2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
08/12/2023, 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMouseButtonControlSetup.2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1208	Process not Found
1060	XMouseButtonControl.exe

Loads dropped DLL 9 IoCs

pid	Process
2964	XMouseButtonControlSetup.2.20.5.exe
2964	XMouseButtonControlSetup.2.20.5.exe
2964	XMouseButtonControlSetup.2.20.5.exe
2964	XMouseButtonControlSetup.2.20.5.exe
2964	XMouseButtonControlSetup.2.20.5.exe
2964	XMouseButtonControlSetup.2.20.5.exe
2964	XMouseButtonControlSetup.2.20.5.exe
1060	XMouseButtonControl.exe
1060	XMouseButtonControl.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	XMouseButtonControlSetup.2.20.5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	XMouseButtonControlSetup.2.20.5.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	XMouseButtonControlSetup.2.20.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x00060000000165d3-133.dat	nsis_installer_1
behavioral1/files/0x00060000000165d3-133.dat	nsis_installer_2

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Control Panel\Desktop	XMouseButtonControlSetup.2.20.5.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42CCC321-95B9-11EE-9E49-C652905ACAA7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Modifies registry class 33 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	XMouseButtonControlSetup.2.20.5.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
768	iexplore.exe
1060	XMouseButtonControl.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1060	XMouseButtonControl.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
768	iexplore.exe
768	iexplore.exe
1060	XMouseButtonControl.exe
1672	IEXPLORE.EXE
1672	IEXPLORE.EXE
1060	XMouseButtonControl.exe
1060	XMouseButtonControl.exe
1060	XMouseButtonControl.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 1672	768	iexplore.exe	33
PID 768 wrote to memory of 1672	768	iexplore.exe	33
PID 768 wrote to memory of 1672	768	iexplore.exe	33
PID 768 wrote to memory of 1672	768	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies Control Panel
- Modifies registry class
PID:2964

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:768
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:768 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1672

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

Filesize
959B

MD5
d5e98140c51869fc462c8975620faa78

SHA1
07e032e020b72c3f192f0628a2593a19a70f069e

SHA256
5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

SHA512
9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

Filesize
192B

MD5
928606f629f57e967a76fc6519c1747e

SHA1
14a9e81cd98c86a870fa1987b74f0db9b984d6b0

SHA256
b803720fcbaf58b410c482d4561bbdfa3dc593669d73d7deb94de65d9fdab120

SHA512
b978efa7202d822caa2bc1eb0fbd26e04102cba7afce77d5d5dbf4fac858698e138d8c9497abbe44f3829aad6c61758c16eb13845c1b1c0b3be7c981f8a6a08d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e795f98e6a5711639211046dbac5b9e6

SHA1
9ae0abae3a36c02585931f3267c8e817ec88896a

SHA256
a88196b3c1444e433a1a8ffb9fa63a0665030ab731a8d66872553f3b4f231e1b

SHA512
4a10cac4b58b9e2d08928c40c02abd06f849f3a37a6b8331249e1fcd0f8dca0fe55716a5d9efa91242327117a2fa88210bba47a13e30b80c5f9efe13bc033fc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e795f98e6a5711639211046dbac5b9e6

SHA1
9ae0abae3a36c02585931f3267c8e817ec88896a

SHA256
a88196b3c1444e433a1a8ffb9fa63a0665030ab731a8d66872553f3b4f231e1b

SHA512
4a10cac4b58b9e2d08928c40c02abd06f849f3a37a6b8331249e1fcd0f8dca0fe55716a5d9efa91242327117a2fa88210bba47a13e30b80c5f9efe13bc033fc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e795f98e6a5711639211046dbac5b9e6

SHA1
9ae0abae3a36c02585931f3267c8e817ec88896a

SHA256
a88196b3c1444e433a1a8ffb9fa63a0665030ab731a8d66872553f3b4f231e1b

SHA512
4a10cac4b58b9e2d08928c40c02abd06f849f3a37a6b8331249e1fcd0f8dca0fe55716a5d9efa91242327117a2fa88210bba47a13e30b80c5f9efe13bc033fc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75a671397fe14ad0195904be3414d3cc

SHA1
a37da628b23f33ee9ef545c7ae6627a8c49f7d30

SHA256
0da342afd192395739507c17673e518015489036fd5169141ef4ed6f4fdbd082

SHA512
462135bf30504bb1438b4c5131085137ff44bdab1da841138848c1c6150019657a6c6b5f8d50400d10b96c3b3416760e38438d67753302b477831c6d40aae434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75a671397fe14ad0195904be3414d3cc

