Overview

overview

7

Static

static

3

XMouseButt....5.exe

windows7-x64

7

XMouseButt....5.exe

windows10-2004-x64

7

$PLUGINSDI...md.dll

windows7-x64

3

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

BugTrapU-x64.dll

windows7-x64

1

BugTrapU-x64.dll

windows10-2004-x64

1

XMouseButt...ol.exe

windows7-x64

1

XMouseButt...ol.exe

windows10-2004-x64

1

XMouseButtonHook.dll

windows7-x64

1

XMouseButtonHook.dll

windows10-2004-x64

1

uninstaller.exe

windows7-x64

7

uninstaller.exe

windows10-2004-x64

7

$PLUGINSDI...md.dll

windows7-x64

3

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    18s
  • max time network
    28s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19-02-2024 21:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XMouseButtonControlSetup.2.20.5.exe

  • Size

    2.9MB

  • MD5

    2e9725bc1d71ad1b8006dfc5a2510f88

  • SHA1

    6e1f7d12881696944bf5e030a7d131b969de0c6c

  • SHA256

    2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

  • SHA512

    62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39

  • SSDEEP

    49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Modifies registry class 33 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
    "C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Modifies Control Panel
    • Modifies registry class
    PID:3056
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:800
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:800 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3020
  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    "C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
    Filesize

    364KB

    MD5

    80d5f32b3fc515402b9e1fe958dedf81

    SHA1

    a80ffd7907e0de2ee4e13c592b888fe00551b7e0

    SHA256

    0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

    SHA512

    1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

    Download Submit

  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    Filesize

    726KB

    MD5

    6738a7f31ec91e46facdc4b2f5ed1a5d

    SHA1

    ac30336944001a419dab45e44f58af12dc089bbc

    SHA256

    db10d17dc004db6547bf787adc441f46c51cfdef9d2575ab888d40a967a6f789

    SHA512

    ea97d3ce94d79da5df8575f9ea0f918155d8f122fed814d5a932b4cd8f958256b68242cb89981412123809ead776e87bf51c649e20e5ca49b20353c3bfb6d91d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F
    Filesize

    959B

    MD5

    d5e98140c51869fc462c8975620faa78

    SHA1

    07e032e020b72c3f192f0628a2593a19a70f069e

    SHA256

    5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

    SHA512

    9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
    Filesize

    230B

    MD5

    469772ee0a1108b9364f07af11f43089

    SHA1

    b3e296f36e20d79921619e51b9606fc79c941b2d

    SHA256

    d417f93033db5579209c9b4544b1b5977694a30a2fee0c324793be2e1baa6dd1

    SHA512

    470910db057e52ece4ce1ced9db4c93849deb7046bba48502f934eef96eaf1fac26169e65993d174d8dc89249ce56f9df4259c3549de11b0f721cb04ee5fb40a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_520FA7AD0A5B7A5300910F5BBDCB6D0C
    Filesize

    402B

    MD5

    5e65b979f1d7f84573f1032be8bd388a

    SHA1

    cc3083a0ebb41d71fe3cbb6b497dd070ee0d2317

    SHA256

    93fdfe8bad7aa98b4484bb8ab8e7c3dc85e59cca331d0bf9263332c7aa8b2fb3

    SHA512

    58fddc3322789acdb63c18f61425e02d43a1e520b76182d72773e4457ea555fb9e7209fe996e9b2a76e87fff537b023b5fc10b61a5ada4fda7f9825a1e48da0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F
    Filesize

    192B

    MD5

    0546a8f7c0fda3d5b6a232cfab4c6ddc

    SHA1

    625565e966cc7a4b45c5e9139643c1d3e1ce2769

    SHA256

    c001a9bf9ef966bd69d18d577f06688cffc689687f3e920fc98932959a88d584

    SHA512

    7ab9efc75ea32fe984b2cbca1650003f59486594e6b532937777d89e8118da471ade4cf201c3208e4c0298fe4155bfcf0691d71f64a874108201caaae5068e2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ea6d87d0dbd1da7ed3a212ee8291db0d

