Overview

overview

8

Static

static

1

Windows 10...ed.exe

windows10-1703-x64

8

Windows 10...ed.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    123s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-es
  • resource tags

    arch:x64arch:x86image:win10-20220901-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    10-02-2023 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Windows 10 Rounded.exe

  • Size

    2.4MB

  • MD5

    11ff322997d98d02afe198c20b613ff3

  • SHA1

    48e70395f187454bddc01484a6cbcf1c5f1753fc

  • SHA256

    9482be3fcb23242751dfc68c1f239c92de3999618ca2d3ae0d7c9f5f596876f4

  • SHA512

    11cc64b00f741b44c73c835e6da3c103d4a690e1c6c009cd020967e870967f31bd2ad8851f4e0d2a2c6e964558665e84d33839f82db2e178053d7ffb5b191ee4

  • SSDEEP

    49152:DXNPtf+dAGSXAZGxgF3Nr13EfePGBT5OHTdg5K6EnCN11Y:DPxD5g1p9keGLc+SH

Score
8/10
adwarediscoveryexploitpersistenceransomwarestealerupx

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Possible privilege escalation attempt 7 IoCs
    exploit
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 38 IoCs
  • Modifies file permissions 1 TTPs 7 IoCs
    discovery
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 9 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 55 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Control Panel 58 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 7 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 60 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Windows 10 Rounded.exe
    "C:\Users\Admin\AppData\Local\Temp\Windows 10 Rounded.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Users\Admin\AppData\Local\Temp\nspBACB.tmp\UXTheme.exe
      "C:\Users\Admin\AppData\Local\Temp\nspBACB.tmp\UXTheme.exe" /S
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:3504
      • C:\Windows\system32\takeown.exe
        "C:\Windows\system32\takeown.exe" /f "C:\Windows\system32\themeui.dll"
        3⤵
        • Possible privilege escalation attempt
        • Modifies file permissions
        • Suspicious use of AdjustPrivilegeToken
        PID:4692
      • C:\Windows\system32\icacls.exe
        "C:\Windows\system32\icacls.exe" "C:\Windows\system32\themeui.dll" /grant Admin:(d,wdac)
        3⤵
        • Possible privilege escalation attempt
        • Modifies file permissions
        PID:4064
      • C:\Windows\system32\takeown.exe
        "C:\Windows\system32\takeown.exe" /f "C:\Windows\system32\uxinit.dll"
        3⤵
        • Possible privilege escalation attempt
        • Modifies file permissions
        • Suspicious use of AdjustPrivilegeToken
        PID:4756
      • C:\Windows\system32\icacls.exe
        "C:\Windows\system32\icacls.exe" "C:\Windows\system32\uxinit.dll" /grant Admin:(d,wdac)
        3⤵
        • Possible privilege escalation attempt
        • Modifies file permissions
        PID:1048
    • C:\SkinPack\RD.exe
      "C:\SkinPack\RD.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:992
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\System32\regsvr32.exe" /s C:\skinpack\OldNewExplorer32.dll
        3⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        PID:4600
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\System32\regsvr32.exe" /s C:\skinpack\OldNewExplorer64.dll
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:4272
        • C:\Windows\system32\regsvr32.exe
          /s C:\skinpack\OldNewExplorer64.dll
          4⤵
          • Loads dropped DLL
          • Registers COM server for autorun
          • Installs/modifies Browser Helper Object
          • Modifies registry class
          PID:3568
    • C:\SkinPack\ric.exe
      "C:\SkinPack\ric.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4260
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ric.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3196
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /f /im explorer.exe
          4⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1708
        • C:\Windows\SysWOW64\takeown.exe
          takeown /f ""C:\Users\Admin\AppData\Local\IconCache.db""
          4⤵
          • Possible privilege escalation attempt
          • Modifies file permissions
          PID:2272
        • C:\Windows\SysWOW64\icacls.exe
          icacls ""C:\Users\Admin\AppData\Local\IconCache.db"" /grant administrators:F /t
          4⤵
          • Possible privilege escalation attempt
          • Modifies file permissions
          PID:752
        • C:\Windows\SysWOW64\takeown.exe
          takeown /f "C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer" /r /d y
          4⤵
          • Possible privilege escalation attempt
          • Modifies file permissions
          PID:1440
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          4⤵
          • Modifies Installed Components in the registry
          • Loads dropped DLL
          • Enumerates connected drives
          • Sets desktop wallpaper using registry
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:4400
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      2⤵
      • Loads dropped DLL
      PID:424
    • C:\SkinPack\theme.exe
      "C:\SkinPack\theme.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4544
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\themecpl.dll,OpenThemeAction C:\Windows\Resources\Themes\win11.theme
        3⤵
        • Loads dropped DLL
        • Modifies Control Panel
        PID:2500
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5112
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
    1⤵
    • Checks SCSI registry key(s)
    • Modifies data under HKEY_USERS
    PID:3828
  • C:\Windows\system32\srtasks.exe
    C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4576
  • C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4924
  • \??\c:\windows\system32\rundll32.exe
    rundll32.exe uxtheme.dll,#64 C:\Windows\resources\themes\Aero\Aero.msstyles?NormalColor?NormalSize
    1⤵
      PID:4640
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3608
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      PID:3920
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:532
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2780
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2780 -s 3672
        2⤵
        • Program crash
        PID:2080
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
        PID:4756

