Overview

overview

9

Static

static

1

Windows 10...ed.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    210s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-10-2022 06:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Windows 10 Rounded.exe

  • Size

    2.4MB

  • MD5

    11ff322997d98d02afe198c20b613ff3

  • SHA1

    48e70395f187454bddc01484a6cbcf1c5f1753fc

  • SHA256

    9482be3fcb23242751dfc68c1f239c92de3999618ca2d3ae0d7c9f5f596876f4

  • SHA512

    11cc64b00f741b44c73c835e6da3c103d4a690e1c6c009cd020967e870967f31bd2ad8851f4e0d2a2c6e964558665e84d33839f82db2e178053d7ffb5b191ee4

  • SSDEEP

    49152:DXNPtf+dAGSXAZGxgF3Nr13EfePGBT5OHTdg5K6EnCN11Y:DPxD5g1p9keGLc+SH

Score
9/10
adwarediscoveryexploitpersistenceransomwarestealerupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 4 IoCs
  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Possible privilege escalation attempt 8 IoCs
    exploit
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 39 IoCs
  • Modifies file permissions 1 TTPs 8 IoCs
    discovery
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 9 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 48 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Control Panel 58 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Windows 10 Rounded.exe
    "C:\Users\Admin\AppData\Local\Temp\Windows 10 Rounded.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3548
    • C:\Users\Admin\AppData\Local\Temp\nsb984F.tmp\UXTheme.exe
      "C:\Users\Admin\AppData\Local\Temp\nsb984F.tmp\UXTheme.exe" /S
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1460
      • C:\Windows\system32\takeown.exe
        "C:\Windows\system32\takeown.exe" /f "C:\Windows\system32\themeui.dll"
        3⤵
        • Possible privilege escalation attempt
        • Modifies file permissions
        • Suspicious use of AdjustPrivilegeToken
        PID:936
      • C:\Windows\system32\icacls.exe
        "C:\Windows\system32\icacls.exe" "C:\Windows\system32\themeui.dll" /grant Admin:(d,wdac)
        3⤵
        • Possible privilege escalation attempt
        • Modifies file permissions
        PID:1656
      • C:\Windows\system32\takeown.exe
        "C:\Windows\system32\takeown.exe" /f "C:\Windows\system32\uxinit.dll"
        3⤵
        • Possible privilege escalation attempt
        • Modifies file permissions
        • Suspicious use of AdjustPrivilegeToken
        PID:308
      • C:\Windows\system32\icacls.exe
        "C:\Windows\system32\icacls.exe" "C:\Windows\system32\uxinit.dll" /grant Admin:(d,wdac)
        3⤵
        • Possible privilege escalation attempt
        • Modifies file permissions
        PID:1592
    • C:\SkinPack\RD.exe
      "C:\SkinPack\RD.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\System32\regsvr32.exe" /s C:\skinpack\OldNewExplorer32.dll
        3⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies registry class
        PID:4320
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\System32\regsvr32.exe" /s C:\skinpack\OldNewExplorer64.dll
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1884
        • C:\Windows\system32\regsvr32.exe
          /s C:\skinpack\OldNewExplorer64.dll
          4⤵
          • Registers COM server for autorun
          • Loads dropped DLL
          • Installs/modifies Browser Helper Object
          • Modifies registry class
          PID:664
    • C:\SkinPack\ric.exe
      "C:\SkinPack\ric.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ric.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2700
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /f /im explorer.exe
          4⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4844
        • C:\Windows\SysWOW64\takeown.exe
          takeown /f ""C:\Users\Admin\AppData\Local\IconCache.db""
          4⤵
          • Possible privilege escalation attempt
          • Modifies file permissions
          PID:4900
        • C:\Windows\SysWOW64\icacls.exe
          icacls ""C:\Users\Admin\AppData\Local\IconCache.db"" /grant administrators:F /t
          4⤵
          • Possible privilege escalation attempt
          • Modifies file permissions
          PID:2932
        • C:\Windows\SysWOW64\takeown.exe
          takeown /f "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer" /r /d y
          4⤵
          • Possible privilege escalation attempt
          • Modifies file permissions
          PID:3804
        • C:\Windows\SysWOW64\icacls.exe
          icacls "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer" /grant administrators:F /t
          4⤵
          • Possible privilege escalation attempt
          • Modifies file permissions
          PID:3700
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          4⤵
          • Modifies Installed Components in the registry
          • Loads dropped DLL
          • Enumerates connected drives
          • Sets desktop wallpaper using registry
          • Checks SCSI registry key(s)
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:1060
          • C:\Windows\system32\taskmgr.exe
            "C:\Windows\system32\taskmgr.exe" /4
            5⤵
            • Checks SCSI registry key(s)
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of SendNotifyMessage
            PID:5688
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:3788
    • C:\SkinPack\theme.exe
      "C:\SkinPack\theme.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3404
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\themecpl.dll,OpenThemeAction C:\Windows\Resources\Themes\win11.theme
        3⤵
        • Loads dropped DLL
        • Modifies Control Panel
        PID:1872
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://skinpacks.com/install-completed/
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of WriteProcessMemory
      PID:3544
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x78,0x84,0x7c,0x74,0x80,0x7ffbfef846f8,0x7ffbfef84708,0x7ffbfef84718
        3⤵
          PID:3980
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17073565775723869612,13924942426652623342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
          3⤵
            PID:2980
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17073565775723869612,13924942426652623342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4588
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17073565775723869612,13924942426652623342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
            3⤵
              PID:3264
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17073565775723869612,13924942426652623342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
              3⤵
                PID:3960
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17073565775723869612,13924942426652623342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
                3⤵
                  PID:1564
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,17073565775723869612,13924942426652623342,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 /prefetch:8
                  3⤵
                    PID:5160
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17073565775723869612,13924942426652623342,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
                    3⤵
                      PID:5280
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17073565775723869612,13924942426652623342,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
                      3⤵
                        PID:5352
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17073565775723869612,13924942426652623342,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                        3⤵
                          PID:5428
                    • C:\Windows\system32\vssvc.exe
                      C:\Windows\system32\vssvc.exe
                      1⤵
                      • Checks SCSI registry key(s)
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3992
                    • C:\Windows\system32\srtasks.exe
                      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
                      1⤵
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1792
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                      • Suspicious use of SetWindowsHookEx
                      PID:2216
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                      • Enumerates system info in registry
                      • Modifies registry class
                      • Suspicious use of SetWindowsHookEx
                      PID:796
                    • C:\Windows\System32\rundll32.exe
                      rundll32.exe uxtheme.dll,#64 C:\Windows\resources\themes\Aero\Aero.msstyles?NormalColor?NormalSize
                      1⤵
                        PID:3036
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:820

