General Info

File name

SwitchMouse_2016.zip

Full analysis
https://app.any.run/tasks/289abc7c-2d48-44dd-b2e8-e4dd63bc9943
Verdict
Malicious activity
Analysis date
8/13/2019, 18:24:20
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

38239d670945d0cfbddc1784ddf4f3ef

SHA1

424afbd0554e525b0f03f00b79c11588d705e89d

SHA256

1898a11142c4c124e4fbb1c70d674c4d9cc4a8ee48cb9abdfee816f8d5505f85

SSDEEP

98304:Sfi1UkEBa7RN/e5pRB+YYursw6ONPWQhM83D0GBn/6bOh44S:Pnfl9e5pRwYYursZenz0M/Jyp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • SM2016setup.exe (PID: 2488)
  • SM2016setup.exe (PID: 3424)
  • irsetup.exe (PID: 3712)
  • UsbGlcsSrv.exe (PID: 2348)
  • DRIVERINSTALL.exe (PID: 3420)
  • UsbGlcsSrv.exe (PID: 3960)
  • UsbGlcsSrv.exe (PID: 2224)
Changes the autorun value in the registry
  • irsetup.exe (PID: 3712)
Creates files in the Windows directory
  • irsetup.exe (PID: 3712)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 2740)
  • SM2016setup.exe (PID: 3424)
  • irsetup.exe (PID: 3712)
  • DRIVERINSTALL.exe (PID: 3420)
Creates a software uninstall entry
  • irsetup.exe (PID: 3712)
Executed as Windows Service
  • UsbGlcsSrv.exe (PID: 3960)
Creates files in the user directory
  • irsetup.exe (PID: 3712)
Creates files in the program directory
  • irsetup.exe (PID: 3712)
  • DRIVERINSTALL.exe (PID: 3420)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
null
ZipCompression:
Deflated
ZipModifyDate:
2016:07:25 10:58:15
ZipCRC:
0xa8256bc1
ZipCompressedSize:
4951437
ZipUncompressedSize:
5013886
ZipFileName:
SwitchMouse_2016/SM2016setup.exe

Screenshots

Processes

Total processes
44
Monitored processes
8
Malicious processes
3
Suspicious processes
2

Behavior graph

+
drop and start drop and start start drop and start drop and start drop and start drop and start winrar.exe sm2016setup.exe no specs sm2016setup.exe irsetup.exe driverinstall.exe usbglcssrv.exe no specs usbglcssrv.exe no specs usbglcssrv.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2740
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SwitchMouse_2016.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\temp\rar$exa2740.49871\switchmouse_2016\sm2016setup.exe

PID
2488
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXa2740.49871\SwitchMouse_2016\SM2016setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXa2740.49871\SwitchMouse_2016\SM2016setup.exe
Indicators
No indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Setup Application
Version
8.2.1.0
Modules
Image
c:\users\admin\appdata\local\temp\rar$exa2740.49871\switchmouse_2016\sm2016setup.exe
c:\systemroot\system32\ntdll.dll

PID
3424
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXa2740.49871\SwitchMouse_2016\SM2016setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXa2740.49871\SwitchMouse_2016\SM2016setup.exe
Indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup Application
Version
8.2.1.0
Modules
Image
c:\users\admin\appdata\local\temp\rar$exa2740.49871\switchmouse_2016\sm2016setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\irsetup.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
3712
CMD
"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:662050 "__IRAFN:C:\Users\admin\AppData\Local\Temp\Rar$EXa2740.49871\SwitchMouse_2016\SM2016setup.exe" "__IRCT:1" "__IRTSS:0" "__IRSID:S-1-5-21-1302019708-1500728564-335382590-1000"
Path
C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Indicators
Parent process
SM2016setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Indigo Rose Corporation
Description
Setup Application
Version
8.2.1.0
Modules
Image
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\irsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oledlg.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\users\admin\appdata\local\temp\rar$exa2740.49871\switchmouse_2016\sm2016setup.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\switch mouse driver\uninstall.exe
c:\windows\system32\psapi.dll
c:\windows\system32\apphelp.dll
c:\program files\switchmousesupportfiles\driverinstall.exe
c:\program files\switch mouse driver\usbglcssrv.exe
c:\program files\switch mouse driver\switchmouseconfig.exe

PID
3420
CMD
"C:\Program Files\SwitchMouseSupportFiles\DRIVERINSTALL.exe"
Path
C:\Program Files\SwitchMouseSupportFiles\DRIVERINSTALL.exe
Indicators
Parent process
irsetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\switchmousesupportfiles\driverinstall.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
2224
CMD
"C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe" /install /silent
Path
C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe
Indicators
No indicators
Parent process
irsetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\switch mouse driver\usbglcssrv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\hid.dll

