  • Setup_TheFastestMouseClicker_2_1_5_0.tmp (PID: 2832)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable Delphi generic (45.2%)
.dll
|   Win32 Dynamic Link Library (generic) (20.9%)
.exe
|   Win32 Executable (generic) (14.3%)
.exe
|   Win16/32 Executable Delphi generic (6.6%)
.exe
|   Generic Win/DOS Executable (6.3%)
EXIF
EXE
ProductVersion:
2.1.5.0
ProductName:
The Fastest Mouse Clicker for Windows
LegalCopyright:
2018-2019 Open Source Developer Masha Novedad
FileVersion:
2.1.5.0
FileDescription:
The Fastest Mouse Clicker for Windows Setup
CompanyName:
Open Source Developer Masha Novedad
Comments:
This installation was built with Inno Setup.
CharacterSet:
Unicode
LanguageCode:
Neutral
FileSubtype:
null
ObjectFileType:
Executable application
FileOS:
Win32
FileFlags:
(none)
FileFlagsMask:
0x003f
ProductVersionNumber:
2.1.5.0
FileVersionNumber:
2.1.5.0
Subsystem:
Windows GUI
SubsystemVersion:
5
ImageVersion:
6
OSVersion:
5
EntryPoint:
0x113bc
UninitializedDataSize:
null
InitializedDataSize:
53248
CodeSize:
65024
LinkerVersion:
2.25
PEType:
PE32
TimeStamp:
2016:01:15 09:22:50+01:00
MachineType:
Intel 386 or later, and compatibles
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
15-Jan-2016 08:22:50
Detected languages
Dutch - Netherlands
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
Open Source Developer Masha Novedad
FileDescription:
The Fastest Mouse Clicker for Windows Setup
FileVersion:
2.1.5.0
LegalCopyright:
2018-2019 Open Source Developer Masha Novedad
ProductName:
The Fastest Mouse Clicker for Windows
ProductVersion:
2.1.5.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
15-Jan-2016 08:22:50
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000F134 0x0000F200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.39169
.itext 0x00011000 0x00000B44 0x00000C00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.74305
.data 0x00012000 0x00000C88 0x00000E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.24753
.bss 0x00013000 0x000056B8 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x00019000 0x00000DD0 0x00000E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.97188
.tls 0x0001A000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x0001B000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 0.204488
.rsrc 0x0001C000 0x0000B200 0x0000B200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.14761
Resources
1

2

3

4

4091

4092

4093

4094

4095

4096

11111

CHARTABLE

DVCLAL

PACKAGEINFO

MAINICON

Imports
    oleaut32.dll

    advapi32.dll

    user32.dll

    kernel32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
40
Monitored processes
5
Malicious processes
1
Suspicious processes
2

Behavior graph

+
drop and start start drop and start setup_thefastestmouseclicker_2_1_5_0.exe setup_thefastestmouseclicker_2_1_5_0.tmp taskkill.exe no specs innosetupdownloader.exe thefastestmouseclicker.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3980
CMD
"C:\Users\admin\AppData\Local\Temp\Setup_TheFastestMouseClicker_2_1_5_0.exe"
Path
C:\Users\admin\AppData\Local\Temp\Setup_TheFastestMouseClicker_2_1_5_0.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Open Source Developer Masha Novedad
Description
The Fastest Mouse Clicker for Windows Setup
Version
2.1.5.0
Modules
Image
c:\users\admin\appdata\local\temp\setup_thefastestmouseclicker_2_1_5_0.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\usp10.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\users\admin\appdata\local\temp\is-b1ep9.tmp\setup_thefastestmouseclicker_2_1_5_0.tmp
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\apphelp.dll

PID
2832
CMD
"C:\Users\admin\AppData\Local\Temp\is-B1EP9.tmp\Setup_TheFastestMouseClicker_2_1_5_0.tmp" /SL5="$400E8,907122,119296,C:\Users\admin\AppData\Local\Temp\Setup_TheFastestMouseClicker_2_1_5_0.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-B1EP9.tmp\Setup_TheFastestMouseClicker_2_1_5_0.tmp
Indicators
Parent process
Setup_TheFastestMouseClicker_2_1_5_0.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\appdata\local\temp\is-b1ep9.tmp\setup_thefastestmouseclicker_2_1_5_0.tmp
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\users\admin\appdata\local\temp\is-0k61q.tmp\_isetup\_shfoldr.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\apphelp.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\is-0k61q.tmp\_isetup\_isdecmp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\sfc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\duser.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dui70.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ntshrui.dll
c:\users\admin\appdata\local\temp\is-0k61q.tmp\setup_thefastestmouseclicker_v2.1.5.0\innosetupdownloader.exe
c:\windows\system32\shdocvw.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\slc.dll
c:\users\admin\appdata\roaming\thefastestmouseclicker\thefastestmouseclicker\thefastestmouseclicker.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\netutils.dll

