PUA - Mouse Lock Execution (c9192ad9-75e5-43eb-8647-82a0a5b493e3)

In Kaspersky's 2020 Incident Response Analyst Report they listed legitimate tool "Mouse Lock" as being used for both credential access and collection in security incidents.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d)	Attack Pattern	PUA - Mouse Lock Execution (c9192ad9-75e5-43eb-8647-82a0a5b493e3)	Sigma-Rules	1
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d)	Attack Pattern	2