Overview

overview

7

Static

static

1

XMouseButt....5.exe

windows7-x64

7

XMouseButt....5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    79s
  • max time network
    73s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2023 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XMouseButtonControlSetup.2.20.5.exe

  • Size

    2.9MB

  • MD5

    2e9725bc1d71ad1b8006dfc5a2510f88

  • SHA1

    6e1f7d12881696944bf5e030a7d131b969de0c6c

  • SHA256

    2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

  • SHA512

    62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39

  • SSDEEP

    49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 12 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 59 IoCs
    adwarespyware
  • Modifies registry class 33 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
    "C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Modifies Control Panel
    • Modifies registry class
    PID:372
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1644
  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    "C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1428
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1044

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
      Filesize

      364KB

      MD5

      80d5f32b3fc515402b9e1fe958dedf81

      SHA1

      a80ffd7907e0de2ee4e13c592b888fe00551b7e0

      SHA256

      0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

      SHA512

      1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

      Download Submit

    • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
      Filesize

      1.7MB

      MD5

      bb632bc4c4414303c783a0153f6609f7

      SHA1

      eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

      SHA256

      7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

      SHA512

      15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

      Download Submit

    • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
      Filesize

      1.7MB

      MD5

      bb632bc4c4414303c783a0153f6609f7

      SHA1

      eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

      SHA256

      7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

      SHA512

      15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

      Download Submit

    • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll
      Filesize

      1.0MB

      MD5

      d62a4279ebba19c9bf0037d4f7cbf0bc

      SHA1

      5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

      SHA256

      c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

      SHA512

      6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F
      Filesize

      959B

      MD5

      d5e98140c51869fc462c8975620faa78

      SHA1

      07e032e020b72c3f192f0628a2593a19a70f069e

      SHA256

      5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

      SHA512

      9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F
      Filesize

      192B

      MD5

      423970dce0cec68416699d23852e122a

      SHA1

      18c01d61bf7c2b14dcff98041a9ec2bee76ab651

      SHA256

      d36e8189d85b645892e1393736638c7ffd99974c84627ed5cbf10136b467f926

      SHA512

      b148313c539b66370e664b64bf2c27f227d21ee309588ed85b201a3751c7b72fe2b233245f08dcd33368bd16b9d3cb6b0fb0cd37c52f215d8c4642999036832d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3d2dda6ec5d9324b3410c6e0a5d92536

      SHA1

      98bf7aa0c09987c2be2a5720d5a0e06c73098681

      SHA256

      a18b386b22a70c14b0f88659358463ccdd45cd8f54f2b03bccc5327b6ba15f4f

      SHA512

      820b66e7befeef173331094dde0b5cfa44abaa2e83d8b073dde35ad45d547c71c226f7633fc4727b6b75c901740c3902e8d7dba9c0ee0859abc4e637abe0268e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9f601e298b5f5e6ce9f0d844c9690c82

      SHA1

      7df0fabcc088db89f68da672c006f75a44608e8d

      SHA256

      2765afdda089750f94ea8ad36ca682d214e600c8756cd2ebcaad8c9dbcc7bb0d

      SHA512

      b5fb5c0a4c88975bbdca43bda22108dcdeb94dde9052924ff3849ff266cf82a48a7132679ba698c22c2b0543a6243ab5fe471456f384af5d543b70f9e64b5df3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c4307825e5a01c1ec2b8ffb7394f4d55

      SHA1

      f18c5da2b92559dfffc4888cfe4058abad7483db

      SHA256

      cb7c1fdcba825a137e3c1cddbc4c5df3849a09b6d7a5f9252862f435e4fa39e1

      SHA512

      fb54bde29ff6d6c4cd53a8343f69a58eaa3c0d14e1a8518a14a01fe33e32620ecb32498ed7eee01e41a4e8666192b891d694a58835bfa32728c41fbb3549152b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e6c2dff798c4c438ab969d77e4b1151f

      SHA1

      fcd05b94c8da6af71dc8af4cd9aefe1a00a68f21

      SHA256

      7d02922dacc3dbf628df3c15f5879e0659864060d29e6a384933684f722f99ea

      SHA512

      136ccd554680b564cbd638c60fdd81fceb2cf4727fa7eba3d4a3bfacd5bbd97dcd252ed76dd4d72a33021dfff8a99823416be5565ff2baadfe2084ae5062124b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6fe26fb42c1008dfdba80af1de78cc6d