PID
2348
CMD
"C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe" /start
Path
C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe
Indicators
No indicators
Parent process
irsetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\switch mouse driver\usbglcssrv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\hid.dll

PID
3960
CMD
"C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe"
Path
C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Description
Version
Modules
Image
c:\program files\switch mouse driver\usbglcssrv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\hid.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

Registry activity

Total events
950
Read events
917
Write events
33
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2740
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2740
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2740
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2740
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\SwitchMouse_2016.zip
2740
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2740
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2740
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2740
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2740
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2740
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3424
SM2016setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3424
SM2016setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch Mouse Driver2.0
DisplayName
Switch Mouse Driver
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch Mouse Driver2.0
NoModify
1
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch Mouse Driver2.0
NoRepair
1
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch Mouse Driver2.0
UninstallString
"C:\Windows\Switch Mouse Driver\uninstall.exe" "/U:C:\Program Files\SwitchMouseSupportFiles\Uninstall\uninstall.xml"
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch Mouse Driver2.0
Publisher
HumanScale
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch Mouse Driver2.0
URLInfoAbout
http://www.Humanscale.com
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch Mouse Driver2.0
HelpLink
http://www.Humanscale.com
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch Mouse Driver2.0
Contact
HumanScale support
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch Mouse Driver2.0
DisplayVersion
2.0
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch Mouse Driver2.0
InstallLocation
C:\Program Files\SwitchMouseSupportFiles
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Switch Mouse Driver2.0
DisplayIcon
"C:\Windows\Switch Mouse Driver\uninstall.exe"
3712
irsetup.exe
write
HKEY_CURRENT_USER\Software\Switch Mouse Config
MouseKey0
0
3712
irsetup.exe
write
HKEY_CURRENT_USER\Software\Switch Mouse Config
MouseKey1
10
3712
irsetup.exe
write
HKEY_CURRENT_USER\Software\Switch Mouse Config
MouseKey2
11
3712
irsetup.exe
write
HKEY_CURRENT_USER\Software\Switch Mouse Config
Mousekey3
3
3712
irsetup.exe
write
HKEY_CURRENT_USER\Software\Switch Mouse Config
Mousekey4
1
3712
irsetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SWitchMouse
"C:\Program Files\Switch Mouse Driver\SwitchMouseMonitor.exe"

