Overview

overview

7

Static

static

3

XMouseButt....5.exe

windows7-x64

7

XMouseButt....5.exe

windows10-2004-x64

7

$PLUGINSDI...md.dll

windows7-x64

3

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

BugTrapU-x64.dll

windows7-x64

1

BugTrapU-x64.dll

windows10-2004-x64

1

XMouseButt...ol.exe

windows7-x64

1

XMouseButt...ol.exe

windows10-2004-x64

1

XMouseButtonHook.dll

windows7-x64

1

XMouseButtonHook.dll

windows10-2004-x64

1

uninstaller.exe

windows7-x64

7

uninstaller.exe

windows10-2004-x64

7

$PLUGINSDI...md.dll

windows7-x64

3

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    19-05-2024 14:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XMouseButtonControlSetup.2.20.5.exe

  • Size

    2.9MB

  • MD5

    2e9725bc1d71ad1b8006dfc5a2510f88

  • SHA1

    6e1f7d12881696944bf5e030a7d131b969de0c6c

  • SHA256

    2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

  • SHA512

    62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39

  • SSDEEP

    49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 15 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Modifies Control Panel 3 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 33 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
    "C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Modifies Control Panel
    • Modifies registry class
    PID:2196
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1836 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2632
  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    "C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Modifies Control Panel
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1028
  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    "C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /notportable
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F
    Filesize

    959B

    MD5

    d5e98140c51869fc462c8975620faa78

    SHA1

    07e032e020b72c3f192f0628a2593a19a70f069e

    SHA256

    5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

    SHA512

    9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    857da728f5c2e8d671547be478d3ad1d

    SHA1

    01b46c232885ca41d1c914f41bbe02d2700e6378

    SHA256

    4aa048c275c34c0fc326b1374ca76be056ed591703f97ea5cdf7c74f81348c9e

    SHA512

    bc4555641322fa190572d8e424a33b5ff79459167d6d9797c060ecbbef51de81c65fa4f3bad900b8c768515621c433e8171c6566981d1726d4fd20a041e49231

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F
    Filesize

    192B

    MD5

    08124c359e5af97119142176763024a6

    SHA1

    460fb135126b1660a0c7bbbf0b34096bb6e51bc2

    SHA256

    370ebfd9c6c20d73c97301215b1323a8e0470551822bc7b73f24efaaa59e3156

    SHA512

    5ff9fccd5be4a022e0ba5e89a4df2eb1680e3fde5042ebb4f5b20d9d7004fbb04e5519409dab9598fa9223c0ab4648ef6528cbea31b0d8563ffc9a4d64c69468

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    579eca8a12a6dc9726ddab728302ff61

    SHA1

    e0003a124e768c4041791e4fd2aaa8f15267bd55

    SHA256

    53bb3de3a7a591d60a10a90995f1e008471d650c39570553189527949d5e5749

    SHA512

    a6618b126fa94d2d44e0fa56981b11b563847b83ffa4aebeba68b72887e5c38279eea911eb915bf5cb2e83bf372b4b74be3362f7812191a26c7218a1bbf1cf90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cbed3950da89e81411c5e6ac6d17f5d6

    SHA1

    2f252a8e9f79167d923eb5d2f7a4ef40ed422a59

    SHA256

    e80f2e7e3e5f54c30207211f42f1ddd4b14e00ab7b37d86e51da4569387008d7

    SHA512

    ccb0b5f9770516287c214a8e1f44b382a5e47faf884b12b7363122c34868d6e48a98e74bb756efa91387a047327ff06cd39470c2d30e4550dd952c5d9c474153

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f8ffd61a1d5e0399a81d68a1196518ba

    SHA1

    6eb542344bd71fda6fc1d2c3066f0d15141b1c28

    SHA256

    61c143f58de01e06bc6536d7e6d63851f153eea0cb49e48c7b98818769bc9ada

    SHA512

    e1be63c8968926c34897b9d99cdd1a0e34ae99b14ef0f68d6445e973dd0d2d2c730c7fa1e6f5d9d9018482fb5525a2866df22717fee0030df72e246a81e04969