SHA1
a37da628b23f33ee9ef545c7ae6627a8c49f7d30

SHA256
0da342afd192395739507c17673e518015489036fd5169141ef4ed6f4fdbd082

SHA512
462135bf30504bb1438b4c5131085137ff44bdab1da841138848c1c6150019657a6c6b5f8d50400d10b96c3b3416760e38438d67753302b477831c6d40aae434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6f07bea381e2282384c08622d366d11

SHA1
872cf3baaeeb34cea55b5988cd2289f8a16f6ccf

SHA256
bc3c4eb0f1eeb39714353c5e1ad47bda33b3b6c5770ef55facca8da1737a2e58

SHA512
510f07dc35c35d3e46a55e322465e3df28980957b0ae23b5e2fa22ff51c36ab1a49205862e3a7cd9d264ba5c61217aad15f95eda52aaec12c18ee5171100794d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6f07bea381e2282384c08622d366d11

SHA1
872cf3baaeeb34cea55b5988cd2289f8a16f6ccf

SHA256
bc3c4eb0f1eeb39714353c5e1ad47bda33b3b6c5770ef55facca8da1737a2e58

SHA512
510f07dc35c35d3e46a55e322465e3df28980957b0ae23b5e2fa22ff51c36ab1a49205862e3a7cd9d264ba5c61217aad15f95eda52aaec12c18ee5171100794d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6f07bea381e2282384c08622d366d11

SHA1
872cf3baaeeb34cea55b5988cd2289f8a16f6ccf

SHA256
bc3c4eb0f1eeb39714353c5e1ad47bda33b3b6c5770ef55facca8da1737a2e58

SHA512
510f07dc35c35d3e46a55e322465e3df28980957b0ae23b5e2fa22ff51c36ab1a49205862e3a7cd9d264ba5c61217aad15f95eda52aaec12c18ee5171100794d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b6199603d81513fcc43135fecdef8b7

SHA1
663570f7bf5952f0fb0d0cccfe57c6fd838efc8d

SHA256
406b61bcc8656722569d21d61f685cc5603d585d41d4b0991f26050008deb7f8

SHA512
35eef981115ff21f2a5bff995d75281185f176ba629c68754961b2861fb630294f28a39e6dded45908abb18966114454286d72205206fab340e352c127b54fbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0a36919d9fd7610555f963bf361063a

SHA1
4010b060804d578b80eaef672fafdf208b2be15a

SHA256
bfe8bf5b1e7b9198c912b82492560acb6c2dafaa462c805a2d135eece76e17c0

SHA512
97720dd0746b4f412b05d97b5aeec74e5ec57ddf7d889b22f2396b2250dc75e435baaaafe94c94b99b492f30c59e81f65635b719d6adb2544b54afc33798453c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35e6b0e07f41ee8f0e7a9f6c3b919003

SHA1
b596802cbc1a20c8c20d478ba27a73f74c30df08

SHA256
2f662f8b4d781442a5f37bc2a76d50187cd3b2c4d8204b7760e42a7346f5c34b

SHA512
2d0c81bb7f81a0268d81c15303c8b597239fb5dd5c1707e037591c2cfa0032343cf7915b4161e848ccad9ba0ffbfb2045fbb79c363d4c42c2370e584404c7e51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7041806bd6f38bc9aa9f00a060b83d2

SHA1
90266c6d6ba2d1b6235d98f935c515b96811b11a

SHA256
6a537fdfb499350374a4828d0afc4645cd5410b486df18eca473d221767644ff

SHA512
bc8a65c814b83bd46cbec51ad608214d1ecacbaa088993f5eefa9ad9dd4e13ab01c14b03172f1b0099411e91bc54a259f7adb92e851d03a9f1e24ae3a8240c57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9352fb6c030c4c6a5a942ddbd114e11

SHA1
3e468ee66e929cbe2f8aa6bf9bbf83a4a7046e3f

SHA256
a0943245695053f88a302c0078fcd252da8883e5ac6ff1f06943ba7acd8bd943

SHA512
293e304bede2b7da2aeccc5241b30492239cb4091c783e0c2313c3b6c9a0d113ca3836d03469419734faa0442cf4441a274c1b771289086e0363e4f8dbe80c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73e2a14dc77749dab226735048c88119