    SHA1

    d00fb1dcfffdb96f65e627ade5be7c69c0c6a4da

    SHA256

    0284ae7f29e670e9bd4359ce48684c01ccdbd03f6edf51f5c06a7a463823986c

    SHA512

    ecaefb20f0116c2786b9bdd078be2c40dbe212d9573a6dd66d352e3d30fc8aa43edaf936a35e6f878998df3b8657c0e1c85a36469d5699815c5cc4af5957e2cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    48a7e6c88c3bf3a96dd58d6cfc605c9c

    SHA1

    6b7fa67d20f10d8934910db0c7cebb858e1d32ed

    SHA256

    16030405064d63322f7fe033ca5f611800413e7ccd24350d99516a681ff39b6a

    SHA512

    cfadb543896ed12f5c1433396a87dd063293465425c58f400edb7bfbde03c027533b95e1e133eb3ebe7c24d2583a92e1405133a897b3c34dafb26982c4398d77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bff05dd23c19d05bcb3a0563da808a08

    SHA1

    f6039041b0e2f803dee3d88b0a7f0f537580cca8

    SHA256

    0e984401cff93a1214d4fccff984d74c03d0a3dfa54762489a25048dfe19665e

    SHA512

    d2835f35d9f301d0ec877d87f6081d1877f9fd61bfe0b288e082c09cbb66f5ef64345d19f4072d82a465aa3cb6cb089f3297b21f4769a24e25d0977ec8905c93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b4162ea32e784631b0a61a5e6246f57

    SHA1

    2e99d769292504834afca160c822e7b7df5c6856

    SHA256

    bd3c6f135bd53c6da8b19afd12433f196e335238072bcbb370192f03944bf697

    SHA512

    8a49f31327355fefc60b2b05d78661fe46829360a7d12d95c63063bf79e785abd7cd133066b91193ac98498ffe9354dffa5971bd5c1c92f9064abc0e011ce6d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    10f9c17d6a1a2417087931e0d5a4cd77

    SHA1

    3693e9bd080b17156dbf072ce9e40b9fbb08d277

    SHA256

    1e7a9220e7e93f4b89ac1128c27fbf94732b5d9170374d316c17344c4cc17452

    SHA512

    0999e6d5dd56ab747472a2733a2350d6889551041073bd0723192d9bddf1190e5b2b342e490060ec7c636c8da770e3916a117bc7d44a374dc6f44b50ae595a06

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c74359901e7bd366f8e93af2da65c064

    SHA1

    4213de6360fdb2c13ca301754efc6f6fed4dd946

    SHA256

    6501b20ca9d11249e6fe3d86f63a0eda5d5de85a8e455e5f37264c0a2f5b0f33

    SHA512

    a29ceebf24f13d5fb5977864e9806ffe097370054916d974f249bb23e9ba09b068c429a799114706b5f8e1331ddafbd2b8dc6d1dd03c0df0db373bbc3ecb083a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    29a7a571cd8cbfc9bc6db4e2299e66d1

    SHA1

    0102c7878417ccef9729646d2394c00b0b17d804

    SHA256

    b802b0990f5fdc5fc82665940f36dbeda53067b46ba4e041680322cadcdc3cef

    SHA512

    d1a911b4ecfee3ad9ce2643d09edfb46e6a0c63155ed5bf57ca744ec7f5517455e96de9b1f5920992e2894ffabfbd165a197869e336982e67b44ef3c9472b789

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4699b82696de89579e3893921cd799f1

    SHA1

    1384e20d138c34471988bd6da982e37eeb6b0b6f

    SHA256

    4b0578b1df2e6dce4a1fa154e52c1d269caf93d7ea1ef7015a4d9322646e54ad

    SHA512

    d5ec7a7aa51faf27ffef431c6ddffa30ca5c89dc45f0f8eed559ee855ac3d81d18a20d9cdeef8622177e8f5e56952a290a58fd79f1b7bfab2b5aec23f5016446

