Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

XMouseButt....5.exe

windows7-x64

7

XMouseButt....5.exe

windows10-2004-x64

7

$PLUGINSDI...md.dll

windows7-x64

3

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...al.ini

windows7-x64

1

$PLUGINSDI...al.ini

windows10-2004-x64

1

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

BugTrapU-x64.dll

windows7-x64

1

BugTrapU-x64.dll

windows10-2004-x64

1

XMouseButt...ol.exe

windows7-x64

1

XMouseButt...ol.exe

windows10-2004-x64

1

XMouseButtonHook.dll

windows7-x64

1

XMouseButtonHook.dll

windows10-2004-x64

1

uninstaller.exe

windows7-x64

7

uninstaller.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    25s
  • max time network
    27s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2024, 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XMouseButtonControlSetup.2.20.5.exe

  • Size

    2.9MB

  • MD5

    2e9725bc1d71ad1b8006dfc5a2510f88

  • SHA1

    6e1f7d12881696944bf5e030a7d131b969de0c6c

  • SHA256

    2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

  • SHA512

    62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39

  • SSDEEP

    49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Modifies registry class 33 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
    "C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Modifies Control Panel
    • Modifies registry class
    PID:3032
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2888
  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    "C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    Filesize

    868KB

    MD5

    23ee8d0ca6ca88e46ed2c44b8a8dba80

    SHA1

    9badcf73af39833463da7efc95601b91bcc2998f

    SHA256

    94b117a9e2030758b9bd0fb3bff97a54c284cd4fe7c9fca04085a5b790eb6d1d

    SHA512

    ad92f4c00050d788c02e9e28f712efc0312e246f321ef59d7ab258db3cd8ec655d780a781e171acc36b1f07830f704fda1151430b7e38c661140120836bd1352

    Download Submit

  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    Filesize

    820KB

    MD5

    f872e6aec7274760dd4d0e8d34d38028

    SHA1

    60154b7eb8b0848f2d8eaea313ad1f8bb951b2dc

    SHA256

    8b60b047c1ab42691c0fe942e89151058edb86a205efec1148efa178305edf62

    SHA512

    8e84248f1196dcb94d610c3b36dd24c70110d85b1c064321e78b565bb87267bb8ea33ed656ae87d99c11b5a12263461d87041c2d691488ba340f5242783ff681

    Download Submit

  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll
    Filesize

    1.0MB

    MD5

    d62a4279ebba19c9bf0037d4f7cbf0bc

    SHA1

    5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

    SHA256

    c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

    SHA512

    6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
    Filesize

    889B

    MD5

    3e455215095192e1b75d379fb187298a

    SHA1

    b1bc968bd4f49d622aa89a81f2150152a41d829c

    SHA256

    ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

    SHA512

    54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F
    Filesize

    959B

    MD5

    d5e98140c51869fc462c8975620faa78

    SHA1

    07e032e020b72c3f192f0628a2593a19a70f069e

    SHA256

    5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

    SHA512

    9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    c59d166764efc696308c712c950ead94

    SHA1

    757e94a1ef7cece7f54cc47f2e51b9790bd0cb44

    SHA256

    c7bf89c48af44f539d4385f5af9897c6d603a561b280d6fc1fe44998dc821ae7

    SHA512

    828d13bae0f42590bf4a54d25ff28f59cae2bc22123f03c3826fc109427a2d849ce4d78c6026fba7ed426854ebc2e9af9c9813c8eb196a0fcf927f8d2eff30eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24
    Filesize

    176B

    MD5

    250c160a90581012ccb75827402eeb3f

    SHA1

    00fa4116adc59bf61539208190cab72e947d1b1d

    SHA256

    ae65ff5b77dc295c92d2f624fc9877333008df37e96adf80b3dcc5b4f68d9694

    SHA512

    dbc1bc58457753e9737ab0c1dd60507df38ab53e8aa80b0070b89e55e74c4336d40c077a52cf748c86b619a568a98aaf3032f2d3fac48d0d9af214c90d82c22f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F
    Filesize

    192B

    MD5

    2bf56e12aebb9efefe51f3c6ee6daefa

    SHA1

    9943b7b988571a7ff7b86644af1e15dddb92f743

    SHA256

    35b3b0f07b21cc8785afb7695274456b0f4d0a4a1b251fbac4245658854724a5

    SHA512

    6fafabff6978699b0e5cdd8e54131aeb5b43e0f9601ae73a61dd5727d373ce7a4e9ab18acc6ae951e0587090f9c629ed70ebb0fbb65d496f6ac70f9d52b097a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f9000193570e7a3b628f8be664d52302