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa6646aa702950cacb4fdb7dbcfe8937

    SHA1

    405b95d70a7d06d20a697d12aab35136f2515027

    SHA256

    0fb86751134f7810284c1282dab70afa3f268cda26b84d9d657f86ff51c196bc

    SHA512

    4aad9ef7b0b05378912fd28270ba0207e573a17f18ed478b204e656aee642737e90a00fe359f2afb5ae9ce6db0d35e38af054185cad6f306cc74864f3abae596

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    afe89fff9d443412e20f9f672ba6d43e

    SHA1

    f3013c6b526df286b2128940d9a1f70fb9131e9a

    SHA256

    b48d7ff14a69bc5419534c5d3a91013478d14baa114fe8be3ebe36ee67eb1362

    SHA512

    96bd84270a08503dafce98097897eb72a4a45db760c1557b6a6b2e1fcb38366136e6e1decbf6068b89ee4fd9d40ab60eed8310a37a1f9ddf974ff7101ec1a7aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ccb4cbb6263c9f91fea48d41df8d1922

    SHA1

    62bfa33ab727c7262f5e6a0b25ffaf6db39daacb

    SHA256

    99922430d077feb4d7cece3702a871480652dc220f0843dc8e58f2e122ea0d7e

    SHA512

    6ee1a9f82f79bed36d593ecbfc6a6a1172e38573dca953dea80bfa9d65ee69e514a0b4db763da8b59b372ff3c1f279e9700f80c48b105db3adf49d01c3fe354c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b7d8e7b04ab8fb26d593e5a381d01dc

    SHA1

    ff43ae0e5b3106974ffe2c968b500de751e5fb58

    SHA256

    411c26c29b2dca561d2d276e7909bab384bc69a60419eab18f39e8f9ba7742f3

    SHA512

    3060be81d044875a186fa29e46d659437da8fbb6902a00bd472ab0ea1b6f1722404c35553b61239a8a690194685f2c50ffe3f9945980b44c78424b51a7d72f7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    814ab8b946f679a783f0c26bb9d81bdf

    SHA1

    d311eebe05027bdcf5edcb486b45990e332a2053

    SHA256

    8fb6d426aef306179dfb300f326751953d70c5e93d7e47ebc2338b0aa7ad4a69

    SHA512

    b7b486726ff844baba499dc26da12d70a9192f5ac926f38e25020e5ba5bd50562a06eee9c0214d3ae06e6a06d772e2a9fd861b09228e1dc7d5faed32c4aa4e9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ee98ac531803d249c63e1b0397c38da4

    SHA1

    e52249a2fc239c51e4916f3b24fc5b229b47f706

    SHA256

    16096ca6c4fbdf20b2404178256b724aabc81430a89ddfe29a7976267df93d02

    SHA512

    1e8584e0cc0b2834499b3a0bba7881e5bc04f41c2bdb2c042f9e8284e9e0f25a337bba63fede71477ef2a8f311fa09f8a2f5a853018728ba9e8d1413c9faf2e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c504a2fa41059b35d0ffa37162bcc1d0

    SHA1

    08cc0d0f2f3af2a749cace4eb80ad45c96583bb7

    SHA256

    f11e8cbe79e642abca6df1ccb1286af61d1b61d6acb0800494b38fbf1ef7a9b7

    SHA512

    29d1245de065acfec866343880475c8f2f988504a79951edec1bfc63544ce5113e7117f97945d807b202c5b474c010e9a6f007ffffb1154a44552e1c1b603e8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c7e795ac78fbfd1821cdb60e4a52280c

    SHA1

    60bf3154bafdff2a5197b55e457975fbef6902b3

    SHA256

    e255f63fffd489c84c506920097b821d6e87710e05641df457e2e136b7d4dede

    SHA512

    83a53fee536ee2d8b1cc9cd37ced10de2bc4fe18134853aa91504d4c9fbcab59ee05e5decca6e4beffccb9caf120d4a4c53da15fce1f1019999a43c5e7f7e152

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf965968a14b8f23a887ec7645140f4d