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d35b00d8ddb01624e8e273a482c6a0d9

    SHA1

    1a1177f7d750894c7937735b5a75789ba9321c59

    SHA256

    fb85a178a2847e97013d19a0a456387f36e1f402b18cb8d17fb6dc55981d0e4a

    SHA512

    7ff76bb37f980707a2bae1b6be77a562ef7ae3337badb6c850c2faf158cec4c6c8b91952a658dbd941963455dc6fcb6e2f6019c1032f2f8003f5186bf2877e03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6c3cc0082f4195606b72d138fd678371

    SHA1

    9bb17cd4723f6503bf4f221618a3369d8cb22dc8

    SHA256

    13b4d96a072e9c5e12310d9cac3cb96fd736fb0ef16e3a3aaeb23813fe014026

    SHA512

    4add6533da1221b1793345cd21e6aae0858bb068a138b95ebb56323d2b3017535b9d5e6fe80850ade8cb1b46a23b21f404296e03ff929933f99b28e6e36721fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    786642070a7034a23b0d44661d8ac818

    SHA1

    6ffb0a8d22be0d733d6a53f02091d94ae0106cec

    SHA256

    f9d9abbec680cca5c951a15600496196594e9a78c427e9264d73480d244b11d2

    SHA512

    f66e9f2786adedd0d06ef841465077ba9142879704801535b479ae2d875af7832551b89df494b7647b479a71d067352ad4dc76a9f0e06d2376b325dac7907c4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    631f7db60296afe17b1b4051ea2e7aa0

    SHA1

    d93b569f2236591c502f442413f09e5be84c88b5

    SHA256

    60d8634580328de374029da395d581514e73581f38be4c94873b56c63f474a2b

    SHA512

    828ea06a5f68105b73a5832b47e617830754ee588ba26184446ab79f57a8bb2f6f78808db81e71a21413a5bd64ea4555d9378107ddb5bc9d97edbcd7526af14a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    373c1d68876e3362db32bbd0b1015a41

    SHA1

    f713af5f7f7c54a25af719e52f11922f58e4d1d0

    SHA256

    daf8f9cf2995fc4d2217b9ff54544bcd736e5cfa4bc70b2ae614e061ef47a175

    SHA512

    47aef30b7bce26b2f40c4f9dd294240b2535cb5a7fffb59e5059526b78e01d99c9c6cd83a181397ca87a98f32c2ea92344c970076981a438cfec5806dedf2dea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    edd19376add30bd8b10b8493cf33708a

    SHA1

    42e2c548c395393570abd20f4388a5a1ce2ebc24

    SHA256

    11024da88fa40a554017f44b2cbdb559529063b9eaf910ea41b142faceb1d671

    SHA512

    93ac842e7067c857bcf71f9f5a6a09611718e9502e34beb5874af9c13deca0b8f5bc4fa9c322a06f9ce59493959f11ea6fc3917e241593da8c7d12c688d84987

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ef54719a5cbe570fa3b7275ee9a617a

    SHA1

    192d5547e9752939a82b37eaeee311c6a74fd7b2

    SHA256

    59e382f1a74a4ee0e2721cc7650d73c2755f64840ecb02cccbff310abda5c16d

    SHA512

    12ca7fc11060b3a8e8bf04f08bce38f66782cfef8d070e993c40059266ceccc939fba899b697b955705e17a22d6f96c549e327d8e0689495f3cb21c751c87f71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4919f342c7db84ce343b37c250cdf287

    SHA1

    25c096078864c7bb4239accd2523ac43ebf0724d

    SHA256

    1b6c67fa145354dffd956fc578599bdd0d995e2c67edb33c2cd30af95eb9f26d

    SHA512

    3f5855eff6f158cdafaa8142db13bf84cafe20993850162a02b7c62e708c50b8cae535f4357d9cde177f192b8b1b9b784d615b41ce1c1ccd04efa6b659e5f413

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dca1584599cde241ca881494806cac28