    SHA1

    820e018a73cf31199b1ade5f3a0e08600bf3d6c6

    SHA256

    80d229d18171b1a96f861b3ff63c27d1588814a360047ac08f9ec97b6f0a9b1e

    SHA512

    33fd527f57b8a6dbb972bb171630322bc8b71eae39c29b978e4091ce193a9b92c17317f0a33260ce70d59a2dac87478b886a2fdc218b83f9099df69816637010

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb1b152a6526471b0863e85c9c5b0ee0

    SHA1

    53f1af2a58f16109a0dd221ff91fb1dfcbd6cb41

    SHA256

    b34cc8a0aa55d670c01f77dd18782accae3cb8da2e6a5f6ea4d42c9de91c27f2

    SHA512

    af17758a9fbb6b26564130a3aaf4cfdca885edbdc6cdeb8874c757598190b49f59156c422517a15ce1c129dc1ec51332d15dc0088d1e8cc3aa5ed5a8a45e7c55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bcf0c55e31da4ba8fc3d92eac0f0de69

    SHA1

    8e092ed114ccd983ffc45ad6f0797cf3e54b1b54

    SHA256

    c31f8ba78e80bd355ade8348cff0b9ef259e8bb6011976c51033109b0e8086c5

    SHA512

    f413ac6090497829cc4705522ef1a34f17095a6641a99f45c8663509031deca3c4d20612a35bf56445b80ebb49ec3f380c7140df03ef594142f7d611ac15286f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    79d2b7f4c957213f3b7aaf5a30f53c12

    SHA1

    3147322b08bfa8d4d94f7ce00718f1d603e3dd31

    SHA256

    301fa144c4a0d77f3355d13085ac025feeffc4e061ccf2c30677d641ce8f9f96

    SHA512

    19c142846221b745a79781e071df48e0a6572150e66c3e14edfb1f37433466367d4e3ef48b1c85c8c3150d3c2384f8683c61027cea08c3027c830ff6da79a3b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa9cc2cfd7f3d50826beee8ad84cbb25

    SHA1

    68c0c2c9afea0fd556833d3d150c5b314cc5bebb

    SHA256

    51fe2ac073ce21910024bc561ab01cc9dbc7d108e5c0747a1c6354d526d052b0

    SHA512

    f6970128266c6ea12f150032c58526077ac7f6e40ba0f3e6ba019fa5580ac36ab6df7100b1477e627b3815fb604814e94b04170450ff5e67867a46a8064a5d6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4532ca2ec2029a637b87d61d1c61792f

    SHA1

    8d78886466101e413af0f1897f1c1201be4d4010

    SHA256

    8daaa8f9ef493ca02a389f23ff8ae62692240f3dc4dd429cdb3dc36e329bf0f4

    SHA512

    c9e3169a8636a4daa33d1a453bbb676bb27f649e0404a31250998d05cd695f0cd67dec83b6e010db1ef6a7ed895cc734fb91afd90a9c7bde293a5bdb26f27cf4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2e0a2ac0796318492be0ed1b4286d81f

    SHA1

    0bcd41ab100ba88e49d34284211f120d01683a2c

    SHA256

    3895d91af8af9cfdfe2d51f481a2ee1e1524c3fe3915b32cd7928fdb602b2a88

    SHA512

    5c6e63a336d4256bf5674b380e5e82908b53807dcd7ad8598429c158073f64ebbe0812fe4b072da07edaa35287a639f4d9bb438fe42430abd70d2ec76597cfb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c8c27239e3d921ca7095f719755fb358

    SHA1

    008b593dde75ff34148a51ed43c203ae65be74af

    SHA256

    1a6e120db92eeaf4c49f270cf8607b6139b0bf79fd09820e8b11093f911f914a

    SHA512

    6c7c15af087c7a1fb694472c571fa2c7ec8a4c8b84550c44e2e2f6dc4c40a35a80b6253025685a8dbbb5f2c546707e1eb8a0138cb65a83680c7af8f3a4c36fc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e4d5ea0a053fb1f3ce8cd271b1997ccb

    SHA1

    7d5a7a8cc6c012209022034c5ab31a8c15bfdd48

    SHA256

    242539fb5a33a5f8072c47c1cfdc2c38132b4f2cf551eaff85bf2c66fe68f760

    SHA512

    c60bcea998d037abc0733b1a99b1b1abdd1867f8d332bdb6ee8c76814f3c19b664ca0205d5657ad6cb6ac115ba73e6e0bad3507580435cc86bcfae3a827cc23b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    943f02ea3985184c272472326f425300