SHA1
8bdf25354a7da751edfc7a5459c63e0bc636178d

SHA256
3cc4ff0a7d5ced36dc1421f3d411a85cd447d53b139c09868797cad014bf1cb4

SHA512
676a344db6a91e4472ac84e5ce76df04c2644918044455ae92f92b84adf8a75c045c0296c20f798271f47e73a0c5f5b9d96a5a19c8bafb23264c76c1e4c5e97f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09b4901dba77bbb6f8435e2501f16c4c

SHA1
36ef7dd008212533aa6584f1362b7707054a2d12

SHA256
b396a756e3a0065826f32a008a0109c84b30e4d1f40d6da24c07d45339b111e2

SHA512
54e71db44789f7993d638d3f8de6fe76690b0f63df09ef76441f850b0b4ec50c4d423fb4d5b192c996dd4bc3299fe21966c8d8e86701bc6b733da5a2c93ee529

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdf411fb25a6ce7acc95d53b5a7c8537

SHA1
a7ad5686601c5d252b5307ee4e2bc4c7fb6c9e42

SHA256
65892cf02558e91be0a0cdae83d428d0e57ef9e5f438696ad4f47fbd3315c304

SHA512
09d29e6cdd455a3a510421b2d964c536d062f073b74313a720493909e63c9c09ae1e158b1026d3e725762c75e37f7b01abb19bc54cad4e2920a3af99194f4017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cff7f0a02c7cbf1d8bfd30954b915e92

SHA1
2cab8bdfdb8c3aafa3f3ec00292dc86bfae10012

SHA256
f3334505ac3928d16d45db0bbac2d80b9fef41c4870f0958eab6589b9c9b75c0

SHA512
d9294b7f858cfc12cab8458fbf5b557ff9ea47cbc1aeb7f3b777e6fdd9984b5a92d724a7ea22f7e221a7dff907b8931ddd9242a5622aa62ee059bd598063231f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6901d62ee9ab64bf4266592333d67cf3

SHA1
ad4f5b9d34faad969277ed61760a23b38259c23e

SHA256
e70912501b3276ab71062d78bfa29f32f5199a47306c3e81c5e11b57bbcb1334

SHA512
e39234e5934c58d1ac00d8626c5c67a45bccfd4e201c2f3c8b4b8bc177bf39c8ec0fe36d4e9c094bd5815ffadca578a85a2d58507f471faf48bc9c97f15d8b63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
faca66c66981ceac9d6c35dce9e6144e

SHA1
c21fa4a2d78d9fb0ca5ec462f8e7728360c42265

SHA256
c66f73ef28eb8e05f5a27904df380c22a78c5f63b93d91560e098f9180f365ee

SHA512
027e1cc46d74d60808d674117a061fcf5f457bd14e6a533a889c8646562eac6ec8a24e4acb3f8998e17bf823cf5e975e9caacc0194e080a0fb767d1d05b55304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
faca66c66981ceac9d6c35dce9e6144e

SHA1
c21fa4a2d78d9fb0ca5ec462f8e7728360c42265

SHA256
c66f73ef28eb8e05f5a27904df380c22a78c5f63b93d91560e098f9180f365ee

SHA512
027e1cc46d74d60808d674117a061fcf5f457bd14e6a533a889c8646562eac6ec8a24e4acb3f8998e17bf823cf5e975e9caacc0194e080a0fb767d1d05b55304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1dfee16557140ae50634fd65724f26e0

SHA1
05fa769a3e394d357396b108da5af00cfa9da274

SHA256
e25a7eef1266ce07fd69ab441d244cb8432c5b7d08eeb96700e2a013304d9ed9

SHA512
38c70f862e054fd7aeeae17bfdf6360b3cb52080d780859fc85b468ef96143570f8c859d9a00d5c8e4fde61e413dc3844f19de16ad1f52be9433db624db1c39e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1dfee16557140ae50634fd65724f26e0

SHA1
05fa769a3e394d357396b108da5af00cfa9da274

SHA256
e25a7eef1266ce07fd69ab441d244cb8432c5b7d08eeb96700e2a013304d9ed9

SHA512
38c70f862e054fd7aeeae17bfdf6360b3cb52080d780859fc85b468ef96143570f8c859d9a00d5c8e4fde61e413dc3844f19de16ad1f52be9433db624db1c39e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8aa3a4a11ad4d7d6ee4c23d95494de7