    SHA1

    14e114d73e2f8238bd3c459b403b559b87d969f5

    SHA256

    698db63025d4fa7cd70659cce6abd4e4493e3d27f575b5e5b196b4cdfa3c929f

    SHA512

    76238d6452be66e9ae22e18d7341bd9ad78d6e7f284bc075035a2bf77078eb3f9e64acfc64e0d4d7f411fdda84f0212f69de330be2b6c480117575070f2ceb44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e6e397e5771721ae05ba84a2aa4faa03

    SHA1

    c116cde9748e491d7824058b7487858ba4e65a73

    SHA256

    27a7d4f1d68883ef26b993456e7302fb5538dfa872c77715e9f67f2cca6eb45d

    SHA512

    a8b838c892a28e38875c5b6f5a16e68c67027ee4b031f32a91ab1cd9fee752aac56159ae8596e2c3c6d4dacc6ee716c552165df91c65c1631150b1eb36290a97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    47fc80367c55c2d87f8dbe0c341ae8e1

    SHA1

    bb92244e31e4deecc02823936616ddcc90413520

    SHA256

    21c5d8461e9659dfceadd049c80b023528d11718be49e60655d04cabb663ce06

    SHA512

    3f13d6ea602461cbdee0997dc29a198b61b080b951b9d70358d826b573a26f91295145a81ad8d1070c390e2924d31356a3805b45d6cccd557b1fde25ec5e3442

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    57e6b2aa76c78f06fd84c9f325e07326

    SHA1

    fae8c159fa63d1b338461ca5a9853145d3205de4

    SHA256

    8db0e544596b7bbd1e1faa858449ff38c8be9e6af61f4555a45bad593a1b7035

    SHA512

    674742bb774f79fc9ba0828bbe079a8d9210a21ba7b9da73c1f358ac660b3c614ea59808271daf50364f1a5905e978b295671e149e7e0f4b6c5e83d2b0f45bb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f717cb072de1e526e681fa509e7e898

    SHA1

    4ac5d43ef1c72c9db57d0427cda79d0e0cdcfbb9

    SHA256

    f0557a1b801bcb328b052d3b4401ab0d2173026ccd676fa972028e7c1fb9868d

    SHA512

    43b4ee6182de6a912b0e2eb1185a6924b335daaa70d76165622cb997420dcdbb42d3698237406d6ce3454feb46b5b02d2181d6dd17033d9dc1963c432afb1ee4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d0fe81b3a66457f65d24ede9f90ce34

    SHA1

    19f4ac5d70ba6e8cb3fbbf7e1ce6a40aaa5501b9

    SHA256

    8863a2e6384068ecc742a6118f3085d9da748d3258d99631dd620a2adb535d72

    SHA512

    ed81279387758160d8171c8e78f741b35d096c0a853a699b18742070a0f4dd382e3d357945ee9199f6dd503c1c711037e074ded99a47b325d94c64a31f1132c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5bbcca9c7c55fffd6351e57a97e8c79

    SHA1

    135d8a41d0f86fdac1cfaeec9bc825082938e311

    SHA256

    9616f470a638b4a57fe8a320fcea0936659dd3570a48bee05eba0abc29406513

    SHA512

    6b173916b4bbb623ae48fe71602b785b0251372c5291440dcad8c1e3c5ef325eb44b83ef40e2252049038f4ec6050cfc9ab85f1b33f80e5803c63939ae61361c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5ed2fa12f42788b39a0e5441aacc200b

    SHA1

    7a40627e4dc1b9e31003c8e70c9c04c252186a56

    SHA256

    00b961953056b23278c1bad561d39e4529f43283b73ea8774185269570c0ec69

    SHA512

    be959a8b39494b7f6744c7169390e9e03f03a7358af214a1556067bfdfdefc16fc8ffe69fb41e810748945600a8bcd3850df4a8e58a14ee4899f1b1f58b909a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ee3d9196676ae0ff735776f00be717f

    SHA1

    b02aae7a07fc77144d802a39827255959386e045

    SHA256

    ed0932de9294d0fa745a3dee4e021c59e835477968db1153ab878ba3c4974f65

    SHA512

    398cc9a4b3b2db8a937b0e75958dc11e8433b8d39f348199fd7f32ce33c287f0f7ac290011f15b9c261d46199d076a76a8c9f97668ddee1329cd712587d1c980

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a011b4f4f643e6d54452b65970ededc6

    SHA1

    5c307b0bd08496932f9cb374c4bb3a9d60765ff9

    SHA256

    0d08d623f5c1fabb9ae019e6be17133c056fbc47fca44ea2b48c0ff9fcb5d5c1

    SHA512

    f5ac354b5c3e5d874ca75a5cc9852fd5326a8046ee41365a2f6ea57a26d717996433e4db0daa2eab24da848a239b5fb94f09c058521b4f02ddc0827680ec89a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc44676fda63ff1367300da8b2ccdd63

    SHA1

    29cd9ac66ae485a38063f814ab2d6ce3eeaebc62

    SHA256

    fc142817d0a8c0cb172f495d230094f9844913b9ba3f99fcd02e2d1f10ec8cbf

    SHA512

    6ee8163f7c51dd3b2965b8924065548e16e838dedae890f969b91fba846ebe31221a2e7ae52f016807f326ad34ceb5143230db6c1f3c3aaeeb1955e2ab969133

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    285ba0bad10d1e74391e4b5df8960c65

    SHA1

    d1973359325693a80cae76b6eb9107e808d06734

    SHA256

    eb9bcebb14cf61aba72a1b5573c04c1bd38a50e289a5b92487803966ac43381a

    SHA512

    14cbcca1e065cbe29ca5db3d8ec1ed5527e7fe11101cc4c8c84976f835d03d36641a3f2eeb429609ba5f2443a3bc034506d42478e07591c52e2f549f4c2360ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2de33ee29022d4107ad1ee7510927aec

    SHA1

    a6921e67af0c3a4343c995a7537bb4870bb603b4

    SHA256

    19ce56c2bba17dcb9a6a1b172e423312b765dd3967bedb90d96d69c4403e38ef

    SHA512

    6bdb400433519f7c35fc2f45a66b6eee175150913719eab6e06b3f576397e95e3a8618fd9e61718c2157d81a026744d56ec7b07aaa0fef6bf5dc2492681e2347

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e700cf1405fd394396c9ce35469d6ea0

    SHA1

    05265651d10cfa74832ef2b1e27fcd70237b35eb

    SHA256

    f4c548b7cff9308640cd736cbefd6bf45030dca8ae56c42674d12f63fb09a2dd

    SHA512

    848f843104b7c64cd186d885cb660214488defa5a02a465da999ad713e6e8e0133fdb8c3ca5f98a839b2af05127e3e86ec6ac417ed2c7691aba8d66a8ff27a48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0fef018c1cea35bc515242cf1d43914d

    SHA1

    5bb9c450bfe866b15c73aa5957f52fe4164acb10

    SHA256

    34b8cc1f6750881295559a28ea9191e6cca14217657ec8c847b270b9c004b964

    SHA512

    0ccb25bc5477cf77f4c2e68300cd499b5cc72d873b69400f157a85918eb10eb4d5e2110e2ff3d385206ceb7db4f3d29ad6659f85fccba2688807cd81cde9420a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    31dcc0a43d4fb94afab565853cc7a549

    SHA1

    59d90e32c9a7356485725231bab18490f6cb350e

    SHA256

    a41202409d1c11446f5a09cce3c06e8c20b617ab174c690d58c3a5bda4042724

    SHA512

    50dfcc3062fd7635ff3dd6333177359a17972c8ea3ba82dbf6be330b9980da4ba1305855fc1b662e74f80e6d184bd2b039f8952852c616d8c19bfa226c699a08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    97136e20e2072839722233bd72d705e2

    SHA1

    47377fbbf822d91cc6bd0b346bcbb8ea2faf9577

    SHA256

    50de75c7490ee3950073eb9159f2924ad1f0207225b544364435d5a92c6677f1

    SHA512

    557c41cb518b1cc9da56083de13fc12d7385c21e38ad5406f6447adcd8f3842941f1e19fc16e944550ecea6064cf044de12fe0f50427ee5499b68ef23fd69149

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    92345958b01f278a050ef8375d1f829d

    SHA1

    00010c8e8d0ec09ed6aef59ad0cf040f0ff5741f

    SHA256

    775f706bd6c224e4b3e8bcbb33280c9270079f3bd505d0e1844bf0c8c88dff97

    SHA512

    6416eb00d04de90b89296c301502fde3d0fd554004da5329feeef53c88bcebc4784df0c6b1c1897664b852980d9e7a25abbfc7fb8869a85ce436efdb8d3cf727

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17dba82da70c90424be29f822f0078b9

    SHA1

    9ae7fe0cd1ac4b63de5962c411e1e0e58fb3cf16

    SHA256

    7ecbde5d03eb0d2e6af809e29cc82b31dd6f7633b41d616e806cf73a1c52d0f6

    SHA512

    45097f725e562c0cbc5e4626826a9b93c728c463cfb473c837504a19425eebdf43e3b9e606d833e61ceaa5b7bc24b4cf8f2d50a618ccfdba11d41b485008b299

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GEI8CBZ2\www.google[1].xml
    Filesize

    92B

    MD5

    90b8bd18706721fbd8def28e533b171b

    SHA1

    bc6b1f37ecb959646d5dd4aafa36f9c9c321ff84

    SHA256

    2d8e62fdfc40fe266136d3d792381b277ed10685317cd7b5cc3709e9d124bb9e

    SHA512

    b87c303bdb575841f8609cfead1149f58351b9ed9608fbae37febcb4f47f4f3aec9203e96f34b53e356779efb68ae3e3f2e29941d4a0ec26e777a0810527bc5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GI9ARZHR\dvps.highrez.co[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat
    Filesize

    3KB

    MD5

    ccf4c71a6beb1d9290bcc03be3bd0fd3

    SHA1

    9de46a363e0487dcac63ab9b9b2146f5531db041

    SHA256

    fb17b0d94701d798e6dd7ecc74718cd4bc2387a82cfda2f1f751e221a7380c99

    SHA512

    b5db990200f15b9c14a2d97d653bdc17954e6e47b9d6e3afc670e58c5548c1b880eefc38457696fb8744cbd6be4d6cbfe62ace02bbb8bf704e4cb983ce0bc908

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0I6KXNQ\xmbc[1].ico
    Filesize

    3KB

    MD5

    1279bf31d9659ad2017369ec1b90473c

    SHA1

    0f21c5a8266c36af7909118899e1fa07590f2df8

    SHA256

    74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

    SHA512

    18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\f[1].txt
    Filesize

    176KB

    MD5

    d90b2533c1d0d2326c69ae9b3a65e200

    SHA1

    00af8a7479ea65863580dbf85f8bfd85350edf58

    SHA256

    d6070269d5f103ade7f6f7f5c23e8c5659c0652569d5cc2e651e52f4046787a2

    SHA512

    75c322a0f588e5437f43dc3dfcf52a7d9c51bf00c70e0ad82a93642f9f3946ab8e4d77f061f8ecc4b0c768346a8313b047918391cb412fc6e550f4ceaca2a185

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\sUZmNgw9Nq2fwuAcXGjFUpiEPOzLn7Li1RiOpjg7MUo[1].js
    Filesize

    40KB

    MD5

    2b5ed6778ac30e4880a755590736c080

    SHA1

    53acbcfb9d1ef2063e6604cb67f56cd884452d30

    SHA256

    b14666360c3d36ad9fc2e01c5c68c55298843ceccb9fb2e2d5188ea6383b314a

    SHA512

    bcb72a6375f444b6c1ae543913c6359624628c08c2ebbc5ad657b24d0958838baad921bae2f9571c56ecb7107b898229d7704c914cf42dc3c83c5b06d55b84fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU3RPYUN\sodar2[1].js
    Filesize

    16KB

    MD5

    2cc87e9764aebcbbf36ff2061e6a2793

    SHA1

    b4f2ffdf4c695aa79f0e63651c18a88729c2407b

    SHA256

    61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

    SHA512

    4ed31bf4f54eb0666539d6426c851503e15079601a2b7ec7410ebf0f3d1eec6a09f9d79f5cf40106249a710037a36de58105a72d8a909e0cfce872c736cb5e48

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab66E0.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar66F2.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd45B9.tmp\ioSpecial.ini
    Filesize

    696B

    MD5

    cc09941bf22394a9d1265c2a4e44f803

    SHA1

    fdf3a9fff4c9f25dbbc50341a421326de897c643

    SHA256

    97a8c0544314849c68a1b2bb12fba7d9e87c089d5eb9afbc29dea8ba9b116995

    SHA512

    9a89967091bd4ce8c77b24fc5abd8e862cb5bb55671641eab3a66d180004b78182dbb613231aaa6eff6b72e2def641fc32777b6f294233484deb2cd0c54f2d2b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd45B9.tmp\ioSpecial.ini
    Filesize

    709B

    MD5

    36d76f911b8cad5b6918d95346bbfbed

    SHA1

    63638091e2bf5d635133b87bb2bb867f8cfd3f30

    SHA256

    5663dcc38d2ad76dd46c31f2bd76b0b99cbc132212cfacce72d0201730f5fc1d

    SHA512

    ec0f19755a0c45ae0524ee4e60ad672eecbc8a8b64c7c9e75d304ae73df97a0be2e8dff2951e9c533408d728d6cd9a240a4ba57908e0c2b6a41a32d41d1fe3d7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd45B9.tmp\ioSpecial.ini
    Filesize

    726B

    MD5

    e1b9a42cf7b0f23aa44e88aefba53388

    SHA1

    20f76a5833c7911ccc1a29f05051dc1c5db2269a

    SHA256

    7cbc645f2b66a8c46461fc5780d80c25ade282583e86c666ec3b2aae2cf3605e

    SHA512

    e2822981e84b42d6471014d6aa2d1631a202dfe1631f0c8879b55bcd042d8352f95b362146b0281a6544fbe79ea89cd900cbfc9a09d8513410be82367f2f1ea3

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    Filesize

    1.7MB

    MD5

    bb632bc4c4414303c783a0153f6609f7

    SHA1

    eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

    SHA256

    7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

    SHA512

    15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll
    Filesize

    1.0MB

    MD5

    d62a4279ebba19c9bf0037d4f7cbf0bc

    SHA1

    5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

    SHA256

    c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

    SHA512

    6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe
    Filesize

    74KB

    MD5

    bfffc38fff05079b15a5317e279dc7a9

    SHA1

    0c18db954f11646d65d0300e58fefcd9ff7634de

    SHA256

    c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

    SHA512

    d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd45B9.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    d753362649aecd60ff434adf171a4e7f

    SHA1

    3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

    SHA256

    8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

    SHA512

    41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd45B9.tmp\ShellExecAsUser.dll
    Filesize

    7KB

    MD5

    86a81b9ab7de83aa01024593a03d1872

    SHA1

    8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

    SHA256

    27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

    SHA512

    cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd45B9.tmp\System.dll
    Filesize

    10KB

    MD5

    56a321bd011112ec5d8a32b2f6fd3231

    SHA1

    df20e3a35a1636de64df5290ae5e4e7572447f78

    SHA256

    bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

    SHA512

    5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd45B9.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    f832e4279c8ff9029b94027803e10e1b

    SHA1

    134ff09f9c70999da35e73f57b70522dc817e681

    SHA256

    4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

    SHA512

    bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

    Download Submit

  • memory/3056-232-0x0000000001EF0000-0x0000000001EF2000-memory.dmp

    Filesize

    8KB

    Download