    SHA1

    b389cde5c75f18427b46709a571d8813d1c62b8e

    SHA256

    cb5d0ff1c0dfd6439f3db9c9b6c212b3fb1cd9b0c443a06241129d171a510fa0

    SHA512

    c87665e73ce9d45dde7e62acc4105cb06a2388162e0c07100e210a05de6c6be19a3368a8996e1b5568033516c7ea3dda52c06724fc3a81a93ad9ad65cfb0e029

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95a9c6961395a17558aa226486a155a3

    SHA1

    5bdee67d5ff49cf5c3cc9123373720be5837656a

    SHA256

    b18aabf14d6c8ff02c27618f99770248f8c7e349e70062dac1d8a3dba04face6

    SHA512

    71b71f6b081c3e7f0ab51ea5847520471e9a1cc312adeefde7e260266457f571c8cce8cd28022a69dde153ff89fa55835ebaaefdc8a5f1dfb6823ebb5ac1ecbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a8ad4bb73efba11a4f1427a4b2c5264

    SHA1

    7214a79e64a4164e8d4f811b6d883ea5ed6f6976

    SHA256

    d29e7fc7ddfa964ff5695a05f46e5a8df954294dd462551404ee8dace6ee6748

    SHA512

    fed63c0e7cb1cf7450dc3ef55947f679ed6ca9a372470a5aff8184c5ef340343245c678e41124911e186d6bc05bb58de3da9b3a40438bae87d9172fb5acbf3df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7e2ee737e5552335998dc582f6676a1f

    SHA1

    b32f7882d754db6f31ca811d200c55355a913dfe

    SHA256

    8c94b6be2ce0796f201d395f19b7188e063c94da341fb654160421cfddd7c2b4

    SHA512

    eb5ff1f3c1f4364e39d6fcdf4d2a846e5882ff4d3817d03c3b3753fd324c0b062ac1aac7a96c7baa08ea3ccfd874c22fc4cf93767067ae2dea4dcb3e444f45b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84816e8aed90df130c01698c1d20135a

    SHA1

    d1de8c28d178e0166530a47490b19e06d9d789f2

    SHA256

    2062bd01c5be55587bc0c1c2b5eef00e607aee1afee9274257fd8681d82c16a8

    SHA512

    045352dc56bb0ddddc09b9592a6dfad4520bf27e31de2b4d4834ce44c96653f63196d46aef30f3092ba31f464ee4013c5dc3215653f21f180369bca3e5bba289

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f89a83d223d9b36042a467eba46493f6

    SHA1

    ef8a80fbc517d0002f7843433adbf6525c745fe6

    SHA256

    8e92e455389817df72fae83e94e429b605547ce3147ac632adae50fb491bd7d2

    SHA512

    506617705c6e2c12a687ea4e1c1871add455d40fe2b6cd5e69b0b5d75e069fed93f0fc268d3f1ca2c2eefb3e93302342ccae4a4b251c796c2522a4480557cbfb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    89e346a8f1376d748634b7a28a908bb7

    SHA1

    5104b9785bd236cbc1163148588b9026b2206759

    SHA256

    701b122c4a12de718473b93f234b36fb34a08f606ed0ae3555022cc117e3ed06

    SHA512

    42f599d515847e4d1dcd2ebcfeab279c855ee31de682ef0a544799bd92950af0deec4eeb7885772174844c2de48da47be3eea654d9fea3f091b20b9ef556df71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6bd52bc8a586bfd082ab7bd0d3cfef05

    SHA1

    be468a1819e057543e2c82c0d726707bc7e561ff

    SHA256

    9b071e7274623f7798235075203f0c940d84156235e0b3e6ea20274b9be6025a

    SHA512

    03689a953912221b241e5901db80c1dbf56f671a80f9d282fa67d7d2714b4b6111950414aeb5d197cea39323aafaadf498a7bd841930c1f140e5e412882e45bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ed1028e5aa7f54ead2eb6bd2be830cdd

    SHA1

    dc9689fd6375c8ecf0cdbf91f60b938b310957ee

    SHA256

    1544626d7002d179cc628caf020bb03a235a96b38c2f736c18424226c31a4eb6

    SHA512

    39f7eddedaff8e51c0e09f494dc24baea5e7024f90dee77304d11241ff2b7ee361790d08b4bd2e3756f11f8e970fe7d0edb423e5429426187272923e9143e621