    SHA1

    926865b6a948cc277111b19ee129b56971577271

    SHA256

    a8c2efea52d517e479e8a33aff6c32160ad941b649c410ecf234ee97a34a720d

    SHA512

    12d22c1b51cdbacaf6a592e7815e3a25b3a493d70c754d417f96c40b912533b21a69a4bfc631cf989615a2b72955c89ced24683ccaff96bde553d9f3d9711f32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af3e32fe4329dc290f3781ad6a94d0ef

    SHA1

    4a009ba7fc56ce0de8bc6d1d7c068159f57cf156

    SHA256

    fc973f9792854b4c8860e44572ff25a2080ef6132c296fd679c70e62927a5566

    SHA512

    05a0c9643f7f5425b54c3cecb5b67745f0bb1145b11ee6ee9bcf15334ec21a687d3b7b86b05979004d047c4f7fc003f197f99b5783538cf79242e5f35bc256be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b2a8f98a9c2b660bdabb8167afef92fd

    SHA1

    18f1d2095c8be39b8f73953b9a8bc278300a25f9

    SHA256

    5a64d56dda736a0dc584f89c720cdd777e8c322b6dbccab1e8e501ebba6930ff

    SHA512

    c4f5274d3cc451e5b14c6cc43c0464a7fcb5a224a10e22f6ce4c176b9b1147a9324a54de05429fa970aa679df1890a57974996ed953245cde466e4bf4395775d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e586fb72c8a2e6bc96224490d6c2910e

    SHA1

    0d3380e4ddad078682750c84d2eec1037925355c

    SHA256

    74aaf506ca04003a29168e6cbb73a02011d490a685a36690cd33634470cfe4f0

    SHA512

    d71ad291f66de4731d06522e2b6f1edaff0b652be921596b1a71e7fb2cb68eb714fe8e7b1a8d8b01e90059996123ef3e5e0d8fd3fee039d5dd8b987c452a9ef3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    49b6e21b927aa12f510559bea05b5cbb

    SHA1

    0cbfb33a6e47a4ccbc8d88277dd5e1af73f2e1d0

    SHA256

    7e687276fedd694050510ca9ea8326279e6b82849f9f050ccf87483dd3ef80ce

    SHA512

    08a3cdd13d5ddd217bb46489f1eb75c456f2eedb52919201636061a745464037ff611b41ade68dd330b959823b1e2213e9fa1b87daa05a01a871c7b83f73e2c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3750eb8080504ddfa01fa7afcd7f9acc

    SHA1

    9e22324d0ffab2be2c1e3617190bd7ec38f13314

    SHA256

    1156e0d8dcdfe59e45d19ba889affda2aa8f48ae23d408f307521de1a983f1fb

    SHA512

    631e9669bb7f86cf66332614406b9ea1b9171e856d2c0b436287e1e93292eaa6020a7dc06f9bcc7c810923f5d2fb8f91cd4378b6aaf8265787898917ccda83f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a741f01b5ea3a9f885843f29c2b7798b

    SHA1

    4d367deb87b16cc8e112ffbdb04f434b97770497

    SHA256

    8ae5267ad934d712e7c69a8f21c7fc81a362290c1081fb6cd592133efd98a961

    SHA512

    c02a2a780d7fcb5de57e58242db304586aefc6ff309072c08d5a6b0e787d0c3cc62f6e12bd3326f97fc34b4610f1bdf81810dac6bff87c63a147175b2eddb1dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40b9649bdad4dd5816bae275f347965b

    SHA1

    82deec074b80e5d8ef5291317add40d575eeb5ce

    SHA256

    f2f033dffaa052657aaac3cb53cb046d3c02b94ec02ef61fccd13a555492666b

    SHA512

    90ffe8b0131054aa611ab65bf3520d0190d81e5e8cd4ece1e8049c91ca2ee4fb6077bc490621812a47dab5435192020a1c3009cb14f082bcd6f5670cd7fb6438

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ba23fd17539135943982827226de77d