Files activity

Executable files
35
Suspicious files
6
Text files
20
Unknown types
6

Dropped files

PID
Process
Filename
Type
2740
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXa2740.49871\SwitchMouse_2016\SM2016setup.exe
executable
MD5: 2ec35fb183dff844ab110163c47ea0b6
SHA256: 0aaf3df86bd968c9c7032d4607a058204de439816d3b7a0f9168e0e390a36ef9
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX64\DIFxAPI.dll
executable
MD5: 7a720d90e26ad24a8878c40fc3531e70
SHA256: 89add92a05e486be69c9c309c4bbf12d06ff9e79e6239b5d9931a63ec6b1f682
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\SwitchMouseConfig.exe
executable
MD5: 668adb0111f04e5994fc9b72c9e42b0f
SHA256: 2f9da8a2aca639a3556b681c01d4bc9ec89a6538440e496fc0ab2d7321668c7c
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX64\devcon.exe
executable
MD5: 163dd046b55d1ebacbffb631875397f1
SHA256: b2d703ab7263f80876aebd8ab17d144a0631d8599ca3e3d9fac26200045d958b
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\SwitchMouseMonitor.exe
executable
MD5: 1cd7f01673f6e33161770abc38a3a5be
SHA256: ee504002b79b50e3df1eaba99acb2cdd8976197772a10eedb691336a658be6db
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\SwitchMouseMonitor.exe
executable
MD5: 1cd7f01673f6e33161770abc38a3a5be
SHA256: ee504002b79b50e3df1eaba99acb2cdd8976197772a10eedb691336a658be6db
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\SwitchMouseConfig.exe
executable
MD5: 668adb0111f04e5994fc9b72c9e42b0f
SHA256: 2f9da8a2aca639a3556b681c01d4bc9ec89a6538440e496fc0ab2d7321668c7c
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX64\DIFxAPI.dll
executable
MD5: 7a720d90e26ad24a8878c40fc3531e70
SHA256: 89add92a05e486be69c9c309c4bbf12d06ff9e79e6239b5d9931a63ec6b1f682
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\uihook.dll
executable
MD5: 077404d3ee796cec707b164bb6142dd3
SHA256: 94a224669f485999c0edb02125fb6971ffd7e46471934965ed68d188f172cf5b
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX86\DIFxAPI.dll
executable
MD5: c223208d5fe0684853e24f22c380fe20
SHA256: 10688a8f3dcda57edc5e1eb86fc8cb0a689d7fd8d2e14736a0edf73b5d124e78
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DRIVERUNINSTALL.exe
executable
MD5: 90e1a57e2af5bcef495830ddd79b9de8
SHA256: 6abbc43407f999a8cd4f7698a73e093243d2a4bedb7cf7cb69d68786ac86ac5b
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX64\DIFxCmd.exe
executable
MD5: 50e054487573e93d58692ef33c3aa9f2
SHA256: b5f7d55dc5768f8a8fb82ac09a5d4ddd19088678a82f5015d60c1a667fda9d54
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX86\DIFxCmd.exe
executable
MD5: 8ddade4b5659268489886a841856295e
SHA256: 427b0b6b1826d12d5736142099fc4a5ce73cc8ea2851b9657d7855cb7bcfc782
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\GdiPlus.dll
executable
MD5: f2b1b01d07e3548588934c38c3ce7d30
SHA256: c22d953bab01bf0b7fbd4dd5333d289873b744b46632eb9c5040b8c5cf181f89
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DRIVERINSTALL.exe
executable
MD5: 6fd30ef07c69f29e3cf88e5307e0daf0
SHA256: fe3ffae8899c44632cfcea619b48de2202d79c124e16dc0f621185af26673c0d
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX64\dpinst.exe
executable
MD5: b08d208671af9a4cc62867f3dacf31b1
SHA256: 33e17be9399be0f90d18f45950f72a5b531e39a1c1af85cb78bb68444c0ae2d3
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\GdiPlus.dll
executable
MD5: f2b1b01d07e3548588934c38c3ce7d30
SHA256: c22d953bab01bf0b7fbd4dd5333d289873b744b46632eb9c5040b8c5cf181f89
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX64\DIFxCmd.exe
executable
MD5: 50e054487573e93d58692ef33c3aa9f2
SHA256: b5f7d55dc5768f8a8fb82ac09a5d4ddd19088678a82f5015d60c1a667fda9d54
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe
executable
MD5: ad47ea516ce0d0289d350964ed2c8d4d
SHA256: 8507c7d942eb66b3dd606ff16ddc8147a32ee52e0b8a59405b7e67a90dc94106
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX64\devcon.exe
executable
MD5: 163dd046b55d1ebacbffb631875397f1
SHA256: b2d703ab7263f80876aebd8ab17d144a0631d8599ca3e3d9fac26200045d958b
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX64\dpinst.exe
executable
MD5: b08d208671af9a4cc62867f3dacf31b1
SHA256: 33e17be9399be0f90d18f45950f72a5b531e39a1c1af85cb78bb68444c0ae2d3