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f8d0d99e6a16515b51147d7476768afd

    SHA1

    4720d7124ef6bd94b49bad2e1ce3dd00ad9515ac

    SHA256

    4b35e32cc447796468c2a4bb84d555866ac4493f8c1de523bb658290ba4c3278

    SHA512

    9681ffb0dfd8b50e9bbba776be41ca2c0f2c72e912f6fa142f89a046807d41ec745c61c4f55fe9059a2c5d21e217e82a1c2c100c50eca1ef1082a3bc9e586b59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0611a5dff33941675210d09e998473eb

    SHA1

    52c377937e4343b01c20d17802282fe22d0bc3ad

    SHA256

    7efce3166044df2c552e30b45bf6425af2bbf1616a5a68eb63f59e7332388e87

    SHA512

    80746a5d6e8df268c2138fad88410704ec990f73cd6f00bbd9ab66d880762b8838a168de0f88dfe53e45dd6704e6412bb7b55756716499782aaa6ea471fbde4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e44f5f322fa137ded5a0b7aff726f470

    SHA1

    d13c1c590d31546f1e1847855c52e9c4b840294f

    SHA256

    9a9614ce55dceba555da406bf9b264f2d728b46ae44da85664b468c70af8636c

    SHA512

    17b0a333e4496028278f2ca17dc8ed8fa5cafdc57bd30811f3c18b3cdb41714b3e4fd65f15feb54d84b1d8bcc8bd3562d8f61fe662155617fca81b86273bb06a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    b15d82eb652679272d4773efc88648a4

    SHA1

    931c7946a1f0912a3f2efa62c131886708c9de37

    SHA256

    eb48bdf3209f025c05049b2d1d3b336f06df78682109b471f9149c0ffa412105

    SHA512

    f2b5e081d0dfdd9ba43edb1482abfe0c986bd4723566d7dd746878e39a8a53033543463781fd7c260eceb2d80a33ea4983089266e814edb34016bc3155ca738f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat
    Filesize

    3KB

    MD5

    4bace67575bee51400bf037285d044aa

    SHA1

    6cf3d1d0f422ceee669226fe4105c330f7ad5a89

    SHA256

    d47e321745fc45afd33f7fd7b110aa8a70f9903b0ab002cae497cbda9be41da8

    SHA512

    25d67dddb7b1c893253454fca15052c1da90f59803bf1db8b35ff65c0900d0495ea3d21eabad6203cde6306210ca0815f93769c53c02590681335ad93a7ccda7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QT8HWFT6\f[1].txt
    Filesize

    175KB

    MD5

    02a74ba7f81c081aa26c56cc58698eac

    SHA1

    ec53f1fe0121e15429db9707f690336f9bc5e6b7

    SHA256

    57e68b3889458b36f7fdda0ee3ec16f67d3e5eb7412e987c3aef9960e5368278

    SHA512

    b8dd4f0a508ff4eaa5a7cc8abb11c06783875f11a7ed3165faac26c90fc75b98df93911ef610073d606a73ffe157e31d14b4b80f0c84d38bc8e73c07e0e7c12e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y34QW70Q\flUhRq6tzZclQEJ-Vdg-IuiaDsNa[1].woff
    Filesize

    161KB

    MD5

    3e1afe59fa075c9e04c436606b77f640

    SHA1

    e4bb7c1e40d3febee58df963db276b2bf68c117b

    SHA256

    fd84f88b497040d4f7d5e8c9f8635aef8d3e706c0fa52e2b6facf14eee87e522

    SHA512

    d60da32bdc3542b7c6fcf766659d982fd66816705d6f8fa11785410e507dcaef6b319b19e58528a967a4b705058d9c9b1c5f8f41cf33da6f7957b8c6604cffac

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y34QW70Q\xmbc[1].ico
    Filesize

    3KB

    MD5

    1279bf31d9659ad2017369ec1b90473c

    SHA1

    0f21c5a8266c36af7909118899e1fa07590f2df8

    SHA256

    74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

    SHA512

    18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4444.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst8D9.tmp\ioSpecial.ini
    Filesize

    674B

    MD5

    f6184c811e03503c0ec0884e33564a38

    SHA1

    9c054009e77dcae98fefca2c056ee5d4335f39f1

    SHA256

    63617eafb6c8b3b4c2e7e6bbe217caad1748a0047b12068f302a845d63f1eac3

    SHA512

    55dde9ea7dbd841245d46689007cb8500ed740cf08a90292864f2b07ddb716b3d56288116aac1c3a8208a92962cd1324f7b343d87b439f6522b4a626795ca1e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst8D9.tmp\ioSpecial.ini
    Filesize