PID
3572
CMD
"C:\Windows\system32\taskkill.exe" /f /im TheFastestMouseClicker.exe
Path
C:\Windows\system32\taskkill.exe
Indicators
No indicators
Parent process
Setup_TheFastestMouseClicker_2_1_5_0.tmp
User
admin
Integrity Level
MEDIUM
Exit code
128
Version:
Company
Microsoft Corporation
Description
Terminates Processes
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\taskkill.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\srvcli.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netapi32.dll

PID
2036
CMD
"C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\InnoSetupDownloader.exe" C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\TheFastestMouseClicker_v2_1_5_0_subdir.rar UNUSED UNUSED 1014677456 C:\Users\admin\AppData\Roaming\TheFastestMouseClicker \TheFastestMouseClicker false false
Path
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\InnoSetupDownloader.exe
Indicators
Parent process
Setup_TheFastestMouseClicker_2_1_5_0.tmp
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Open Source Developer Masha Novedad
Description
Open Source Developer Masha Novedad Universal Updater
Version
4.5.5.0
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msasn1.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\users\admin\appdata\local\temp\is-0k61q.tmp\setup_thefastestmouseclicker_v2.1.5.0\unrar.dll
c:\users\admin\appdata\local\temp\is-0k61q.tmp\setup_thefastestmouseclicker_v2.1.5.0\innosetupdownloader.exe

PID
3912
CMD
"C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\TheFastestMouseClicker.exe"
Path
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\TheFastestMouseClicker.exe
Indicators
No indicators
Parent process
Setup_TheFastestMouseClicker_2_1_5_0.tmp
User
admin
Integrity Level
MEDIUM
Version:
Company
Open Source Developer Masha Novedad
Description
The Fastest Mouse Clicker for Windows
Version
2.1.5.0
Modules
Image
c:\users\admin\appdata\roaming\thefastestmouseclicker\thefastestmouseclicker\thefastestmouseclicker.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

Registry activity

Total events
431
Read events
0
Write events
26
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
100B0000529F49D5F8EDD401
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
F883A69E403C396D828CEDE9A1D9B55D6BB95E4EBEB61F46364FB8D6CDDDC271
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0000
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\alt64curl.dll
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
414131F716927719C95C725A47595A37ADBAC429A5A90C9F1CBEE03FC31D4A96
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
Inno Setup: Icon Group
The Fastest Mouse Clicker for Windows
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
DisplayName
The Fastest Mouse Clicker for Windows version 2.1.5.0
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
DisplayVersion
2.1.5.0
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
HelpLink
https://sourceforge.net/projects/fast-mouse-clicker-pro/
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
NoRepair
1
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
InstallDate
20190408
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
EstimatedSize
2509
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
Inno Setup: Setup Version
5.5.8 (u)
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
Inno Setup: User
admin
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
UninstallString
"C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\unins000.exe"
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
URLInfoAbout
https://github.com/windows-2048
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
NoModify
1
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
MajorVersion
2
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
MinorVersion
1
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
Inno Setup: App Path
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
Inno Setup: Language
default
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
QuietUninstallString
"C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\unins000.exe" /SILENT
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
URLUpdateInfo
https://sourceforge.net/projects/fast-mouse-clicker-pro/
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
InstallLocation
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
DisplayIcon
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\TheFastestMouseClicker.exe
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\The Fastest Mouse Clicker for Windows_is1
Publisher
Open Source Developer Masha Novedad