                        Network

                        MITRE ATT&CK Matrix ATT&CK v6

                        Initial Access

                        Execution

                        Persistence

                        Registry Run Keys / Startup Folder

                        3
                        T1060

                        Browser Extensions

                        1
                        T1176

                        Privilege Escalation

                        Defense Evasion

                        Modify Registry

                        5
                        T1112

                        File Permissions Modification

                        1
                        T1222

                        Credential Access

                        Discovery

                        Query Registry

                        6
                        T1012

                        System Information Discovery

                        6
                        T1082

                        Peripheral Device Discovery

                        2
                        T1120

                        Lateral Movement

                        Collection

                        Exfiltration

                        Command and Control

                        Impact

                        Defacement

                        1
                        T1491

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\SkinPack\OldNewExplorer32.dll
                          Filesize

                          249KB

                          MD5

                          a72e302c3f4e4dc8eaa365592aef97c8

                          SHA1

                          83000d226d885e71ba3cfa4603c26768c6ec03c7

                          SHA256

                          76f3780b3a124f17dbaa369fb8ff54fe6d69f9297795af0cee720a7de213a92a

                          SHA512

                          2d0dd7b4f28da1ce6074361c5ff34b93183b6e81ba5d092e44e8f22726cc85cdfe0d8c01ceaf6a8bb37f72dcc7bb60e869172ec18b9dcf0607e5ed6389bd3848

                          Download Submit
                        • C:\SkinPack\OldNewExplorer32.dll
                          Filesize

                          249KB

                          MD5

                          a72e302c3f4e4dc8eaa365592aef97c8

                          SHA1

                          83000d226d885e71ba3cfa4603c26768c6ec03c7

                          SHA256

                          76f3780b3a124f17dbaa369fb8ff54fe6d69f9297795af0cee720a7de213a92a

                          SHA512

                          2d0dd7b4f28da1ce6074361c5ff34b93183b6e81ba5d092e44e8f22726cc85cdfe0d8c01ceaf6a8bb37f72dcc7bb60e869172ec18b9dcf0607e5ed6389bd3848

                          Download Submit
                        • C:\SkinPack\OldNewExplorer32.dll
                          Filesize

                          249KB

                          MD5

                          a72e302c3f4e4dc8eaa365592aef97c8

                          SHA1

                          83000d226d885e71ba3cfa4603c26768c6ec03c7

                          SHA256

                          76f3780b3a124f17dbaa369fb8ff54fe6d69f9297795af0cee720a7de213a92a

                          SHA512

                          2d0dd7b4f28da1ce6074361c5ff34b93183b6e81ba5d092e44e8f22726cc85cdfe0d8c01ceaf6a8bb37f72dcc7bb60e869172ec18b9dcf0607e5ed6389bd3848

                          Download Submit
                        • C:\SkinPack\OldNewExplorer32.dll
                          Filesize

                          249KB

                          MD5

                          a72e302c3f4e4dc8eaa365592aef97c8

                          SHA1

                          83000d226d885e71ba3cfa4603c26768c6ec03c7

                          SHA256

                          76f3780b3a124f17dbaa369fb8ff54fe6d69f9297795af0cee720a7de213a92a

                          SHA512

                          2d0dd7b4f28da1ce6074361c5ff34b93183b6e81ba5d092e44e8f22726cc85cdfe0d8c01ceaf6a8bb37f72dcc7bb60e869172ec18b9dcf0607e5ed6389bd3848