    695B

    MD5

    a321932b3bbb68c796b0b3c5c7c0cc8a

    SHA1

    7431ba3937f2dd129ca8161e225d70af3979be57

    SHA256

    0e9cc2bbd7acaee94c9e35cf19d8e26c60f0caa33e60833d8dd9ef39adc73462

    SHA512

    02e79ecefbb2f175befe889a734363266e74a86e585d711c5f27f7c3b9c25b96137fb04eab942a6034bd1ca90b77b4f753eb79a8297651af4ec68210ab7a55f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst8D9.tmp\ioSpecial.ini
    Filesize

    725B

    MD5

    d4c16d348c45f161d13088061d48e111

    SHA1

    c99000736fac58688b9b9a208a69e26a58560acd

    SHA256

    89b64355365272819733c23acd10ec34694db0e7b8935ddb48cb3ed975939383

    SHA512

    b66c8ff839379125d659ae19f3f3a8fb1926773914b031b19beb79d0217c7daeb41e64af4f14a601ac4d2a34ae4c282d923deee844739ec87b0c99e5d7a57297

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst8D9.tmp\ioSpecial.ini
    Filesize

    708B

    MD5

    c96e385ff0e1663522e894907f715c5e

    SHA1

    b8cbab6e996ef77d55ee4eb3302de16e76243784

    SHA256

    bd36fc2290a43902b75bab3d5a5c2cf02a26fe88c4ee4e939400aac9a96f8186

    SHA512

    371a80de06e418457d5c7de3314dc8f30db24c6640bb32008188e8408e49d9eff0fb74751ede0b075232735d1deb687ff6dc2a75fb75f3bcdec103e869147f57

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
    Filesize

    364KB

    MD5

    80d5f32b3fc515402b9e1fe958dedf81

    SHA1

    a80ffd7907e0de2ee4e13c592b888fe00551b7e0

    SHA256

    0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

    SHA512

    1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    Filesize

    1.7MB

    MD5

    bb632bc4c4414303c783a0153f6609f7

    SHA1

    eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

    SHA256

    7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

    SHA512

    15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    Filesize

    966KB

    MD5

    8d6831709a9189d991faf1b29d2f263f

    SHA1

    eaee9f3ce821d938cbcc23f80ea7f05d685deadf

    SHA256

    611c0a1997dabfa43ac6a8fe3d2de97c0f3ba6a0f9b6d4bfd81d80228f8f2fda

    SHA512

    e5f8e0131c4f0bfcc64fef73d3b139dd7aa7913e8ba72c1dc0f94ac15bf4eece0d8f8b46a804f36f75afc889646aa70d36591d17ddcfbc74e4ddf19a9460cdd6

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll
    Filesize

    824KB

    MD5

    db001e80bf52fd128da2fc3ccaa280b4

    SHA1

    3c268768eae4154ec57ec8fd944100c09efa01d1

    SHA256

    90114751bee6d929545d6ec6d55e03af86d483e8a2bab4b9b1588acc0a4c4b68

    SHA512

    19a22ac9b3d4fb05bc4ddeef89f03a429c1265b03fb30d2745a994bbccfa07be946559a9809a589336197dfa0e58f3d814f77350488e9553a73e57a4b31349a1

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe
    Filesize

    74KB

    MD5

    bfffc38fff05079b15a5317e279dc7a9

    SHA1

    0c18db954f11646d65d0300e58fefcd9ff7634de

    SHA256

    c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

    SHA512

    d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst8D9.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    d753362649aecd60ff434adf171a4e7f

    SHA1

    3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

    SHA256

    8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

    SHA512

    41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst8D9.tmp\ShellExecAsUser.dll
    Filesize

    7KB

    MD5

    86a81b9ab7de83aa01024593a03d1872

    SHA1

    8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

    SHA256

    27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

    SHA512

    cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst8D9.tmp\System.dll
    Filesize

    10KB

    MD5

    56a321bd011112ec5d8a32b2f6fd3231

    SHA1

    df20e3a35a1636de64df5290ae5e4e7572447f78

    SHA256

    bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

    SHA512

    5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst8D9.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    f832e4279c8ff9029b94027803e10e1b

    SHA1

    134ff09f9c70999da35e73f57b70522dc817e681

    SHA256

    4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

    SHA512

    bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

    Download Submit

  • memory/3032-232-0x0000000007980000-0x0000000007982000-memory.dmp

    Filesize

    8KB

    Download