      SHA1

      4e5e3ec96540ec0cad79a16d5426a7dfa7c12ab6

      SHA256

      1829748375b47953b775b81d08a1d071aeca4e66098933761e7a4d43fd61d738

      SHA512

      a97f6d59f5c3684d97e1886d5d83e9dda1263c0200a20ff8f87b3cd167814b224974f30a7a18d1236aea1e7c6464471ae7a5240558aaf810a0d4a941fe734a81

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      262660749f050c8129f4dfc9a41d11fb

      SHA1

      d3a5c4e9532f383fa732fbfd6b22e17b6c75d201

      SHA256

      33e6e14098ffaa1b18bcec6ad5ef9b3d596e7c1db095f40b0254a4130a74fb04

      SHA512

      e4bbad4c87c9a94b7a2eaabc7213c3e4f20beeb48ead79d92f701566b7adb3f81bdabc173eb7f4a7a558acbcaba85149e446dfbd113303ce941c647361a5f159

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1568645d1a8a69d51bf256ce1254a286

      SHA1

      685141d4fdf2f035148823847d941efc7a89dcc0

      SHA256

      5a06c0071d57e7b7afc96c075a20647114d4d1d2981ecb19e353ace3a2ba6714

      SHA512

      ac8f043c277ed5d30f51075dc7edf5bcfa97c8242492377852b38d80e7c1ab373f0df70bf7022ab3ef552371e39d461f416fe0ab879b9a500944e2998c488148

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b7eb64bb15ec620eff5b725a7ba8682b

      SHA1

      a47fe3c7fc0d8672c2774bfd1d74688dced002e0

      SHA256

      0ccae93af58975ea0e9d8b2b5097cddc9189aef58982bbc9101f6b5b575ee391

      SHA512

      3309804ec894c7a8aee97d301f16a609ecaa82a966d7419e9e5f0e901aa3500ac95df195b8fc5df3c2f5e65580a6dc2263b7616b0007902e5588acf24e8923ea

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4a7df9c570afaefd01392dcc05ab91aa

      SHA1

      2a0a623eff67ee6971ae6b04067c9aa2a12e51ca

      SHA256

      a5231d60a803461ad764b3395dd3e72e350319fd446f12a78f11ff70919a4e02

      SHA512

      73756b0e196239e1ff50b4396167b1c7add5f03511b525b1f873c2a6cc3860cf2af9db76405bad265d9e3fe5f027760e9a05d22a25f0aa642b8906cc1d069b73

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fced8671dfe4ae9cad95076d6135bc04

      SHA1

      b972f7c338465be0bf338db71d87e5584ad59df0

      SHA256

      39596b8d41e1eb87f8d7ee0fe11a0583b1c05d950612f2433baf9a52d58a77ce

      SHA512

      a457da64bd6689ecdf9c13c678511d19b60d4d78df4b95f6db8c87388e60af4e1e45759a6e10ff73c3800397f9764ffddf39b3203dd14dbd833b10325628c242

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f88338da0a4e3dcb309fb0c052cf42a2

      SHA1

      3d36a8bb95dd8fd9c52c971533aefa6af0050b7d

      SHA256

      c21e2ad8fac100d57f295346e8f86811a9dacf7d7cd460db82166a826542b5b2

      SHA512

      74fb128860e07f5798acffd6aeacfb28d11c797753362a07c9007fa7227792e20b0af790f791fd021ea23f6c29c380ac1d06b8bf599e4da3c19994037c426a65

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7e91fc0e0be69a8a1fd567b47a7ab508

      SHA1

      fec9afbbe7b705201c24aa65c854e39feff2cb9c

      SHA256

      b01a1baf2067e1ef6af349e16f3ffea67dcf26ff56a2d4ba07b7234c13fa432e

      SHA512

      6106e8026229eb3d7c3192aac57841d9881f3bb4ce3507d97ad6cf946db58b9a6835124d4e4047d0d024b23c73b39d4d68b7d7b1e26fe123abdfbd755b6aef1f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4b8f4d1d859d458ac0c93d97b1129ff0