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Registry Run Keys / Startup Folder

      2
      T1060

      Browser Extensions

      1
      T1176

      Privilege Escalation

      Defense Evasion

      Modify Registry

      4
      T1112

      File Permissions Modification

      1
      T1222

      Credential Access

      Discovery

      Query Registry

      5
      T1012

      System Information Discovery

      5
      T1082

      Peripheral Device Discovery

      2
      T1120

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Defacement

      1
      T1491

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\SkinPack\RD.exe
        Filesize

        458KB

        MD5

        070b21f16a8ceb711175f88282d6a8d9

        SHA1

        09450d2262d72caeed79d8f032c45e234c943e96

        SHA256

        f718d68bde68ef3d869ca6a381d68c0211ea05f42d6008467d6c8089503207a3

        SHA512

        e86446194bd9b35dabfee16ace8f659ee1066ee067aa2e87f1dce1a8a62d23c097e332fef5cde3ae07c9f494444849b601e69862507e60160deaf901aed2ed44

        Download Submit
      • C:\SkinPack\rd.exe
        Filesize

        458KB

        MD5

        070b21f16a8ceb711175f88282d6a8d9

        SHA1

        09450d2262d72caeed79d8f032c45e234c943e96

        SHA256

        f718d68bde68ef3d869ca6a381d68c0211ea05f42d6008467d6c8089503207a3

        SHA512

        e86446194bd9b35dabfee16ace8f659ee1066ee067aa2e87f1dce1a8a62d23c097e332fef5cde3ae07c9f494444849b601e69862507e60160deaf901aed2ed44

        Download Submit
      • C:\SkinPack\ric.exe
        Filesize

        185KB

        MD5

        865fee81ba24570833e6bdf36872fb5a

        SHA1

        30be1b8be25c9d3640c212cedfd7ec38e1a512f3

        SHA256

        6468653a01d17bd925174a17991b159b8b36640a636d0abd412131bc552c5508

        SHA512

        f9029bf0de97ecde880afc63e20960adbcb7ebde8f4dab7218b9a381883ba981d934872efb38ed8f0be03ab4c781cdfd0d628cf34c5f4bed12d7afdae29fe4d2

        Download Submit
      • C:\SkinPack\ric.exe
        Filesize

        185KB

        MD5

        865fee81ba24570833e6bdf36872fb5a

        SHA1

        30be1b8be25c9d3640c212cedfd7ec38e1a512f3

        SHA256

        6468653a01d17bd925174a17991b159b8b36640a636d0abd412131bc552c5508

        SHA512

        f9029bf0de97ecde880afc63e20960adbcb7ebde8f4dab7218b9a381883ba981d934872efb38ed8f0be03ab4c781cdfd0d628cf34c5f4bed12d7afdae29fe4d2