                          Download Submit
                        • C:\SkinPack\OldNewExplorer32.dll
                          Filesize

                          249KB

                          MD5

                          a72e302c3f4e4dc8eaa365592aef97c8

                          SHA1

                          83000d226d885e71ba3cfa4603c26768c6ec03c7

                          SHA256

                          76f3780b3a124f17dbaa369fb8ff54fe6d69f9297795af0cee720a7de213a92a

                          SHA512

                          2d0dd7b4f28da1ce6074361c5ff34b93183b6e81ba5d092e44e8f22726cc85cdfe0d8c01ceaf6a8bb37f72dcc7bb60e869172ec18b9dcf0607e5ed6389bd3848

                          Download Submit
                        • C:\SkinPack\OldNewExplorer64.dll
                          Filesize

                          255KB

                          MD5

                          fcf194e3b9101064939a000075149f29

                          SHA1

                          7a3767dabba5368da9092ea17b0dcbdd23b23bfb

                          SHA256

                          21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

                          SHA512

                          e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

                          Download Submit
                        • C:\SkinPack\OldNewExplorer64.dll
                          Filesize

                          255KB

                          MD5

                          fcf194e3b9101064939a000075149f29

                          SHA1

                          7a3767dabba5368da9092ea17b0dcbdd23b23bfb

                          SHA256

                          21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

                          SHA512

                          e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

                          Download Submit
                        • C:\SkinPack\OldNewExplorer64.dll
                          Filesize

                          255KB

                          MD5

                          fcf194e3b9101064939a000075149f29

                          SHA1

                          7a3767dabba5368da9092ea17b0dcbdd23b23bfb

                          SHA256

                          21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

                          SHA512

                          e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

                          Download Submit
                        • C:\SkinPack\OldNewExplorer64.dll
                          Filesize

                          255KB

                          MD5

                          fcf194e3b9101064939a000075149f29

                          SHA1

                          7a3767dabba5368da9092ea17b0dcbdd23b23bfb

                          SHA256

                          21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

                          SHA512

                          e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

                          Download Submit
                        • C:\SkinPack\OldNewExplorer64.dll
                          Filesize

                          255KB

                          MD5

                          fcf194e3b9101064939a000075149f29

                          SHA1

                          7a3767dabba5368da9092ea17b0dcbdd23b23bfb

                          SHA256

                          21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

                          SHA512

                          e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

                          Download Submit
                        • C:\SkinPack\RD.exe
                          Filesize

                          458KB

                          MD5

                          070b21f16a8ceb711175f88282d6a8d9

                          SHA1

                          09450d2262d72caeed79d8f032c45e234c943e96

                          SHA256

                          f718d68bde68ef3d869ca6a381d68c0211ea05f42d6008467d6c8089503207a3

                          SHA512

                          e86446194bd9b35dabfee16ace8f659ee1066ee067aa2e87f1dce1a8a62d23c097e332fef5cde3ae07c9f494444849b601e69862507e60160deaf901aed2ed44

                          Download Submit
                        • C:\SkinPack\rd.exe
                          Filesize

                          458KB

                          MD5

                          070b21f16a8ceb711175f88282d6a8d9

                          SHA1

                          09450d2262d72caeed79d8f032c45e234c943e96

                          SHA256

                          f718d68bde68ef3d869ca6a381d68c0211ea05f42d6008467d6c8089503207a3

                          SHA512

                          e86446194bd9b35dabfee16ace8f659ee1066ee067aa2e87f1dce1a8a62d23c097e332fef5cde3ae07c9f494444849b601e69862507e60160deaf901aed2ed44

                          Download Submit
                        • C:\SkinPack\ric.exe
                          Filesize

                          185KB

                          MD5

                          865fee81ba24570833e6bdf36872fb5a

                          SHA1

                          30be1b8be25c9d3640c212cedfd7ec38e1a512f3

                          SHA256

                          6468653a01d17bd925174a17991b159b8b36640a636d0abd412131bc552c5508

                          SHA512

                          f9029bf0de97ecde880afc63e20960adbcb7ebde8f4dab7218b9a381883ba981d934872efb38ed8f0be03ab4c781cdfd0d628cf34c5f4bed12d7afdae29fe4d2

                          Download Submit
                        • C:\SkinPack\ric.exe
                          Filesize

                          185KB

                          MD5

                          865fee81ba24570833e6bdf36872fb5a

                          SHA1

                          30be1b8be25c9d3640c212cedfd7ec38e1a512f3

                          SHA256

                          6468653a01d17bd925174a17991b159b8b36640a636d0abd412131bc552c5508

                          SHA512

                          f9029bf0de97ecde880afc63e20960adbcb7ebde8f4dab7218b9a381883ba981d934872efb38ed8f0be03ab4c781cdfd0d628cf34c5f4bed12d7afdae29fe4d2

                          Download Submit
                        • C:\SkinPack\theme.exe
                          Filesize

                          250KB

                          MD5

                          709f8624f01ba7117b4c67a0f011d149

                          SHA1

                          3c8ce0ad9ce24cbed692e5c81ca810bd1ebedd0b

                          SHA256

                          083b0982d03a7b38b5dfaddad8d6add0882312c5eb6089d7a7d42a79f950f708

                          SHA512

                          c47b3f4136bbec08646064365a795e98e5b9b2f34fc844381b07b27b038e0a550fe4df7b8445459f77fcf0457d3fac3b4c3a42dd50028a6e8a0a9ae93f870f89

                          Download Submit
                        • C:\SkinPack\theme.exe
                          Filesize

                          250KB

                          MD5

                          709f8624f01ba7117b4c67a0f011d149

                          SHA1

                          3c8ce0ad9ce24cbed692e5c81ca810bd1ebedd0b

                          SHA256

                          083b0982d03a7b38b5dfaddad8d6add0882312c5eb6089d7a7d42a79f950f708

                          SHA512

                          c47b3f4136bbec08646064365a795e98e5b9b2f34fc844381b07b27b038e0a550fe4df7b8445459f77fcf0457d3fac3b4c3a42dd50028a6e8a0a9ae93f870f89

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsb984F.tmp\Aero.dll
                          Filesize

                          6KB

                          MD5

                          243bf44688b131c3171f2827a93e39dc

                          SHA1

                          07e9c7bd16ae47953e42c06ae2606de188386f35

                          SHA256

                          04a577df50431eb0ff6fb103566402bf66c50415bcc1f8a86b9c235053131455

                          SHA512

                          a1a8c21d38c54a43d1c6c394f481dfbddcb359c617e9928ecca8f84d47354616a78d20735a1fe7bebd21626c21cf96d0e1a69e3e98f6b35f2a774cc0244f9516

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsb984F.tmp\System.dll
                          Filesize

                          11KB

                          MD5

                          fccff8cb7a1067e23fd2e2b63971a8e1

                          SHA1

                          30e2a9e137c1223a78a0f7b0bf96a1c361976d91

                          SHA256

                          6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

                          SHA512

                          f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsb984F.tmp\UXTheme.exe
                          Filesize

                          158KB

                          MD5

                          14044c6159982ac9bce2da9a354ceaaf

                          SHA1

                          790dfe5aeb3607ab7d9ea8a06eda6e35330995fb

                          SHA256

                          826186b0c1aa55646dfd2d7699a05192d78f7f0b76413a6525effa894cf83bf2

                          SHA512

                          f14bb5e6ec7232b13cc13003d66df38e2a14228bb0cd32a203c30fff11bc975913c2f60aa0e90044f064774c8f133a03cfb0332c470084597e4a6f2593d2e995

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsb984F.tmp\UXTheme.exe
                          Filesize

                          158KB

                          MD5

                          14044c6159982ac9bce2da9a354ceaaf

                          SHA1

                          790dfe5aeb3607ab7d9ea8a06eda6e35330995fb

                          SHA256

                          826186b0c1aa55646dfd2d7699a05192d78f7f0b76413a6525effa894cf83bf2

                          SHA512

                          f14bb5e6ec7232b13cc13003d66df38e2a14228bb0cd32a203c30fff11bc975913c2f60aa0e90044f064774c8f133a03cfb0332c470084597e4a6f2593d2e995

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsb984F.tmp\advsplash.dll
                          Filesize

                          5KB

                          MD5

                          176ec6dc75972ce900793396723ed374

                          SHA1

                          551f8cab48da2b2770442d10e3e18edc44760357

                          SHA256

                          f568ebb5792b5054cd871cbe128e6f409b097e79be7366d409189e0a1c1f9f83

                          SHA512

                          8ea30e09fc1db2616b4946b65a0136afce96991764693725f956a5aa1cfc871595ea2101cfbd3b3280aba803a1dd8199ba7245b5925ecb0c00e641eca1d64b5f

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsb984F.tmp\nsDialogs.dll
                          Filesize

                          9KB

                          MD5

                          1c8b2b40c642e8b5a5b3ff102796fb37

                          SHA1

                          3245f55afac50f775eb53fd6d14abb7fe523393d

                          SHA256

                          8780095aa2f49725388cddf00d79a74e85c9c4863b366f55c39c606a5fb8440c

                          SHA512

                          4ff2dc83f640933162ec8818bb1bf3b3be1183264750946a3d949d2e7068ee606277b6c840193ef2b4663952387f07f6ab12c84c4a11cae9a8de7bd4e7971c57

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsb984F.tmp\nsExec.dll
                          Filesize

                          6KB

                          MD5

                          09c2e27c626d6f33018b8a34d3d98cb6

                          SHA1

                          8d6bf50218c8f201f06ecf98ca73b74752a2e453

                          SHA256

                          114c6941a8b489416c84563e94fd266ea5cad2b518db45cd977f1f9761e00cb1

                          SHA512

                          883454bef7b6de86d53af790755ae624f756b48b23970f865558ba03a5aecfa8d15f14700e92b3c51546e738c93e53dc50b8a45f79ef3f00aa84382853440954

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\SysRestore.dll
                          Filesize

                          5KB

                          MD5

                          4310bd09fc2300b106f0437b6e995330

                          SHA1

                          c6790a68e410d4a619b9b59e7540b702a98ad661

                          SHA256

                          c686b4df9b4db50fc1ddb7be4cd50d4b1d75894288f4dc50571b79937d7c0d7e

                          SHA512

                          49e286ccd285871db74867810c9cf243e3c1522ce7b4c0d1d01bafe72552692234cf4b4d787b900e9c041b8a2c12f193b36a6a35c64ffd5deef0e1be9958b1f7

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\System.dll
                          Filesize

                          12KB

                          MD5

                          564bb0373067e1785cba7e4c24aab4bf

                          SHA1

                          7c9416a01d821b10b2eef97b80899d24014d6fc1

                          SHA256

                          7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

                          SHA512

                          22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\nsdCFAB.tmp\nsisFile.dll
                          Filesize

                          5KB

                          MD5

                          b7d0d765c151d235165823b48554e442

                          SHA1

                          fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

                          SHA256

                          a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

                          SHA512

                          5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\ric.bat
                          Filesize

                          808B

                          MD5

                          15e97d095d6e3516171f8071adf57422

                          SHA1

                          f25bce3d261351bd26380c3fbd57aeb716dbbd71

                          SHA256

                          42ed432f0b3388a0b7b1acf191f4fdea8c07a6869f7f325960848775f8310f0a

                          SHA512

                          ee8bb7a8456815112173bd147f81f13b8052d68b4481668cfcc62c263909ad87c40af48177d873f6f6ed2b902f42175c4dba599cd427ff83d62afab3d944046f

                          Download Submit
                        • C:\Windows\Cursors\win11\Alternate Select.cur
                          Filesize

                          4KB

                          MD5

                          f39bbc4b3ed4d522e80168563daa3d0e

                          SHA1

                          b74d5a0c841f57f7087511078ae82f2139594e9d

                          SHA256

                          d4b810d35b36dd9564d7ca56580812a7c595dbfd7a995ab42ee72495c6b2be83

                          SHA512

                          92813aa8114dc81627cc1d401a87c87acdf8ec89eba381793f81a21fe8f11de188a2c1a95d0380423ecd3e472c8ae5b4fcb57b94325e90fd757c1fec5e7c0def

                          Download Submit
                        • C:\Windows\Cursors\win11\Busy.ani
                          Filesize

                          88KB

                          MD5

                          1b2ce00c3393fdb634a6f72dd39e9464

                          SHA1

                          bb096b201490bfc6a80d89255162234bfa9fa6b2

                          SHA256

                          d65b05aea602279558e33d4cb413b5066d8f64857f0a375324fe26cbb7919f33

                          SHA512

                          e964e25bd2e1e1c87634fa4056cc7582c786e0f1a3afa516fb924bdd372a58a718c1e2654e7afd2949839e060de30236f483fb785787b39cdfa1502c515f6b81

                          Download Submit
                        • C:\Windows\Cursors\win11\Diagonal Resize 1.cur
                          Filesize

                          4KB

                          MD5

                          97ac94dedad718b0870c830131f1b1b6

                          SHA1

                          91bad9493ecc95f0dbc805f76caf69f7be6a512d

                          SHA256

                          355d649821e0762a5bfc9a62283cbc2517cd8581bb2eac90fb7ec8458c108580

                          SHA512

                          5922cbd6039aa8ad20d3fc7a8f02e66c9c7a651159bb1a35a532eea18b2f9484b7f8a6e2f2d6df37aa009c0a2fe57c10a7bc2ae55e01579a4b444d99d9680e42

                          Download Submit
                        • C:\Windows\Cursors\win11\Diagonal Resize 2.cur
                          Filesize

                          4KB

                          MD5

                          21ddd61f124db7beb1348d2ce01a76cc

                          SHA1

                          c6bd6df38384d215e065b28e9f5c3f7dd6f0699a

                          SHA256

                          b012ad8185ff1b59fb1a369a14eb07e5d7bd3a0ac338db91bf0c3bbb0d89e348

                          SHA512

                          15efea80c9daf35ac8562a64e80f3b55cb94be4ba0789d335d7e8d54903757162c8ceef80be270ba8b5fdb007279977fd0c1bfbbe99e85d572076f0b32078636

                          Download Submit
                        • C:\Windows\Cursors\win11\Handwriting.cur
                          Filesize

                          4KB

                          MD5

                          65c1a0e6f95908c8abefbd30e70127f8

                          SHA1

                          7074c46b77ba7ecc980b1c3a4bfd70a5ef636fe7

                          SHA256

                          74fe2ec4670a13c1fde29c64fb9cf6c23e532915edac5dcd4bc3eeb35602a754

                          SHA512

                          7138546a52d6f9779c5cc319057ad3e6eb40a9792be5453eca4cca7b8c419d84b16d1d385b8aaa51b71c6bb07dc1b3146d9c90a3a0204359325c2093e40b0bcc

                          Download Submit
                        • C:\Windows\Cursors\win11\Help Select.cur
                          Filesize

                          4KB

                          MD5

                          9b084525a560d248dd6e512be26f4b00

                          SHA1

                          9003d52d53a2dbb25380c7487e6066faf9b9d83c

                          SHA256

                          998d63f5996af6834e5240f9b44b904a53a873121f1e7f746322971007273824

                          SHA512

                          035a7b2bb067bd9a9efd31926b75737a6948fb8f27be2e52233415e1611d77b48f4587c058b5e1e108f5d86a8420f237cc1aacc65ab58c39b4922f91f20957bb

                          Download Submit
                        • C:\Windows\Cursors\win11\Horizontal Resize.cur
                          Filesize

                          4KB

                          MD5

                          aa3058f215f71fba2c3569490ad11962

                          SHA1

                          ec7934d0a54e7f8d111c9a7ea2c6ea2908c0006d

                          SHA256

                          eefac9602637c8779ba39087341546c1675ee8a2e00c92c6b5d9c072e7bcea32

                          SHA512

                          f2c29a3746ce8348dde2a84d4275c9e217d7f8a7765263d9a15b6a79da6fdce493070cd526698e024fd5487690785bf3ae82256ec2c7a76a0401dff1308acac7

                          Download Submit
                        • C:\Windows\Cursors\win11\Link Select.cur
                          Filesize

                          4KB

                          MD5

                          62440644dc2e7c3e9544b9b023a70200

                          SHA1

                          1346cf9b5bf0ad2bc69052c2d45e9c900ecdbcde

                          SHA256

                          b4c58497ab46702ecc767fe8034c35bc53664b0936b2c32140ad950445a331d3

                          SHA512

                          f0bc31b3bb4bbb626e1873d4910ac611606b0e8db76cf939a03a5a2a6b036def7252fe88e7190dfc8739a1a8ca8eea1144f5eb6443e021118a9d91824d5aa1a6

                          Download Submit
                        • C:\Windows\Cursors\win11\Move.cur
                          Filesize

                          4KB

                          MD5

                          20061f34cb3720889faf5d3da9dce418

                          SHA1

                          cddee12fa753a2a00d88f759a5c784d8e49da005

                          SHA256

                          eaa76961999078700aa75a7f96daecfdc83871091c0dc4821cbaf4a4d52f1443

                          SHA512

                          813ee67598067f1458732721f23b4251025667057ebd1d531b054ab545bd56d5aab5a3cbf33e4cfffa184b62c8230f4094abed83f32ddf4655ccc9f71bd64b0a

                          Download Submit
                        • C:\Windows\Cursors\win11\Normal Select.cur
                          Filesize

                          4KB

                          MD5

                          428f75b1a4002ad9ca4c40508b48c00b

                          SHA1

                          02c20a32ab116a6f41c395998d30e590c594e986

                          SHA256

                          024f64380d2856846800f440bf00425dcf4c9636b21864846b5d4fe4b62db087

                          SHA512

                          8939a80884e6cac3257b7acc8b04db8c0b4d8b8fa19b3001da1d0ba77e0e38e8ccfacfd6414775533a71054ca42e5ddf5d3bfc7d6d9523d22ca3b58c7d1c18ad

                          Download Submit
                        • C:\Windows\Cursors\win11\Precision Select.cur
                          Filesize

                          4KB

                          MD5

                          f7e9cdc270fdb7ae1104b3ffd9f21ab2

                          SHA1

                          bb4965830392db5d83d7da4872a7db1d3aaea45d

                          SHA256

                          d09135b6ef1438b83ed241ce2af269afaa6ac2c192f2348416043b947d2db60e

                          SHA512

                          f18a844d3b24df6cad4e6a69bc083d43b7bd190b256848f7eff1199561eb3c9732b622c6626101e3a8932abff1e29dc347aab2a2e31f09d35d369d26a3983fdf

                          Download Submit
                        • C:\Windows\Cursors\win11\Text Select.cur
                          Filesize

                          4KB

                          MD5

                          7f5447324171124c955542823165bf76

                          SHA1

                          9b4dcdf0f8d0ddf29dd122b6251df652ad6ca16f

                          SHA256

                          35e2699ccc54543a1695c5fd94f8f99e097f37d3c2535a09c4220411a822ee91

                          SHA512

                          e0f24d76fc72cc6bf10790a6dfc3dbf8491e62b197f41b47215e61fc29f4e752a898d45391c76f6b25a79f8f1627b568ddc7154d508d9f6117e0f1cf7984b33c

                          Download Submit
                        • C:\Windows\Cursors\win11\Unavailable.cur
                          Filesize

                          4KB

                          MD5

                          035f705096a5c9e1f96ecf0f65709ece

                          SHA1

                          c28683d3d766ece4a87780188f573dd1e3a74a99

                          SHA256

                          b8924fa66af797962b1784b74c2eb46fa27c2a97b5296c205ef4af81728474d8

                          SHA512

                          93baefe0f5fe055d40cb9bbabbc70000b1a6d75b7f04ae580cf863daa908a0756128215602188bee7b50ca7e9e5faddcc0956716782a519ce4fa3f9b8fea9d4d