Files activity

Executable files
8
Suspicious files
1
Text files
8
Unknown types
4

Dropped files

PID
Process
Filename
Type
2036
InnoSetupDownloader.exe
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\TheFastestMouseClicker.exe
executable
MD5: b6e984679f16929782b743d932c05c4c
SHA256: 05605ba762b486bef3a6b88d5b383ec2b18d0e0fea07f119d80b704976b15b1f
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\InnoSetupDownloader.exe
executable
MD5: a1bd6a3771841b92d29fb146afd410e9
SHA256: c35d7046d7065bc1b1cbdc4e61711023e3b786aca0a1c2509987c2a04d9b7ec1
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\UnRAR.dll
executable
MD5: c4c14a5885e2c12fd03db59c719952a8
SHA256: f3db28b86cfe44ab262482262ef057ba7ad1f8ea82cd8718c622635d089a31df
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\unins000.exe
executable
MD5: 995da9111b9e1d01138d9924aef54b4b
SHA256: edc55be2bfab61c22936667b9a27e44293e4392cf3610ff01ba81e37676ff4e0
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\alt64curl.dll
executable
MD5: b5c0b07d4f1a9c71119537021c25f12d
SHA256: db235b5865441a4a7a707c13b62d3001dd975b9ff42333d8db123793579db362
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\_isetup\_shfoldr.dll
executable
MD5: 92dc6ef532fbb4a5c3201469a5b5eb63
SHA256: 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
3980
Setup_TheFastestMouseClicker_2_1_5_0.exe
C:\Users\admin\AppData\Local\Temp\is-B1EP9.tmp\Setup_TheFastestMouseClicker_2_1_5_0.tmp
executable
MD5: 6a96bef4679e16a54b4090e74664dcca
SHA256: cb095356ddcfcbace96c6252fb73a267ed011c15ff206a7a9302007baa68a783
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\_isetup\_isdecmp.dll
executable
MD5: 3adaa386b671c2df3bae5b39dc093008
SHA256: 71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\source_code\is-GP94T.tmp
––
MD5:  ––
SHA256:  ––
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\is-FPK1U.tmp
––
MD5:  ––
SHA256:  ––
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\is-VA58J.tmp
––
MD5:  ––
SHA256:  ––
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\is-24KBC.tmp
––
MD5:  ––
SHA256:  ––
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\is-O9QL6.tmp
––
MD5:  ––
SHA256:  ––
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\is-7O7P0.tmp
––
MD5:  ––
SHA256:  ––
2036
InnoSetupDownloader.exe
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\settings.dat
text
MD5: f6daed2be35ad0d79b98effc40443bd0
SHA256: e7340934cbe80c0004995699f126818a6c869cb613e3bf9f897c738faa908f16
2036
InnoSetupDownloader.exe
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\source_code\the_fastest_mouse_clicker.sln
text
MD5: 1d55b45873af08360784c82b807157c0
SHA256: 758bcac076e73bbef703569c71c086ed58b09f2bb2ad5e210eeaa59363dc7c39
2036
InnoSetupDownloader.exe
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\source_code\main.cpp
text
MD5: e08a4adc160d6a727f8140d61c789fe2
SHA256: adcef04bc886ef53cefee671679d80ab4dd1288c92931fba0c6283adfd401733
2036
InnoSetupDownloader.exe
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\source_code\the_fastest_mouse_clicker.vcxproj
xml
MD5: 8f20a97d3f1decf1f666750cfc79d4e0
SHA256: 346a2198a3c60957bd28586b489cb1f1519320697b0a6305dd0801afa83e9c97
2036
InnoSetupDownloader.exe
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\run_clicker_with_random_clicking.bat
text
MD5: fd833a416eaee040b4ab045277345910
SHA256: 758deb3a703bc57b412d4a2e9dcaefdff1f639a2e0de8ea5b4aa4742282e2d3e
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\unins000.dat
dat
MD5: 92181d59f81585a578f42329c85f4d32
SHA256: d04ac405c9a91b7d583e3ceb58d40ce60407db1ad63b54f553c0f483a6043a87
2036
InnoSetupDownloader.exe
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\run_clicker_with_command_line.bat
text
MD5: 9f7712bb999ec779c4f62c2d5c55a458
SHA256: f4d54542cd911bb99af0ce04078195974893ba664bc965a586908958ac25659c
2036
InnoSetupDownloader.exe
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\source_code\_build.txt
text
MD5: 493cd2342bb9091fb70bc48def256c41
SHA256: 20c61ef4c25f07906137dda00288835fef3861683092c4b153f9504d974bdc1c
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\Desktop\The Fastest Mouse Clicker for Windows.lnk
lnk
MD5: 8f94253fa41715c7fed4620729d181b8
SHA256: 39eb1d2d31957b4b3f86e2b8f0e603c7edb6510028647e5f2860e3f6b2fb5b4b
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Fastest Mouse Clicker for Windows\The Fastest Mouse Clicker for Windows.lnk
lnk
MD5: 317e4c16d575008729cace5824f70797
SHA256: 46b6cc82b4b1443cf8eb6194aaf13587db04620f76a943843e5e508ce0a04e51
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Fastest Mouse Clicker for Windows\The Fastest Mouse Clicker for Windows source code.lnk
lnk
MD5: b540fd3a3445bbb5115e45f7ac1752c8
SHA256: 9891dcdd7f66e03b56262957fd571d41263cb4cbb9d5537f4df79dd4ced372cf
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Roaming\TheFastestMouseClicker\TheFastestMouseClicker\source_code\_build.txt
text
MD5: 493cd2342bb9091fb70bc48def256c41
SHA256: 20c61ef4c25f07906137dda00288835fef3861683092c4b153f9504d974bdc1c
2832
Setup_TheFastestMouseClicker_2_1_5_0.tmp
C:\Users\admin\AppData\Local\Temp\is-0K61Q.tmp\Setup_TheFastestMouseClicker_v2.1.5.0\TheFastestMouseClicker_v2_1_5_0_subdir.rar
compressed
MD5: 7626e0a5b166609781e8c9b24b7dc006
SHA256: 10020afa8d97308a9f7d77524391f5413670fd42f13b16f1ad5cbf088e5ebdf7

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.