        Download Submit
      • C:\SkinPack\theme.exe
        Filesize

        250KB

        MD5

        709f8624f01ba7117b4c67a0f011d149

        SHA1

        3c8ce0ad9ce24cbed692e5c81ca810bd1ebedd0b

        SHA256

        083b0982d03a7b38b5dfaddad8d6add0882312c5eb6089d7a7d42a79f950f708

        SHA512

        c47b3f4136bbec08646064365a795e98e5b9b2f34fc844381b07b27b038e0a550fe4df7b8445459f77fcf0457d3fac3b4c3a42dd50028a6e8a0a9ae93f870f89

        Download Submit
      • C:\SkinPack\theme.exe
        Filesize

        250KB

        MD5

        709f8624f01ba7117b4c67a0f011d149

        SHA1

        3c8ce0ad9ce24cbed692e5c81ca810bd1ebedd0b

        SHA256

        083b0982d03a7b38b5dfaddad8d6add0882312c5eb6089d7a7d42a79f950f708

        SHA512

        c47b3f4136bbec08646064365a795e98e5b9b2f34fc844381b07b27b038e0a550fe4df7b8445459f77fcf0457d3fac3b4c3a42dd50028a6e8a0a9ae93f870f89

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\nspBACB.tmp\UXTheme.exe
        Filesize

        158KB

        MD5

        14044c6159982ac9bce2da9a354ceaaf

        SHA1

        790dfe5aeb3607ab7d9ea8a06eda6e35330995fb

        SHA256

        826186b0c1aa55646dfd2d7699a05192d78f7f0b76413a6525effa894cf83bf2

        SHA512

        f14bb5e6ec7232b13cc13003d66df38e2a14228bb0cd32a203c30fff11bc975913c2f60aa0e90044f064774c8f133a03cfb0332c470084597e4a6f2593d2e995

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\nspBACB.tmp\UXTheme.exe
        Filesize

        158KB

        MD5

        14044c6159982ac9bce2da9a354ceaaf

        SHA1

        790dfe5aeb3607ab7d9ea8a06eda6e35330995fb

        SHA256

        826186b0c1aa55646dfd2d7699a05192d78f7f0b76413a6525effa894cf83bf2

        SHA512

        f14bb5e6ec7232b13cc13003d66df38e2a14228bb0cd32a203c30fff11bc975913c2f60aa0e90044f064774c8f133a03cfb0332c470084597e4a6f2593d2e995

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\ric.bat
        Filesize

        808B

        MD5

        15e97d095d6e3516171f8071adf57422

        SHA1

        f25bce3d261351bd26380c3fbd57aeb716dbbd71

        SHA256

        42ed432f0b3388a0b7b1acf191f4fdea8c07a6869f7f325960848775f8310f0a

        SHA512

        ee8bb7a8456815112173bd147f81f13b8052d68b4481668cfcc62c263909ad87c40af48177d873f6f6ed2b902f42175c4dba599cd427ff83d62afab3d944046f

        Download Submit
      • C:\Windows\Cursors\win11\Alternate Select.cur
        Filesize

        4KB

        MD5

        f39bbc4b3ed4d522e80168563daa3d0e

        SHA1

        b74d5a0c841f57f7087511078ae82f2139594e9d

        SHA256

        d4b810d35b36dd9564d7ca56580812a7c595dbfd7a995ab42ee72495c6b2be83

        SHA512

        92813aa8114dc81627cc1d401a87c87acdf8ec89eba381793f81a21fe8f11de188a2c1a95d0380423ecd3e472c8ae5b4fcb57b94325e90fd757c1fec5e7c0def

        Download Submit
      • C:\Windows\Cursors\win11\Busy.ani
        Filesize

        88KB

        MD5

        1b2ce00c3393fdb634a6f72dd39e9464

        SHA1

        bb096b201490bfc6a80d89255162234bfa9fa6b2

        SHA256

        d65b05aea602279558e33d4cb413b5066d8f64857f0a375324fe26cbb7919f33

        SHA512

        e964e25bd2e1e1c87634fa4056cc7582c786e0f1a3afa516fb924bdd372a58a718c1e2654e7afd2949839e060de30236f483fb785787b39cdfa1502c515f6b81