                          Download Submit
                        • C:\Windows\Cursors\win11\Vertical Resize.cur
                          Filesize

                          4KB

                          MD5

                          ae6fbde374a52fbef2756435cace1283

                          SHA1

                          891e0728c50840d8686107fd8a1018d48f1ec5a8

                          SHA256

                          d6623e00b3ca9f8900f8e0353b845bb191bfa8d301509cef44b7bb0a88c45ae8

                          SHA512

                          2e462c7fed43b120d9bba25b445d1fe50f5c86c14fc7a3bc3314bb3a6585f5cf40d678e7064974b8ea275643746ee73d56ab7c8ebf6aa2c78510b7e61a515939

                          Download Submit
                        • C:\Windows\Cursors\win11\Working In Background.ani
                          Filesize

                          88KB

                          MD5

                          f32b8318d87b8faab23000470b62e656

                          SHA1

                          0c72413613a8cbf04d5c705949bf1a0ee60ee4ed

                          SHA256

                          3b2e335e6f7de136fb8c5decebcda73aad31ec339b3faf65264526fbb83ffb92

                          SHA512

                          b6bdedb6b9631c4867c26b1b29d568b8e09e71af8a717e416a8f33c45193f2c9c6ce381276dbefca62def8025f988faa9304040ac873c90afa73c19bae2b1abe

                          Download Submit
                        • C:\Windows\Resources\Themes\win11.theme
                          Filesize

                          2KB

                          MD5

                          a5f56f2e08098c85191104802251c8dd

                          SHA1

                          e3da2b90624c79f0d19ca0883b09875d3a2d0310

                          SHA256

                          54e02dfeb11fbf746b7ec179ca17720960b6be2f9c35cd55860045811a30c958

                          SHA512

                          3f6b48569bbdc8e7b52668751b7b83654ece21bac1da1ed475c60a8026bff97ed299b87d05a8bf52b0c6570fc13e7ef8c0487bf08bbfae5270e1bc6859f37aec

                          Download Submit
                        • C:\Windows\Resources\Themes\win11\win11.msstyles
                          Filesize

                          1.1MB

                          MD5

                          bcdd87bb20fec0bda02ed72a582cdeec

                          SHA1

                          dd68b0ae10f51419a3ccbeb5321027ce2ec3c3da

                          SHA256

                          b5291f676d7558b74080dd26aa40678d4d41f5d272b640a0a7c1eff5410f6f9f

                          SHA512

                          37c37afb4b921010539a6754a40541939b5abff9bd8c10191b9c4ebc0cc91570dcb2a983586bb379975cc187537d433d0987836911527d6d352f0ba5c555e100

                          Download Submit
                        • C:\Windows\System32\themeui.dll
                          Filesize

                          390KB

                          MD5

                          bc377febaa39552cd323cf2d46805e91

                          SHA1

                          c812c62292c62f518a9feca5c0366b22c04aa9c3

                          SHA256

                          0970d5aaab9247f5b6c63534cb29ff6e1b2b99ba0e4d96bc69eae895e67237c3

                          SHA512

                          5c5adb024d051eea9d16dc6411a1445359e5d219c3776fddefc51ea098a2d3c9db4dee22db382976e6911ec159a09bebe4f6249b36a77891d69a490cd0a8eed7

                          Download Submit
                        • C:\Windows\System32\themeui.dll
                          Filesize

                          390KB

                          MD5

                          bc377febaa39552cd323cf2d46805e91

                          SHA1

                          c812c62292c62f518a9feca5c0366b22c04aa9c3

                          SHA256

                          0970d5aaab9247f5b6c63534cb29ff6e1b2b99ba0e4d96bc69eae895e67237c3

                          SHA512

                          5c5adb024d051eea9d16dc6411a1445359e5d219c3776fddefc51ea098a2d3c9db4dee22db382976e6911ec159a09bebe4f6249b36a77891d69a490cd0a8eed7

                          Download Submit
                        • C:\Windows\system32\themeui.dll
                          Filesize

                          390KB

                          MD5

                          bc377febaa39552cd323cf2d46805e91

                          SHA1

                          c812c62292c62f518a9feca5c0366b22c04aa9c3

                          SHA256

                          0970d5aaab9247f5b6c63534cb29ff6e1b2b99ba0e4d96bc69eae895e67237c3

                          SHA512

                          5c5adb024d051eea9d16dc6411a1445359e5d219c3776fddefc51ea098a2d3c9db4dee22db382976e6911ec159a09bebe4f6249b36a77891d69a490cd0a8eed7

                          Download Submit
                        • C:\Windows\web\wallpaper\win11.jpg
                          Filesize

                          456KB

                          MD5

                          887438194820c7eff2fa55cece1a4661

                          SHA1

                          85ae1c33d53b5c9ed4ffadff930430b3fc62ca56

                          SHA256

                          3973f423d1477630840dc60d43ece2a397c722b4b4c82a6d66618a3b4edfba08

                          SHA512

                          c64773119464361d6ddbd2d23ccc61cc0e7c4523826fa7fee83801a223bab2cc1e98fb9cb8fae59bf2a5597fbc828c0b1da44afcc058bdfbf25503a4848c2dca