SHA1
23e5df4473f056e8994dc3a516ddb34e3f668a68

SHA256
7bc03299565ee8b2cde38865242aefc36e7cec0734b3c6a78ef7cd5614645cf3

SHA512
519c4f8ce0b679b8fc77ba3e920c12f47f4c42d0391fc180ba8a33f958ffe4ba61720edad232dacc1192bd19cef5e2b74061b51ef12ac4c1de216913be0c8877

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4696a685d3c91ff633a2b1d2443b6e4

SHA1
0604d29bf0df743cdc92373901c874b6dcfb14ab

SHA256
21ad91309c8926dcb36ea26b77ecd8847a25086d3d546182010ae2aef1aeb044

SHA512
898f80b33e7de623a6545fe047c0b7807e112aa44a63a950cd75cc46003648ea9c26e679c440b638f4e3d69c13f19a44b93a2345df5a3164b6efc46ad3e2feac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4696a685d3c91ff633a2b1d2443b6e4

SHA1
0604d29bf0df743cdc92373901c874b6dcfb14ab

SHA256
21ad91309c8926dcb36ea26b77ecd8847a25086d3d546182010ae2aef1aeb044

SHA512
898f80b33e7de623a6545fe047c0b7807e112aa44a63a950cd75cc46003648ea9c26e679c440b638f4e3d69c13f19a44b93a2345df5a3164b6efc46ad3e2feac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJT1WABK\f[1].txt

Filesize
176KB

MD5
aa1c3ad6a1da69a726a77573d92325ef

SHA1
2d7f82cd301e2be27e9a9c3d23d75e99f7f932b3

SHA256
536d1c1d90f5428dfcbf9d03d1cc6a5b5b6391a2c0f4456762ee22aee192af64

SHA512
043d4c5db0907fbd9da6f54ab41373e487c9839fdad7a0c642bbe42904d4df14498588c7584f81759ad18cd32fe471251b67023b107e8a4e06fc3ed1f58860ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE8C1.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\ioSpecial.ini

Filesize
696B

MD5
a47b8fa22cc730c365f1fa50c5b18d10

SHA1
9f80874d1407d4329aafbb38a5b7ad8797bbe02e

SHA256
414b01f8a1396fbd46f700973e4fb6626d26037218cb97fd04d500a2b82e927a

SHA512
eda3736dc5a6077cacf01ecfea0ac81234219f3cc8c8f0020045ea0b038e9e4d91d40fec5f34db189fa9c1589e0b1e77c5c72d4727e0a3d1b366558033b07e68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\ioSpecial.ini

Filesize
709B

MD5
09914c117b80769517bca5d62a3893b0

SHA1
acfa7fdb2eaa0bc1eccdfbe5f0db7026b7dffbaf

SHA256
b9421e336dcf0c6c10df2038166b1be01af459fe2f07d0ab2f857406d303c2fa

SHA512
d22fda69b03714adff96b508c8eb874e145857879a8685fc9e0f81ffe2a3eacfe52cb55ad64eacf7bd51a388d41aeb62ed2efbebafc1895c7f76f20bebe68f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\ioSpecial.ini

Filesize
726B

MD5
4708a382fc188b2aef785f1da8acacf0

SHA1
8a689f9e1a368fc227f318541d70ffbda64221ad

SHA256
f111ae3df12e7bc0786c6105164b14de18b3f9d462e0f27b970d804f0806abda

SHA512
8c5564f32c87368ba141bf5971f68e38b3dc7c4c20f992d558e01f7cd872f457a07abc2dae68e1c3b5ac0f2fc945176d4ade72a0ed94e055527bf3e300f02817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\ioSpecial.ini

Filesize
739B

MD5
9cdf957a340495852d88f26b0fa0de2a

SHA1
2733b58be912d6aaefe207c000c9ea23b1af560c

SHA256
947f9e3a03e6ea05cacf4c95cee8414ef9b4e9fc5614d1e99e95ba5f2ed6e743

SHA512
7d5cb587821863f78d40055a74a2d11be01001f17613cfbccca3b0939b54ff20a9b1d97119f806084a9a15a59a5b255acc95a7acc796f998eb5938819aab8e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe

Filesize
74KB

MD5
bfffc38fff05079b15a5317e279dc7a9

SHA1
0c18db954f11646d65d0300e58fefcd9ff7634de

SHA256
c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

SHA512
d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

Download Submit
\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsj8D73.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/2964-232-0x00000000064D0000-0x00000000064D2000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads