Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

x-mouse-bu...-5.exe

windows7-x64

7

x-mouse-bu...-5.exe

windows10-2004-x64

7

$PLUGINSDI...md.dll

windows7-x64

3

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

BugTrapU-x64.dll

windows7-x64

1

BugTrapU-x64.dll

windows10-2004-x64

1

XMouseButt...ol.exe

windows7-x64

1

XMouseButt...ol.exe

windows10-2004-x64

1

XMouseButtonHook.dll

windows7-x64

1

XMouseButtonHook.dll

windows10-2004-x64

1

uninstaller.exe

windows7-x64

7

uninstaller.exe

windows10-2004-x64

7

$PLUGINSDI...md.dll

windows7-x64

3

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    10s
  • max time network
    10s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/02/2024, 21:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x-mouse-button-control-2-20-5.exe

  • Size

    2.9MB

  • MD5

    2e9725bc1d71ad1b8006dfc5a2510f88

  • SHA1

    6e1f7d12881696944bf5e030a7d131b969de0c6c

  • SHA256

    2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

  • SHA512

    62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39

  • SSDEEP

    49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 33 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2-20-5.exe
    "C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2-20-5.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Modifies Control Panel
    • Modifies registry class
    PID:2164
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2964
  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    "C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    Filesize

    314KB

    MD5

    c898f3422ddf257b0ecceef02abc38fc

    SHA1

    b68973f385be8c834001fddda33297ea13ba6479

    SHA256

    48cc9d1c9ba94b6c3b807402caea8e76c44b1ec5cee55ac4479130a67ff33377

    SHA512

    1c3f7679237920f5cba66f41bbe93f5cb1442ee53ce6a74a71185f137044a3ce3f2aa318d5a3259170badd5d504960623d3c321c49ba4f079fcd47ef2080c534

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F
    Filesize

    959B

    MD5

    d5e98140c51869fc462c8975620faa78

    SHA1

    07e032e020b72c3f192f0628a2593a19a70f069e

    SHA256

    5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

    SHA512

    9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F
    Filesize

    192B

    MD5

    c329c162ddbac06a81ce433a368c7a4a

    SHA1

    3aa5e2e7633134af4ada78ce36cc7756c1d609a6

    SHA256

    977730031a45fecc4906927bf8d4f82461cddd342661caa2267ad0983d43bd9e

    SHA512

    082370f31b9e6ec7ed5b7fb7ff6da925af058d7856cbd96242cd7ef64859acf0409fa6ddad5c0cbcc9c743243b3acf9f53fcdb747e299585b8c0b897cec0f172

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ae63d3108810c88f41b0ef4c4489e8a4

    SHA1

    7d6d6e7862528a0956041717d814e8538e49e3b2

    SHA256

    8cb16dc85d6dd3f2cae4e9828debd80e52c7ab8f15d968853bd7df1669f8999c

    SHA512

    ef088893f07bf4571ca2ca6f3fadbac3ae834b6b3adc50db043186a4b50476e29d210e014a070179fbc7e78c56ca86c96803c23a72ba8623c8c8e11fb40cf23f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    67a373e12da16b162af8dadbbf768998

    SHA1

    fd72ffd9efd03aa3c72b41d9bbcd4ea159fdb493

    SHA256

    53a72e4bc48adfab53bc27b6527996f10a3efb7a285b7cd9f134e4195d844629

    SHA512

    2fa0fdd7b9938cd00cc05acd9e73bc11c40558b02fe1b3c7d8e45f0acd0f7a18df8976ea4673f37df86471d55a4c8fdecd2a0907746cda9afaff16e4cc479b3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a228174e4c12ff710edf24654ef8eeb5

    SHA1

    387c1fb7e6a0623f719db05ed3460feca3507e64

    SHA256

    5636b2bbe505caea9db95f13be8de28e25df9f67f2597ddaf45ea5f2afe4b4d7

    SHA512

    6046548a60af6cba1add0cc7f10ab29e2533ff33c6a15e3cb8e09fd23195afb2ec0dabb11b7c539aba659789e76949904807e79b3cc3c262698c83d07f08edb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a68a9a6a024ba66a004b10a13a29f0f

    SHA1

    42e0291b53cb98572518c79cca34b68c212fecce

    SHA256

    9b295326fc03239221bbdb3b2a0e712055f44b024919875e34176d393a56609f

    SHA512

    e9f84fb1423d142a6834a5a33b399ff328bcb8811a9e9b2d9135780b6dc764c27c69e80b775f5f88be06c8a87461212c3a682c0d22671a332e07e608a3ad639c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    027cc08a3901e99862d30f4ec58e0bd7

    SHA1

    82a6d7a7c43586285c48b3e3adf6144d2ea6e2ca

    SHA256

    5538ae443622f369b49261b0723bc9a6fd14159721d0e2d68da7d5fa9d51b411

    SHA512

    a82e49f90cebb5ad59e220403806897f793d15efe3ba50d9d1dda1d5e7da461f5588f411a66983803ec75f3212806e8875be80d391d252986ae9cb0c2aa9bed6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    567a5028a0d185f9ce4ae1afd206f8e5

    SHA1

    f60e93b42c4960454dfb6e468083d533e700962f

    SHA256

    e04a1f6b436cf242102d9851d8a795ccc44d9ef472c87ee54025bfdef041d0d7

    SHA512

    d755187c478e0b52dbf1b177e8b7dbd3ec2d7b2499361ed35ecc6b50b1151daec432f4602e7575d61d45a5589f81cc47bf671e508220be6a7163619070bd141a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    239f5def323f323a9625f939c917b725

    SHA1

    d275b6dfdc0186dbae5ffaf0dff9121049693eca

    SHA256

    c089e59dc8c3f8e6f51581a22b27fb7cd102f3b78cd10458f1f4a7f02eefa1f6

    SHA512

    684530d0e2b6e15dad041d7de1d11853662afc81c4cff36a8362c3b91bea93d8b45a8811a61bc3996d109149efbe15cc555091a3d83f876acd787b55349c27d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c8ce20f2aecdd3d0720ad3f5857b5fee

    SHA1

    dce97641c5f6d66257467e4f6c03bd1cd3f8cefd

    SHA256

    f8a60c06b457fa87e837abffda2b141a99ba8defda6bbedf5097d06b2de3774a

    SHA512

    a1003acf55a165d8d49c03fa62a57ccf6bec92178baaa48c946b6d36f6dacf6cee111130a1071d2eeb442360e083fe11f4da662d48a2b7075837afa04131b5d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dfd1f9b2ff9b86c41290d0362d7bdaad

    SHA1

    e6085cecf59e5959c67d957d98109a21f767a966

    SHA256

    5b4b2971aab3653d50bdfa49420f86c275132a0715799b32e5387e194c50e8c4

    SHA512

    aeed54d3ca897ed1f7b11dac846fe0bcde05e359caf3996042854c5402d7ada9621ef44d66df6195e372e27141c461ea6c8539fad406b5a69d2aede6012c4fa5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ed87e4aebfcf78164f06c8dc4843526a

    SHA1

    56c029589b4b30adec631c5461285f1e7e69c96c

    SHA256

    b0d9232902f1ebfeb56c3992627cec7774a704d044fa4560e562f1a1e442bd9c

    SHA512

    aa95b5c57f007dee117764292bf322654b384143d7c3691db4f3724ac13f0f8198371fbbbb46cad7865f85c4d6badffbb3513ed115dfa21b725cab5a5221e3fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    efb3a5f2884a858e2f2870e9d4579df3

    SHA1

    1b12b1ef7178bcca7906aa901f750e176ecd6777

    SHA256

    2f6bc5bcf6902d232026693c0df69a60c2f221e66ddbaed0ae6d57c811b734f9

    SHA512

    c3f5d6fa48e67394261ce849c980909760fb52b56414b5bbf15f192dacf6bdb0d0f2ccad7d919829d70c52a3149c678a9e6b616502684a5654bbc0515d5e78f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d327aafacd09d066fbe2a45c4b5034b9

    SHA1

    b1bb1c8fe3918d167444627f1c707552c30bc5d9

    SHA256

    c7c03ceaa188014a89ebb7b078d1245d61be4bd0230afbf42a7e4c41ce7b9d26

    SHA512

    7126aadab8d628efc54cfbfed086aedd28461a6508af77611c054d6bb131c9a54b077809735c0c7fbae06d5dfb4f2a0a2e3b7f36b24fb108af40b4641e8642fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat
    Filesize

    3KB

    MD5

    8900afe8edbb7df38d996dda3d23eb1c

    SHA1

    b3d3379f6a24b98a39141e1221088fb39bba84b1

    SHA256

    c584fa6cb136b6a96f6f881400dd05d9f19169f3ce2d543defad0502601cd240

    SHA512

    680bbe06e06ca2a70b8a3872f24e33bc6ce9fa45577ae0b86c68caec1f5e309e20910dc02005534984c4255113736e30df54921cf42f22b65f5e0eb46ea4739f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\xmbc[1].ico
    Filesize