      SHA1

      58fc87ea75512ead78f9e7c0ba755e6c5c61d8b2

      SHA256

      a7a2cc5cc9fed202283e908d39833aa6a57933a4e4d6d2fe95a99b79bd1eee8a

      SHA512

      04086011ced731fc870ef52c130c95a7fd9e0b719c8c0a83149715f104049c0cf8531646e6345dbd0189a9cfacb66b7250cbd6e64d190a549f5cd30ee3bd397b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a63b7065f35cebc6c41061d4e03b2744

      SHA1

      ed85259c783bc116080967856b9bd4cacbf98061

      SHA256

      baeeeb6f07f38b12a34c5c3b1cd1d775df58c6ce1ff8078596285fb91c15024a

      SHA512

      d410d8bfa4ec0c8c24a4797bee3d43975f2cca58dd5bcd5fe8166b9addfdc6582bc17e27d9668ff03730a77e23399118eb29e52219af045bbea2ffb18e476098

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      88a54238a6c283553da375729c71f6e0

      SHA1

      4660bf77fa057a2fe7c9a2a22992d7f38829e841

      SHA256

      f69f3f0453e8146b320c0c178f0f0853f92bd9ec7b5c987cda5519e4b1ed0055

      SHA512

      286a0faaf59a6325dca586d68e819f317faa0e42f6acb5db50e9b72d4e256c9c118f5774f131c31f132d92e2cedaa1ef03a0fae4a7bbd0660530383de9d3737d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      844fe0ebc26e60672a6ce3f1789e7565

      SHA1

      6767bcc33137919664c9ac2bdbf52449a310d891

      SHA256

      295d058524afd94cdfb4713c484774f4a8271d7f6f2ac0f927bd91dd7b987781

      SHA512

      23c6da5ce85e699de51e08a32c1e42e5ac87cf6085c28ba4b49fecdd400aa68f3b143bd18c7a4ea906068338baba0bfaafba7253e90af5d6551a952e83285b41

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      479ff500e8bdeb4e7a0a9ed2c9d46dd3

      SHA1

      62ba0fd77116e56ac27d4461d6800aea1a4a764f

      SHA256

      d71c28ed49733682b88f19aed1526d250d2b64a2ecd89f6083900adcfcb4f521

      SHA512

      45d99c91f1cbed81404bf369255b2f7ab358cc7d725194b9a586b0351bd5b12bf272f3d091975a84540d6014cdb07527aada2010e18a6a9949230ecb6d019441

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ebd38dc5e1eae4b633fb91aabc681049

      SHA1

      b74e640ae758246d011dc19e5fc530c0dcc0ffc3

      SHA256

      0a03dbf38d6d0c470c0b02b92ea66bcfcff8b935e32743e543262bcf00fc7fdd

      SHA512

      c2ce5ea014587559505770f38b4e27623990a0717e44168114b01307a8dfb792c33351f72a0bb4a80cbb927be75e41c5bcf040132fec037f4ac9a88487985ae8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8cece73e09e049e53976e4e6587597b0

      SHA1

      b5f2ba30a8cc9f4003bd690e649f40b8fa135b4d

      SHA256

      5c9b3a1b4b5e5cd662b45aa4d471f95aeab5aaa38fbf44344ac3f56de02f7005

      SHA512

      758c7644875fa9a5a84e6774d1426172562400eae27e71fe6c9fcbb94a4d459c133412b07e2f94b95cff652054039a9c1848904845c319fa655e259e3bd4897b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      344e80d7180f1dba7d0970bd8c070696

      SHA1

      ec406fdb2338081493457b361c8a12a0b5c7da9c

      SHA256

      a29f9fb57a462b0736900e8f643a2eafdc3a8712b5d504cd5ad0a50b188ff631

      SHA512

      6793a481eff80072cbed87b032fd319a948e7e19190e179feda23d2f953b80a1f8a6127bd5a0f25a87b0f4754447c05f06938e853b1743c801d67cd5c2635927

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      eee98b1c72025518ea2a5077862c5d84

      SHA1

      0f81528c0f1cebe62b7cb485150e062f946a2fbc

      SHA256

      35b07d14223243c0ef5f34eeeab28e7f308ef1e46efc2f55084cef01cfb5f3e3

      SHA512

      7626bb9bd81b694a64db2c29d34f970461cc2f6cf0a748b404bac83f74f148cd4551bde0013f3a46eba690c3a327772d71a593b93dc8fe3208011110b6b5cfe2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7cb801eebfa40b64056b3b5d7658548b