        Download Submit
      • C:\Windows\Cursors\win11\Diagonal Resize 1.cur
        Filesize

        4KB

        MD5

        97ac94dedad718b0870c830131f1b1b6

        SHA1

        91bad9493ecc95f0dbc805f76caf69f7be6a512d

        SHA256

        355d649821e0762a5bfc9a62283cbc2517cd8581bb2eac90fb7ec8458c108580

        SHA512

        5922cbd6039aa8ad20d3fc7a8f02e66c9c7a651159bb1a35a532eea18b2f9484b7f8a6e2f2d6df37aa009c0a2fe57c10a7bc2ae55e01579a4b444d99d9680e42

        Download Submit
      • C:\Windows\Cursors\win11\Diagonal Resize 2.cur
        Filesize

        4KB

        MD5

        21ddd61f124db7beb1348d2ce01a76cc

        SHA1

        c6bd6df38384d215e065b28e9f5c3f7dd6f0699a

        SHA256

        b012ad8185ff1b59fb1a369a14eb07e5d7bd3a0ac338db91bf0c3bbb0d89e348

        SHA512

        15efea80c9daf35ac8562a64e80f3b55cb94be4ba0789d335d7e8d54903757162c8ceef80be270ba8b5fdb007279977fd0c1bfbbe99e85d572076f0b32078636

        Download Submit
      • C:\Windows\Cursors\win11\Handwriting.cur
        Filesize

        4KB

        MD5

        65c1a0e6f95908c8abefbd30e70127f8

        SHA1

        7074c46b77ba7ecc980b1c3a4bfd70a5ef636fe7

        SHA256

        74fe2ec4670a13c1fde29c64fb9cf6c23e532915edac5dcd4bc3eeb35602a754

        SHA512

        7138546a52d6f9779c5cc319057ad3e6eb40a9792be5453eca4cca7b8c419d84b16d1d385b8aaa51b71c6bb07dc1b3146d9c90a3a0204359325c2093e40b0bcc

        Download Submit
      • C:\Windows\Cursors\win11\Help Select.cur
        Filesize

        4KB

        MD5

        9b084525a560d248dd6e512be26f4b00

        SHA1

        9003d52d53a2dbb25380c7487e6066faf9b9d83c

        SHA256

        998d63f5996af6834e5240f9b44b904a53a873121f1e7f746322971007273824

        SHA512

        035a7b2bb067bd9a9efd31926b75737a6948fb8f27be2e52233415e1611d77b48f4587c058b5e1e108f5d86a8420f237cc1aacc65ab58c39b4922f91f20957bb

        Download Submit
      • C:\Windows\Cursors\win11\Horizontal Resize.cur
        Filesize

        4KB

        MD5

        aa3058f215f71fba2c3569490ad11962

        SHA1

        ec7934d0a54e7f8d111c9a7ea2c6ea2908c0006d

        SHA256

        eefac9602637c8779ba39087341546c1675ee8a2e00c92c6b5d9c072e7bcea32

        SHA512

        f2c29a3746ce8348dde2a84d4275c9e217d7f8a7765263d9a15b6a79da6fdce493070cd526698e024fd5487690785bf3ae82256ec2c7a76a0401dff1308acac7

        Download Submit
      • C:\Windows\Cursors\win11\Link Select.cur
        Filesize

        4KB

        MD5

        62440644dc2e7c3e9544b9b023a70200

        SHA1

        1346cf9b5bf0ad2bc69052c2d45e9c900ecdbcde

        SHA256

        b4c58497ab46702ecc767fe8034c35bc53664b0936b2c32140ad950445a331d3

        SHA512

        f0bc31b3bb4bbb626e1873d4910ac611606b0e8db76cf939a03a5a2a6b036def7252fe88e7190dfc8739a1a8ca8eea1144f5eb6443e021118a9d91824d5aa1a6