                          Download Submit
                        • C:\skinpack\OldNewExplorer32.dll
                          Filesize

                          249KB

                          MD5

                          a72e302c3f4e4dc8eaa365592aef97c8

                          SHA1

                          83000d226d885e71ba3cfa4603c26768c6ec03c7

                          SHA256

                          76f3780b3a124f17dbaa369fb8ff54fe6d69f9297795af0cee720a7de213a92a

                          SHA512

                          2d0dd7b4f28da1ce6074361c5ff34b93183b6e81ba5d092e44e8f22726cc85cdfe0d8c01ceaf6a8bb37f72dcc7bb60e869172ec18b9dcf0607e5ed6389bd3848

                          Download Submit
                        • C:\skinpack\OldNewExplorer64.dll
                          Filesize

                          255KB

                          MD5

                          fcf194e3b9101064939a000075149f29

                          SHA1

                          7a3767dabba5368da9092ea17b0dcbdd23b23bfb

                          SHA256

                          21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

                          SHA512

                          e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

                          Download Submit
                        • memory/308-162-0x0000000000000000-mapping.dmp
                          Download
                        • memory/664-173-0x0000000000000000-mapping.dmp
                          Download
                        • memory/796-203-0x000001458F00B000-0x000001458F00F000-memory.dmp
                          Filesize

                          16KB

                          Download
                        • memory/796-231-0x000001458F030000-0x000001458F033000-memory.dmp
                          Filesize

                          12KB

                          Download
                        • memory/796-195-0x000001458CBE0000-0x000001458CBE8000-memory.dmp
                          Filesize

                          32KB

                          Download
                        • memory/796-211-0x000001458D1D0000-0x000001458D1F0000-memory.dmp
                          Filesize

                          128KB

                          Download
                        • memory/796-210-0x000001458D190000-0x000001458D1B0000-memory.dmp
                          Filesize

                          128KB

                          Download
                        • memory/796-209-0x000001458BB70000-0x000001458BC70000-memory.dmp
                          Filesize

                          1024KB

                          Download
                        • memory/796-206-0x000001458F00B000-0x000001458F00F000-memory.dmp
                          Filesize

                          16KB

                          Download
                        • memory/796-196-0x000001458D880000-0x000001458D8A0000-memory.dmp
                          Filesize

                          128KB

                          Download
                        • memory/796-207-0x000001458F00B000-0x000001458F00F000-memory.dmp
                          Filesize

                          16KB

                          Download
                        • memory/796-205-0x000001458F00B000-0x000001458F00F000-memory.dmp
                          Filesize

                          16KB

                          Download
                        • memory/796-204-0x000001458F00B000-0x000001458F00F000-memory.dmp
                          Filesize

                          16KB

                          Download
                        • memory/796-224-0x000001458F02C000-0x000001458F030000-memory.dmp
                          Filesize

                          16KB

                          Download
                        • memory/796-226-0x000001458F02C000-0x000001458F030000-memory.dmp
                          Filesize

                          16KB

                          Download
                        • memory/796-225-0x000001458F02C000-0x000001458F030000-memory.dmp
                          Filesize

                          16KB

                          Download
                        • memory/796-227-0x000001458F02C000-0x000001458F030000-memory.dmp
                          Filesize

                          16KB

                          Download
                        • memory/796-229-0x000001458F030000-0x000001458F033000-memory.dmp
                          Filesize

                          12KB

                          Download
                        • memory/796-230-0x000001458F030000-0x000001458F033000-memory.dmp
                          Filesize

                          12KB

                          Download
                        • memory/796-198-0x000001458D660000-0x000001458D680000-memory.dmp
                          Filesize

                          128KB

                          Download
                        • memory/796-232-0x000001458F030000-0x000001458F033000-memory.dmp
                          Filesize

                          12KB

                          Download
                        • memory/936-160-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1060-186-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1460-140-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1564-264-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1592-163-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1656-161-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1872-219-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1884-170-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2156-175-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2376-164-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2700-179-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2932-183-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2980-257-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3264-260-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3404-213-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3544-254-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3548-138-0x00000000749F0000-0x00000000749FA000-memory.dmp
                          Filesize

                          40KB

                          Download
                        • memory/3548-136-0x00000000749F0000-0x00000000749FA000-memory.dmp
                          Filesize

                          40KB

                          Download
                        • memory/3700-185-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3788-212-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3804-184-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3960-262-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3980-255-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4320-167-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4588-258-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4844-181-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4900-182-0x0000000000000000-mapping.dmp
                          Download
                        • memory/5160-266-0x0000000000000000-mapping.dmp
                          Download
                        • memory/5280-268-0x0000000000000000-mapping.dmp
                          Download
                        • memory/5352-270-0x0000000000000000-mapping.dmp
                          Download
                        • memory/5428-272-0x0000000000000000-mapping.dmp
                          Download
                        • memory/5688-273-0x0000000000000000-mapping.dmp
                          Download