      SHA1

      d38c81b2d7507658b00fc8e702839caaefae4aef

      SHA256

      a6872a50c9113a3e44e2e19296a939bb37fc9d9c3c4d9327b155392ecc4ff3bd

      SHA512

      8c7dfa9b143ffd840e1bf60fbae8fff7327052eba73dc2417705988932e990474b27169e046c5fac8342f7fb2de3679612dba8298cae089447d1c70f58f433c4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4f6f7a3de1223620e0eaa47e81d57cbe

      SHA1

      465f2a240449db0ee4fba79690fb91b02daddac9

      SHA256

      964a7032bcbef1eb0291a9757661f67feba6bde5b6a907f67ac71466e2a89c77

      SHA512

      8ee776537c7b39775c825b4ef5dcbb2503852f56462b939c053d4014f964c78381430ed72fa1afc7dda6a0953598d695c506f96c8c80daa7ac2912345fe8a03d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fe5fa6b807108e08a40d3e21e750e64b

      SHA1

      d95683769477c65b63856b67be63b7c415e77c86

      SHA256

      f572205c840414e96a8e8095c885954e7d52399416353e7a1d56319f4bbd2b48

      SHA512

      724bad0b181047c4c3ea985e7ccf567c10fd93baffd5166fc2ea20280e4cf770dd7d65225b6384a27bf084c4aba77399a2746b02eef426ee0b79fffeaa987383

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      85e6980b8a68b99283cf75c30a8eac9a

      SHA1

      c1af6168c03a20a4b6aa0d9aab9365b33f224cd7

      SHA256

      da5793cb027288dfd4e35c2eb5e60f7a1d392482c0ba1077c061bfdf1f9fe46e

      SHA512

      4d1ef6baea6e0be1b38e544f71e66d313e7406b606149aaeb0b52e18294d6a2c0d8ab68627af0bc66cf33033bf9f32f2855867d26127cecba14d13be9b44ba65

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      85e6980b8a68b99283cf75c30a8eac9a

      SHA1

      c1af6168c03a20a4b6aa0d9aab9365b33f224cd7

      SHA256

      da5793cb027288dfd4e35c2eb5e60f7a1d392482c0ba1077c061bfdf1f9fe46e

      SHA512

      4d1ef6baea6e0be1b38e544f71e66d313e7406b606149aaeb0b52e18294d6a2c0d8ab68627af0bc66cf33033bf9f32f2855867d26127cecba14d13be9b44ba65

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a9ca288fc1b7cf8f908e4c00e92df85f

      SHA1

      b6fe6152b5702711790ab9b4e96d5079a27fbe06

      SHA256

      80e0c09a55d9211e2f7b3d8453bbb1100a547244f278e89bb400111546fb65a9

      SHA512

      53a567f5493e7d17ec79939c0f59c6cb264dfe8e9bd36fc8b7c924a6d2e41389a63bcbf41c71a8fa65bbc1af7eab11f96cba6e91703037a3c768f2fe1b0f638b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e206eaed33d2a54c3edf04d67fcf9b91

      SHA1

      0823e297b5b304f65161b92df4cdcf36e52758ee

      SHA256

      3be6416ba72d53ea331e19259269e547db62ee739498eaf64192b7177e1e356a

      SHA512

      931b14cb7173dc9dbc48aad96acc34f0549fe77a4cf443e73cce4e36328d16bf4d4d93479d751f103347fb6c1547bb9d830e66e95ca7082409edbeb6cb206a37

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e206eaed33d2a54c3edf04d67fcf9b91

      SHA1

      0823e297b5b304f65161b92df4cdcf36e52758ee

      SHA256

      3be6416ba72d53ea331e19259269e547db62ee739498eaf64192b7177e1e356a

      SHA512

      931b14cb7173dc9dbc48aad96acc34f0549fe77a4cf443e73cce4e36328d16bf4d4d93479d751f103347fb6c1547bb9d830e66e95ca7082409edbeb6cb206a37

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HCXAQ4SN\dvps.highrez.co[1].xml
      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jaepeb1\imagestore.dat
      Filesize