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX64\usbglcs1160101.sys
executable
MD5: cb5ef8ea3023432b72146a4ed90fcfca
SHA256: e40fa769aa7645388e17a671856c515e7805802ff141d91176f22e008a2b5cd8
3712
irsetup.exe
C:\Windows\Switch Mouse Driver\uninstall.exe
executable
MD5: 3fe7c92dba5c9240b4ab0d6a87e6166a
SHA256: a7818c1e0dad1cbba4d17809688887adeeafe940a3cb53a6aeabdfcd196f7258
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX86\devcon.exe
executable
MD5: 519b5d9dfdb9d11ad7656f1443611fa1
SHA256: f281bb547c537807499e28f98db36add503e9e3ec5fae2ee66c9b42acd092716
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX86\usbglcs1160101.sys
executable
MD5: fa7f31c513aba2874ce22e7e29cc16f2
SHA256: 9d10b4edabe1d4d5de1de6ef0aaa863362f1c42c826a5f8ed000a84a2918877d
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX86\usbglcs1160101.sys
executable
MD5: fa7f31c513aba2874ce22e7e29cc16f2
SHA256: 9d10b4edabe1d4d5de1de6ef0aaa863362f1c42c826a5f8ed000a84a2918877d
3424
SM2016setup.exe
C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
executable
MD5: 3fe7c92dba5c9240b4ab0d6a87e6166a
SHA256: a7818c1e0dad1cbba4d17809688887adeeafe940a3cb53a6aeabdfcd196f7258
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX86\DIFxCmd.exe
executable
MD5: 8ddade4b5659268489886a841856295e
SHA256: 427b0b6b1826d12d5736142099fc4a5ce73cc8ea2851b9657d7855cb7bcfc782
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\uihook.dll
executable
MD5: 077404d3ee796cec707b164bb6142dd3
SHA256: 94a224669f485999c0edb02125fb6971ffd7e46471934965ed68d188f172cf5b
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX86\dpinst.exe
executable
MD5: b871cf4997106d05b067e7877ab38091
SHA256: 51cee9c9cf783f19a60a4ec7a91e5dde8fa267e13ee55ee94aec7524045e6cd6
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX86\DIFxAPI.dll
executable
MD5: c223208d5fe0684853e24f22c380fe20
SHA256: 10688a8f3dcda57edc5e1eb86fc8cb0a689d7fd8d2e14736a0edf73b5d124e78
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\UsbGlcsSrv.exe
executable
MD5: ad47ea516ce0d0289d350964ed2c8d4d
SHA256: 8507c7d942eb66b3dd606ff16ddc8147a32ee52e0b8a59405b7e67a90dc94106
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX86\dpinst.exe
executable
MD5: b871cf4997106d05b067e7877ab38091
SHA256: 51cee9c9cf783f19a60a4ec7a91e5dde8fa267e13ee55ee94aec7524045e6cd6
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX86\devcon.exe
executable
MD5: 519b5d9dfdb9d11ad7656f1443611fa1
SHA256: f281bb547c537807499e28f98db36add503e9e3ec5fae2ee66c9b42acd092716
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX64\usbglcs1160101.sys
executable
MD5: cb5ef8ea3023432b72146a4ed90fcfca
SHA256: e40fa769aa7645388e17a671856c515e7805802ff141d91176f22e008a2b5cd8
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\Uninstall\uninstall.xml
xml
MD5: 65c9870f659f3cba300a9c62981535af
SHA256: 92b73cc9c3bebea0133d8d2613d9ac27c3af65c1756f360f108e0780b31c0a69
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX86\usbglcs1160101.cat
cat
MD5: cfe5e7f532870cabda5cf865dfcc6a7a
SHA256: f9a2e8c72fe18e50ad40e8344705ec40610b7b283f1160f736a43fed44fd357d
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX64\usbglcs1160101.cat
cat
MD5: 67bc6ab8b6d59b6ef93c4aca85864433
SHA256: a1870af1dde51b38f17914d6bc20c2165cffb9a8b66684b59107e5f15b0deb4f
3712
irsetup.exe
C:\Windows\Switch Mouse Driver Setup Log.txt
text
MD5: 4a017d74257b0f939f321e510fea14d7
SHA256: 9ead1d295555158dceb070e0bca853b87b4e04f44ddb12b03851a1ae71abd3fb
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\uninstall.cmd
text
MD5: 790a75848eb07319b350973ac0ecb001
SHA256: cfe073204bda971c7d6f008ceacfc9763e8de57ba3ce2e7a3b4c4a1af75672ac
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\installcmd.cmd
text
MD5: 6b612b61460b393fbed0397efbe6fd0f
SHA256: 6e458b3b76619357814bce3e1a142bd920e3c5b368bff8527cdf230695c12c3d
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX86\usbglcs.inf
binary
MD5: f36a4bd2af26305fb6a29e007892fa70
SHA256: 3d07ff32cdf35f0b70f8a310bc590d2ff80eb282898c8de81601f420c1f997ad
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\Uninstall\uninstall.xml
xml
MD5: 23468cb5c7f31253c3de0de36774259d