        Download Submit
      • C:\Windows\Cursors\win11\Move.cur
        Filesize

        4KB

        MD5

        20061f34cb3720889faf5d3da9dce418

        SHA1

        cddee12fa753a2a00d88f759a5c784d8e49da005

        SHA256

        eaa76961999078700aa75a7f96daecfdc83871091c0dc4821cbaf4a4d52f1443

        SHA512

        813ee67598067f1458732721f23b4251025667057ebd1d531b054ab545bd56d5aab5a3cbf33e4cfffa184b62c8230f4094abed83f32ddf4655ccc9f71bd64b0a

        Download Submit
      • C:\Windows\Cursors\win11\Normal Select.cur
        Filesize

        4KB

        MD5

        428f75b1a4002ad9ca4c40508b48c00b

        SHA1

        02c20a32ab116a6f41c395998d30e590c594e986

        SHA256

        024f64380d2856846800f440bf00425dcf4c9636b21864846b5d4fe4b62db087

        SHA512

        8939a80884e6cac3257b7acc8b04db8c0b4d8b8fa19b3001da1d0ba77e0e38e8ccfacfd6414775533a71054ca42e5ddf5d3bfc7d6d9523d22ca3b58c7d1c18ad

        Download Submit
      • C:\Windows\Cursors\win11\Precision Select.cur
        Filesize

        4KB

        MD5

        f7e9cdc270fdb7ae1104b3ffd9f21ab2

        SHA1

        bb4965830392db5d83d7da4872a7db1d3aaea45d

        SHA256

        d09135b6ef1438b83ed241ce2af269afaa6ac2c192f2348416043b947d2db60e

        SHA512

        f18a844d3b24df6cad4e6a69bc083d43b7bd190b256848f7eff1199561eb3c9732b622c6626101e3a8932abff1e29dc347aab2a2e31f09d35d369d26a3983fdf

        Download Submit
      • C:\Windows\Cursors\win11\Text Select.cur
        Filesize

        4KB

        MD5

        7f5447324171124c955542823165bf76

        SHA1

        9b4dcdf0f8d0ddf29dd122b6251df652ad6ca16f

        SHA256

        35e2699ccc54543a1695c5fd94f8f99e097f37d3c2535a09c4220411a822ee91

        SHA512

        e0f24d76fc72cc6bf10790a6dfc3dbf8491e62b197f41b47215e61fc29f4e752a898d45391c76f6b25a79f8f1627b568ddc7154d508d9f6117e0f1cf7984b33c

        Download Submit
      • C:\Windows\Cursors\win11\Unavailable.cur
        Filesize

        4KB

        MD5

        035f705096a5c9e1f96ecf0f65709ece

        SHA1

        c28683d3d766ece4a87780188f573dd1e3a74a99

        SHA256

        b8924fa66af797962b1784b74c2eb46fa27c2a97b5296c205ef4af81728474d8

        SHA512

        93baefe0f5fe055d40cb9bbabbc70000b1a6d75b7f04ae580cf863daa908a0756128215602188bee7b50ca7e9e5faddcc0956716782a519ce4fa3f9b8fea9d4d

        Download Submit
      • C:\Windows\Cursors\win11\Vertical Resize.cur
        Filesize

        4KB

        MD5

        ae6fbde374a52fbef2756435cace1283

        SHA1

        891e0728c50840d8686107fd8a1018d48f1ec5a8

        SHA256

        d6623e00b3ca9f8900f8e0353b845bb191bfa8d301509cef44b7bb0a88c45ae8

        SHA512

        2e462c7fed43b120d9bba25b445d1fe50f5c86c14fc7a3bc3314bb3a6585f5cf40d678e7064974b8ea275643746ee73d56ab7c8ebf6aa2c78510b7e61a515939

        Download Submit
      • C:\Windows\Cursors\win11\Working In Background.ani
        Filesize

        88KB

        MD5

        f32b8318d87b8faab23000470b62e656

        SHA1

        0c72413613a8cbf04d5c705949bf1a0ee60ee4ed

        SHA256

        3b2e335e6f7de136fb8c5decebcda73aad31ec339b3faf65264526fbb83ffb92

        SHA512

        b6bdedb6b9631c4867c26b1b29d568b8e09e71af8a717e416a8f33c45193f2c9c6ce381276dbefca62def8025f988faa9304040ac873c90afa73c19bae2b1abe