      3KB

      MD5

      afc76a03f537ff2afc1d2f67bc509b7e

      SHA1

      56ead91b6671bd25f5341d75ff29bab2f02aa29a

      SHA256

      c90511fddf3062d23d173dd6ad39a856a5547312741d1ef813e266af9710c624

      SHA512

      3b32482be5319caecef402716c5b832a602336418ad6499a1eeed82b75ea7a5e6f5a07a49ea98272ffc6184fb1229dd66ac21d260db120541673ee65aee0497f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TORT3465\f[1].txt
      Filesize

      179KB

      MD5

      5a0f190b6d95c8f081c3e1060c084288

      SHA1

      c492c532a109318dd4a4bfae0659c5e7dc593bd9

      SHA256

      017bf41aa918c42e4844abb42a77f9dd3ac5c2aeb86f76aa3676740818cb2160

      SHA512

      2d9c998363ce2781fce159ddceaa8998eeefe8d0133fc579f9aa6403ccaf74c09ad854c1d57f74680c7488e5e22eab62f5e3d82595b253e8baf92caa76d6dbdc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQGVC737\EO3dEr436bj2mbZFCCZmCY-i5FbdjnDU1YMj9Z0fo7U[1].js
      Filesize

      40KB

      MD5

      b1233ee409245125ce133dc5b55ed269

      SHA1

      967ed0c7b14f85e1e6317033f0ec8459361e153f

      SHA256

      10eddd12be37e9b8f699b645082666098fa2e456dd8e70d4d58323f59d1fa3b5

      SHA512

      427fb085e89d5f0a349c1798f9d1b37bfc0bbac09c597ea36793c811d8be712aa66129a760b957f964480bdbebe85aca0f60a3dc589fced68e9b7f5189ba4c1c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDJKTMWH\Q12zgMmT[1].js
      Filesize

      41KB

      MD5

      1c33a4d6d63c7e6e38cc72e6245fc107

      SHA1

      19ea40ded1698ec0617604dc3e09897f7a8ff640

      SHA256

      435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

      SHA512

      ca55321c3c847819553238850525e59c6ed5c37bca116358d5080971037e56a3407d256b6a78dbe38f4b91cc97e62d899296c620f80701598983ba0624e086e7

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDJKTMWH\xmbc[1].ico
      Filesize

      3KB

      MD5

      1279bf31d9659ad2017369ec1b90473c

      SHA1

      0f21c5a8266c36af7909118899e1fa07590f2df8

      SHA256

      74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

      SHA512

      18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabD886.tmp
      Filesize

      61KB

      MD5

      f3441b8572aae8801c04f3060b550443

      SHA1

      4ef0a35436125d6821831ef36c28ffaf196cda15

      SHA256

      6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

      SHA512

      5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarD8C7.tmp
      Filesize

      163KB

      MD5

      9441737383d21192400eca82fda910ec

      SHA1

      725e0d606a4fc9ba44aa8ffde65bed15e65367e4

      SHA256

      bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

      SHA512

      7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nst510F.tmp\InstallOptions.dll
      Filesize

      14KB

      MD5

      d753362649aecd60ff434adf171a4e7f

      SHA1

      3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

      SHA256

      8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

      SHA512

      41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nst510F.tmp\ShellExecAsUser.dll
      Filesize

      7KB

      MD5

      86a81b9ab7de83aa01024593a03d1872

      SHA1

      8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

      SHA256

      27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

      SHA512

      cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nst510F.tmp\System.dll
      Filesize

      10KB

      MD5

      56a321bd011112ec5d8a32b2f6fd3231

      SHA1

      df20e3a35a1636de64df5290ae5e4e7572447f78

      SHA256

      bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

      SHA512

      5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nst510F.tmp\ioSpecial.ini
      Filesize

      696B

      MD5

      5029d3eebaf3f4ee366900b248f7482f

      SHA1

      4a41f0c8de63027ec07423520fccfbacec0cb335

      SHA256

      96de542c208f6849dcce17f045d67e721fbf1ce9e20a26c55e234de94d4d601a

      SHA512

      f17178e31962d63c2278e03ac5758d7f29589af1220882f7980865b64a497c48f0534a6bee606172d0b19fc8dc87481e53cd07d6811fb3c61cd0325e7f427ece

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nst510F.tmp\ioSpecial.ini
      Filesize