SHA256: 53e049c834d34c32faa56787c4b6d50010526132d1e78ea1b4fd264e191d716b
3712
irsetup.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Switch Mouse Driver\Uninstall Switch Mouse Driver.lnk
lnk
MD5: 803a98be10f77a488b96c44c3b93aff1
SHA256: 6c592a682f73917b772a32445a1f10bb4a5060a1fc8bc56baa92f2ca33663603
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\Uninstall\uninstall.xml
xml
MD5: 8479ca55d3a412a66f0aed22cd8bdea7
SHA256: fa9f423d3b2ededd5aac6b641bf52456e7243b2b19851e83eeaf813c780bf7ba
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX64\usbglcs.inf
binary
MD5: f36a4bd2af26305fb6a29e007892fa70
SHA256: 3d07ff32cdf35f0b70f8a310bc590d2ff80eb282898c8de81601f420c1f997ad
3420
DRIVERINSTALL.exe
C:\Program Files\SwitchMouseSupportFiles\setuplog.log
text
MD5: ec55af847ba10000fdc0f7e57e5a79ba
SHA256: 41dd101c291316217aa1a856d49d50cc8937982583666d8e1c9e63a1302e48fc
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX64\usbglcs.inf
binary
MD5: f36a4bd2af26305fb6a29e007892fa70
SHA256: 3d07ff32cdf35f0b70f8a310bc590d2ff80eb282898c8de81601f420c1f997ad
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX64\usbglcs1160101.cat
cat
MD5: 67bc6ab8b6d59b6ef93c4aca85864433
SHA256: a1870af1dde51b38f17914d6bc20c2165cffb9a8b66684b59107e5f15b0deb4f
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\DRIVERX86\usbglcs.inf
binary
MD5: f36a4bd2af26305fb6a29e007892fa70
SHA256: 3d07ff32cdf35f0b70f8a310bc590d2ff80eb282898c8de81601f420c1f997ad
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX86\usbglcs1160101.cat
cat
MD5: cfe5e7f532870cabda5cf865dfcc6a7a
SHA256: f9a2e8c72fe18e50ad40e8344705ec40610b7b283f1160f736a43fed44fd357d
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\test.ini
text
MD5: 19d23eaea8bc69c0a5142b034f4b416f
SHA256: bb0d7241e6fd2844b10ed264e9b374e9b8db7baadee98284a2c73895b4230150
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\installcmd.cmd
text
MD5: 6b612b61460b393fbed0397efbe6fd0f
SHA256: 6e458b3b76619357814bce3e1a142bd920e3c5b368bff8527cdf230695c12c3d
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\test.ini
text
MD5: 19d23eaea8bc69c0a5142b034f4b416f
SHA256: bb0d7241e6fd2844b10ed264e9b374e9b8db7baadee98284a2c73895b4230150
3420
DRIVERINSTALL.exe
C:\Program Files\Switch Mouse Driver\uninstall.cmd
text
MD5: 790a75848eb07319b350973ac0ecb001
SHA256: cfe073204bda971c7d6f008ceacfc9763e8de57ba3ce2e7a3b4c4a1af75672ac
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\config.ini
text
MD5: e55f9378bbf905cf2f700bc26e475caf
SHA256: c0ac420fae36a3d8a96054ac91f77ed8b2bc199aaee09af6eaae171e87b8cf18
3420
DRIVERINSTALL.exe
C:\Program Files\SwitchMouseSupportFiles\setuplog.log
text
MD5: c56aa7f6799a1b7391eb08ce43263e3a
SHA256: 608e9c63b3da7b71ff169ddeb1382eec2e5134077795e717280d220f0ad7debe
3712
irsetup.exe
C:\Program Files\Switch Mouse Driver\config.ini
text
MD5: e55f9378bbf905cf2f700bc26e475caf
SHA256: c0ac420fae36a3d8a96054ac91f77ed8b2bc199aaee09af6eaae171e87b8cf18
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\Uninstall\uninstall.xml
xml
MD5: bf126a4c7bde1ccd3f1680fcd11482c5
SHA256: dbf592ee33f062f3523dda84d05a355694b620dafb140ab5bd6500d91add8f30
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\Uninstall\uninstall.dat
binary
MD5: 9096991587d8b3d7952383f74c76184c
SHA256: 0640fe69d48edf9d4b10a963d3d92135dcb5ebe6f793679f41436e2e5fc82311
3712
irsetup.exe
C:\Program Files\SwitchMouseSupportFiles\Uninstall\uni2510.tmp
––
MD5:  ––
SHA256:  ––
3712
irsetup.exe
C:\Windows\Switch Mouse Driver Setup Log.txt
text
MD5: 6dafbc3d6f5e00ef05c44637aaad47cc
SHA256: 7ca37c492f0b8fbbb7cfd1adb5e5d332aee7775779b6fa8c20a900288c36e369
3712
irsetup.exe
C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat
––
MD5:  ––
SHA256:  ––
3712
irsetup.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Switch Mouse Driver\Switch Mouse Driver.lnk
lnk
MD5: ab1f44cddf7dec93b36470e18a5f4cd2
SHA256: 43f2e32041b579b2322f0eb8540a9856f5addfb778b2c4e6a16f5b7b6d1f73d5
3712
irsetup.exe
C:\Windows\Switch Mouse Driver Setup Log.txt
text
MD5: c57c1e14279e2578927c38543ea5cba8
SHA256: 169c95e0bd8342d3bed88c18ae52fcb68412d044edbd2fe39ecc081c4412d304

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.