        Download Submit
      • C:\Windows\Resources\Themes\win11.theme
        Filesize

        2KB

        MD5

        a5f56f2e08098c85191104802251c8dd

        SHA1

        e3da2b90624c79f0d19ca0883b09875d3a2d0310

        SHA256

        54e02dfeb11fbf746b7ec179ca17720960b6be2f9c35cd55860045811a30c958

        SHA512

        3f6b48569bbdc8e7b52668751b7b83654ece21bac1da1ed475c60a8026bff97ed299b87d05a8bf52b0c6570fc13e7ef8c0487bf08bbfae5270e1bc6859f37aec

        Download Submit
      • C:\Windows\Resources\Themes\win11\win11.msstyles
        Filesize

        1.1MB

        MD5

        bcdd87bb20fec0bda02ed72a582cdeec

        SHA1

        dd68b0ae10f51419a3ccbeb5321027ce2ec3c3da

        SHA256

        b5291f676d7558b74080dd26aa40678d4d41f5d272b640a0a7c1eff5410f6f9f

        SHA512

        37c37afb4b921010539a6754a40541939b5abff9bd8c10191b9c4ebc0cc91570dcb2a983586bb379975cc187537d433d0987836911527d6d352f0ba5c555e100

        Download Submit
      • C:\Windows\system32\themeui.dll
        Filesize

        2.7MB

        MD5

        3350fb97f17d354efaf67bd969b7a0d5

        SHA1

        213bcc525e91dd1cc3e2468d52d51deca6c923aa

        SHA256

        de6abddc242d9debf0d2b89d962a1c45cf41a57f6b9659eeedc6748f1b4d0ac6

        SHA512

        0c18d373781876a61d018c19b0c3060746cc0c9b8d053877a7d7d3427eb64cae33245c9c4074c8150088e617bfc37946868be362ae10f705a2a43b9908be5d4f

        Download Submit
      • C:\Windows\web\wallpaper\win11.jpg
        Filesize

        456KB

        MD5

        887438194820c7eff2fa55cece1a4661

        SHA1

        85ae1c33d53b5c9ed4ffadff930430b3fc62ca56

        SHA256

        3973f423d1477630840dc60d43ece2a397c722b4b4c82a6d66618a3b4edfba08

        SHA512

        c64773119464361d6ddbd2d23ccc61cc0e7c4523826fa7fee83801a223bab2cc1e98fb9cb8fae59bf2a5597fbc828c0b1da44afcc058bdfbf25503a4848c2dca

        Download Submit
      • C:\skinpack\OldNewExplorer32.dll
        Filesize

        249KB

        MD5

        a72e302c3f4e4dc8eaa365592aef97c8

        SHA1

        83000d226d885e71ba3cfa4603c26768c6ec03c7

        SHA256

        76f3780b3a124f17dbaa369fb8ff54fe6d69f9297795af0cee720a7de213a92a

        SHA512

        2d0dd7b4f28da1ce6074361c5ff34b93183b6e81ba5d092e44e8f22726cc85cdfe0d8c01ceaf6a8bb37f72dcc7bb60e869172ec18b9dcf0607e5ed6389bd3848

        Download Submit
      • C:\skinpack\OldNewExplorer64.dll
        Filesize

        255KB

        MD5

        fcf194e3b9101064939a000075149f29

        SHA1

        7a3767dabba5368da9092ea17b0dcbdd23b23bfb

        SHA256

        21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

        SHA512

        e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

        Download Submit
      • \SkinPack\OldNewExplorer32.dll
        Filesize

        249KB

        MD5

        a72e302c3f4e4dc8eaa365592aef97c8

        SHA1

        83000d226d885e71ba3cfa4603c26768c6ec03c7

        SHA256

        76f3780b3a124f17dbaa369fb8ff54fe6d69f9297795af0cee720a7de213a92a

        SHA512

        2d0dd7b4f28da1ce6074361c5ff34b93183b6e81ba5d092e44e8f22726cc85cdfe0d8c01ceaf6a8bb37f72dcc7bb60e869172ec18b9dcf0607e5ed6389bd3848