      726B

      MD5

      7d07704e911319dec831215289121b30

      SHA1

      c2718a6946b47e4987315dc3c4cd703df7f8d0b0

      SHA256

      74fbec9d2202bee3e90639dbcf5ca51ab7ea152e59cca7bcb23ccaf11c449ce8

      SHA512

      dd04c44f59aa127b5b9615277a456c67b0c0c6010e8dc3bcc55cbe42c43d7a4d382e7418d383a889ef27dd773b620275c7b576364ef4ecd47579f3eeabb78b77

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nst510F.tmp\ioSpecial.ini
      Filesize

      709B

      MD5

      b31d219b8c753f6663771088b8f61b5e

      SHA1

      cdadf4baf898f2a94bc90c0994155ce789ffbcd0

      SHA256

      c7c2cc788da4a42a608ab35074d0172839935c721401db6db66bd54976e18717

      SHA512

      e8ee48a05e1d99e2019c6279c11ea54232d736d1bc02ecd57ab9850ddad52a1b8c6edd0fdbe80f62528d73d036d7eab026a0c4eeaf82a11cbeae6d990797f09a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nst510F.tmp\nsDialogs.dll
      Filesize

      9KB

      MD5

      f832e4279c8ff9029b94027803e10e1b

      SHA1

      134ff09f9c70999da35e73f57b70522dc817e681

      SHA256

      4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

      SHA512

      bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

      Download Submit

    • \Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
      Filesize

      364KB

      MD5

      80d5f32b3fc515402b9e1fe958dedf81

      SHA1

      a80ffd7907e0de2ee4e13c592b888fe00551b7e0

      SHA256

      0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

      SHA512

      1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

      Download Submit

    • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
      Filesize

      1.7MB

      MD5

      bb632bc4c4414303c783a0153f6609f7

      SHA1

      eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

      SHA256

      7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

      SHA512

      15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

      Download Submit

    • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
      Filesize

      1.7MB

      MD5

      bb632bc4c4414303c783a0153f6609f7

      SHA1

      eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

      SHA256

      7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

      SHA512

      15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

      Download Submit

    • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
      Filesize

      1.7MB

      MD5

      bb632bc4c4414303c783a0153f6609f7

      SHA1

      eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

      SHA256

      7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

      SHA512

      15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

      Download Submit

    • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
      Filesize

      1.7MB

      MD5

      bb632bc4c4414303c783a0153f6609f7

      SHA1

      eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

      SHA256

      7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

      SHA512

      15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

      Download Submit

    • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
      Filesize

      1.7MB

      MD5

      bb632bc4c4414303c783a0153f6609f7

      SHA1

      eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

      SHA256

      7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

      SHA512

      15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

      Download Submit

    • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll
      Filesize

      1.0MB

      MD5

      d62a4279ebba19c9bf0037d4f7cbf0bc

      SHA1

      5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

      SHA256

      c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

      SHA512

      6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

      Download Submit

    • \Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe
      Filesize

      74KB

      MD5

      bfffc38fff05079b15a5317e279dc7a9

      SHA1

      0c18db954f11646d65d0300e58fefcd9ff7634de

      SHA256

      c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

      SHA512

      d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst510F.tmp\InstallOptions.dll
      Filesize

      14KB

      MD5

      d753362649aecd60ff434adf171a4e7f

      SHA1

      3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

      SHA256

      8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

      SHA512

      41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst510F.tmp\ShellExecAsUser.dll
      Filesize

      7KB

      MD5

      86a81b9ab7de83aa01024593a03d1872

      SHA1

      8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

      SHA256

      27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

      SHA512

      cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst510F.tmp\System.dll
      Filesize

      10KB

      MD5

      56a321bd011112ec5d8a32b2f6fd3231

      SHA1

      df20e3a35a1636de64df5290ae5e4e7572447f78

      SHA256

      bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

      SHA512

      5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst510F.tmp\System.dll
      Filesize

      10KB

      MD5

      56a321bd011112ec5d8a32b2f6fd3231

      SHA1

      df20e3a35a1636de64df5290ae5e4e7572447f78

      SHA256

      bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

      SHA512

      5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nst510F.tmp\nsDialogs.dll
      Filesize

      9KB

      MD5

      f832e4279c8ff9029b94027803e10e1b

      SHA1

      134ff09f9c70999da35e73f57b70522dc817e681

      SHA256

      4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

      SHA512

      bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

      Download Submit

    • memory/372-232-0x0000000006550000-0x0000000006552000-memory.dmp

      Filesize

      8KB

      Download