    SHA1

    4a4efa76ccaeb8a425e029a32ee1e1336eb96bc3

    SHA256

    a82f954df82e0df4cc1e2d0e7306f25782ae9656210edc0c8fe8db774f5ad483

    SHA512

    719a08e95f933851cf9ab40dcd4107c9406740aef925bf635ce1d8c6463897b57d4d2ee0b8d211cef7efd39b8c721a069227a35f85fb25d2e747e4bd85398650

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b4123d6dd47f73e20e5858d5c7f6ae3e

    SHA1

    366cc978c4f22b12f241b6726e9a3754957d8f35

    SHA256

    f98d99a64ce5e29a6b45610be0a779c0545e69cd8e9a071c5b6b3e256e290a99

    SHA512

    34d28037b179aaea705fca0c01feefb058e84bfad13e4ead0df952388d9303bb51199bc1a4b17a7b30e413f90be87bd5d9bd37710c5dfb9a5054eaf3b040d0f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9fdfa7980845cdf08052433b64424403

    SHA1

    96918000ce3d41e41643c3e21994590cc4aa21ed

    SHA256

    7b941854672c909967538320a7b8b9de6d376490150711b449e871ed740d9b9c

    SHA512

    79798306ff83fa1024a645f4c84052b919686ee93ac4e11b42861f2fb33f9b6c860ede7cf473cc61d44ac7a33b5e459f04624379c099a7c2e2a96e2918cbe188

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    47eaf61cd42ac9d31bea03d3983cc102

    SHA1

    bafdc663187b7ae784d26afa615c81eff7c34278

    SHA256

    75e3a8c4502fb2e3f17a78af69191ae5cc1d16d0f9be7972b74cc53e1116dfe9

    SHA512

    04301b87ad6c873d9e1d0ecfb25722e663b23090802d1db05fbf4f6f821a48d8684debc335283bd83fbec285f24ea7f450861bd5ae265fd1da8fefac710c970a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HDQPJ08D\www.google[1].xml
    Filesize

    91B

    MD5

    698344e5ff876f1309f834e42406c583

    SHA1

    1f3240f96e56f896834c422ca12d440e66779fa5

    SHA256

    fb6295be151fa5612d4fbed8327b373acb15fad7748b264ddf7b5ed56ff121a6

    SHA512

    0b3bc32e657c5951dfc482e6251b5a9db1420065ecdc74a4d813f1deaee97424ced8ce2d31c06965d43ec16836db9c23a8575a9d8f69c52b1109170a136d74ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XTIT6E1H\dvps.highrez.co[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat
    Filesize

    3KB

    MD5

    19f58c394e6c1a3851a67730675e8a47

    SHA1

    922ec6dc2208f69f4ce1b24c07ccf224e5c912a7

    SHA256

    ffab6e3b313113bf7315cba3c917779e1dd4fc6e0dcd8ceab390a9c8555ec9bb

    SHA512

    aee4f2d5e267d4853bdd0e03f9cf16e05abdd0c72818a0ff84cbc3ecf7631189e8a8a9c3dfc4b2fe7f1bc709dce2214cddf710bc3663dea7df96105105de6cb9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\f[1].txt
    Filesize

    178KB

    MD5

    51f4a5b2823959136ad31aa37b85124a

    SHA1

    935b42b32ce23fbc230b862078447625783c9454

    SHA256

    28f5d2fa81dba1895d6da417effedd9b4c8d8db2d99ef60836cb829d6d2d4e9f

    SHA512

    19aa59c159c74241453a5cd7b639cd6bab85685375602b5b23de2eeaa7fdbc958b8acf3f8a7a8d04243cde3f190ea70f3a1945561bb0d149fe5e66581dcab753

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\xmbc[1].ico
    Filesize

    3KB

    MD5

    1279bf31d9659ad2017369ec1b90473c

    SHA1

    0f21c5a8266c36af7909118899e1fa07590f2df8

    SHA256

    74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

    SHA512

    18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar65DC.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy1C78.tmp\ioSpecial.ini
    Filesize