    3KB

    MD5

    1279bf31d9659ad2017369ec1b90473c

    SHA1

    0f21c5a8266c36af7909118899e1fa07590f2df8

    SHA256

    74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

    SHA512

    18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\f[1].txt
    Filesize

    176KB

    MD5

    cac4dd04395d65d7f42d59f515bd9476

    SHA1

    11f2616a144ec13c9b351a2eaf0fb07982e22806

    SHA256

    13bb66153029c97f35e6b9d2d0300655d9f0b5afc2d545c9f96a9cfe9a00a627

    SHA512

    b57db31d48d54ff3a7c863897129cfd58fa2d78fe371b04311f16959cd41f63326fa81f8e10cad8143bbe3a8a6a95fa56db88cd8b542ddffa62647f065c8a028

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab210A.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar211D.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsyA30.tmp\ioSpecial.ini
    Filesize

    695B

    MD5

    5e40a8cdb9429e8cfdf978062e13cf6e

    SHA1

    c626a7d07dc7df12af2272b7c927406e42cdb12a

    SHA256

    7a0589f92b464bc9484286c608ae4b79903be25ed2c2e115a1a31ff49d9e9cad

    SHA512

    b2a15289a58ad16ef03711470104dc0c6d93a3bc82f2f93ca238bee492b89f2656e6c4a32650c76c7d227440ca954c8c8993d4c7040324b21dc58b7c12803897

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsyA30.tmp\ioSpecial.ini
    Filesize

    725B

    MD5

    f6de9d6b560de117efffe6e0c06d1849

    SHA1

    b7ec9fef686d857d78e52480fec7cfa92f6015c3

    SHA256

    f926bbac7c7d247cf8be83355f809f6ff51f602ad60df58d6d65b28b94777b64

    SHA512

    8c173bf2d5661997a9c5c846b92c782811065ef3c9e20f473180a956cdbec4c4a8d5381ea9b766752e99712f29db67aae0244d85888836cbcdd4225ce3226d6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsyA30.tmp\ioSpecial.ini
    Filesize

    708B

    MD5

    53fc99476d83635d0ed454fe63d3c6bf

    SHA1

    0b013aa96da5fbf154846ed91aacbffb71d3707b

    SHA256

    ee555507cf18d811f85e585a786a1073b4f04bfc8995b4bba8700bbfeddf105e

    SHA512

    16f4b1803a279da17105a027654b9b12aa24d0f606791d6f32e72d0068645d3799acb9e2ae32ffd678b75255ba6243a4029be82521717125e95a5ce7d8b30605

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
    Filesize

    364KB

    MD5

    80d5f32b3fc515402b9e1fe958dedf81

    SHA1

    a80ffd7907e0de2ee4e13c592b888fe00551b7e0

    SHA256

    0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

    SHA512

    1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    Filesize

    1.7MB

    MD5

    bb632bc4c4414303c783a0153f6609f7

    SHA1

    eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

    SHA256

    7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

    SHA512

    15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    Filesize

    431KB

    MD5

    711f8671a749c6bb1c14b37ce48efe8f

    SHA1

    c0d8fa0b7e4a28521958a9a7bcb861b234fe409c

    SHA256

    1823022ccf934f15b528bd766b806cbcafde592696a222183c2e4cfff3acc88c

    SHA512

    6ed5f872aa26893d65e6d8355fce0ad3536384b348358d73e2e3ca5b286b543ad440b812610c74e1642bf72b31dfeea2487526659dc8b56363eef085c985570e

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll
    Filesize

    1.0MB

    MD5

    d62a4279ebba19c9bf0037d4f7cbf0bc

    SHA1

    5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

    SHA256

    c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

    SHA512

    6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe
    Filesize

    74KB

    MD5

    bfffc38fff05079b15a5317e279dc7a9

    SHA1

    0c18db954f11646d65d0300e58fefcd9ff7634de

    SHA256

    c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

    SHA512

    d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyA30.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    d753362649aecd60ff434adf171a4e7f

    SHA1

    3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

    SHA256

    8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

    SHA512

    41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyA30.tmp\ShellExecAsUser.dll
    Filesize

    7KB

    MD5

    86a81b9ab7de83aa01024593a03d1872

    SHA1

    8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

    SHA256

    27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

    SHA512

    cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyA30.tmp\System.dll
    Filesize

    10KB

    MD5

    56a321bd011112ec5d8a32b2f6fd3231

    SHA1

    df20e3a35a1636de64df5290ae5e4e7572447f78

    SHA256

    bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

    SHA512

    5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyA30.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    f832e4279c8ff9029b94027803e10e1b

    SHA1

    134ff09f9c70999da35e73f57b70522dc817e681

    SHA256

    4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

    SHA512

    bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

    Download Submit

  • memory/2164-232-0x0000000002980000-0x0000000002982000-memory.dmp

    Filesize

    8KB

    Download