    696B

    MD5

    b5e8225c5a9b5610712e9c46f72ec263

    SHA1

    77ad13f5286035a76b51daa8338a06466ddc0bad

    SHA256

    8f8aa64e287981e83112960261581d7852e460ddba3ae6539cd5cd35546291d0

    SHA512

    b3acb593b841e4b213744124a0570fb1d6133d0bb33c5654c93d6d3d0bb2840b38d38426609e7bfdf5595a4cbed67ead708029c0cf58a2d033b5e098ad8ba2d5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy1C78.tmp\ioSpecial.ini
    Filesize

    726B

    MD5

    1a14ebafe67aabc31b0248f6027a7cc4

    SHA1

    e26cff0fe73141d353e5aeba7482c430f8bee15b

    SHA256

    e2c6e5e35db5ff77a75d794f08952bac9ab5204313589e0210feb5f4b945a200

    SHA512

    5bc86d680725e01ba791125058bc0808219259283422913bfbf9a7c84dba8f110c86f712fe8c28658369e12bb61b2cf28f6de3a3b17012172d4f86bd71cfbbd2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy1C78.tmp\ioSpecial.ini
    Filesize

    709B

    MD5

    ad48700cc5df598708285debcc490fc4

    SHA1

    9618e04131ca10a5a271a490a56301a9fbc00cfd

    SHA256

    de262e1aa244ad745c111a254943c4165caa762703cee193a79a0f524e060f3a

    SHA512

    64b754a85db5467eabc963d87e023eb8ef254869293eb6555be0533eb83d8b31b042a81a2a5aae3d308114e0dba9f7e8f61502afa33fd86ba6c4b8aff6128775

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\Persist.xmbcps
    Filesize

    16B

    MD5

    4ae71336e44bf9bf79d2752e234818a5

    SHA1

    e129f27c5103bc5cc44bcdf0a15e160d445066ff

    SHA256

    374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

    SHA512

    0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\XMouseButtonControl.log
    Filesize

    2KB

    MD5

    c3b2eb6f5234c8de4bc8621c3620e562

    SHA1

    b9802305bbcd623d62d09627bf7cd7efad538ace

    SHA256

    71af6b7397e9f852ec7091e6f5c016365202b0adafc013d59e7d4eae5b343694

    SHA512

    ab5d985140622546f965c5e9f0fc976ec9f501b4f8c94d91577b452b6fae6c4524fb81f8df1e7915150da91f07d4d2c835252a6b5201101864aa897b8b150cb0

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
    Filesize

    364KB

    MD5

    80d5f32b3fc515402b9e1fe958dedf81

    SHA1

    a80ffd7907e0de2ee4e13c592b888fe00551b7e0

    SHA256

    0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

    SHA512

    1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    Filesize

    1.7MB

    MD5

    bb632bc4c4414303c783a0153f6609f7

    SHA1

    eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

    SHA256

    7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

    SHA512

    15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll
    Filesize

    1.0MB

    MD5

    d62a4279ebba19c9bf0037d4f7cbf0bc

    SHA1

    5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

    SHA256

    c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

    SHA512

    6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe
    Filesize

    74KB

    MD5

    bfffc38fff05079b15a5317e279dc7a9

    SHA1

    0c18db954f11646d65d0300e58fefcd9ff7634de

    SHA256

    c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

    SHA512

    d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1C78.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    d753362649aecd60ff434adf171a4e7f

    SHA1

    3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

    SHA256

    8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

    SHA512

    41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1C78.tmp\ShellExecAsUser.dll
    Filesize

    7KB

    MD5

    86a81b9ab7de83aa01024593a03d1872

    SHA1

    8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

    SHA256

    27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

    SHA512

    cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1C78.tmp\System.dll
    Filesize

    10KB

    MD5

    56a321bd011112ec5d8a32b2f6fd3231

    SHA1

    df20e3a35a1636de64df5290ae5e4e7572447f78

    SHA256

    bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

    SHA512

    5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy1C78.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    f832e4279c8ff9029b94027803e10e1b

    SHA1

    134ff09f9c70999da35e73f57b70522dc817e681

    SHA256

    4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

    SHA512

    bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

    Download Submit

  • memory/2196-232-0x00000000085D0000-0x00000000085D2000-memory.dmp

    Filesize

    8KB

    Download