        Download Submit
      • \SkinPack\OldNewExplorer32.dll
        Filesize

        249KB

        MD5

        a72e302c3f4e4dc8eaa365592aef97c8

        SHA1

        83000d226d885e71ba3cfa4603c26768c6ec03c7

        SHA256

        76f3780b3a124f17dbaa369fb8ff54fe6d69f9297795af0cee720a7de213a92a

        SHA512

        2d0dd7b4f28da1ce6074361c5ff34b93183b6e81ba5d092e44e8f22726cc85cdfe0d8c01ceaf6a8bb37f72dcc7bb60e869172ec18b9dcf0607e5ed6389bd3848

        Download Submit
      • \SkinPack\OldNewExplorer32.dll
        Filesize

        249KB

        MD5

        a72e302c3f4e4dc8eaa365592aef97c8

        SHA1

        83000d226d885e71ba3cfa4603c26768c6ec03c7

        SHA256

        76f3780b3a124f17dbaa369fb8ff54fe6d69f9297795af0cee720a7de213a92a

        SHA512

        2d0dd7b4f28da1ce6074361c5ff34b93183b6e81ba5d092e44e8f22726cc85cdfe0d8c01ceaf6a8bb37f72dcc7bb60e869172ec18b9dcf0607e5ed6389bd3848

        Download Submit
      • \SkinPack\OldNewExplorer32.dll
        Filesize

        249KB

        MD5

        a72e302c3f4e4dc8eaa365592aef97c8

        SHA1

        83000d226d885e71ba3cfa4603c26768c6ec03c7

        SHA256

        76f3780b3a124f17dbaa369fb8ff54fe6d69f9297795af0cee720a7de213a92a

        SHA512

        2d0dd7b4f28da1ce6074361c5ff34b93183b6e81ba5d092e44e8f22726cc85cdfe0d8c01ceaf6a8bb37f72dcc7bb60e869172ec18b9dcf0607e5ed6389bd3848

        Download Submit
      • \SkinPack\OldNewExplorer64.dll
        Filesize

        255KB

        MD5

        fcf194e3b9101064939a000075149f29

        SHA1

        7a3767dabba5368da9092ea17b0dcbdd23b23bfb

        SHA256

        21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

        SHA512

        e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

        Download Submit
      • \SkinPack\OldNewExplorer64.dll
        Filesize

        255KB

        MD5

        fcf194e3b9101064939a000075149f29

        SHA1

        7a3767dabba5368da9092ea17b0dcbdd23b23bfb

        SHA256

        21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

        SHA512

        e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

        Download Submit
      • \SkinPack\OldNewExplorer64.dll
        Filesize

        255KB

        MD5

        fcf194e3b9101064939a000075149f29

        SHA1

        7a3767dabba5368da9092ea17b0dcbdd23b23bfb

        SHA256

        21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

        SHA512

        e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

        Download Submit
      • \SkinPack\OldNewExplorer64.dll
        Filesize

        255KB

        MD5

        fcf194e3b9101064939a000075149f29

        SHA1

        7a3767dabba5368da9092ea17b0dcbdd23b23bfb

        SHA256

        21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

        SHA512

        e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

        Download Submit
      • \SkinPack\OldNewExplorer64.dll
        Filesize

        255KB

        MD5

        fcf194e3b9101064939a000075149f29

        SHA1

        7a3767dabba5368da9092ea17b0dcbdd23b23bfb

        SHA256

        21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

        SHA512

        e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

        Download Submit
      • \SkinPack\OldNewExplorer64.dll
        Filesize

        255KB

        MD5

        fcf194e3b9101064939a000075149f29

        SHA1

        7a3767dabba5368da9092ea17b0dcbdd23b23bfb

        SHA256

        21e76d101c19571d254e649c86f2588c7a46e7fb8f0911880ebbbadc7acf4d18

        SHA512

        e3fc693f1e7f7ac80d45f3b3d6df6c659f8e5aca5ef02d6a020d351927b684f71be4aba7c27aca2f82893cd98f431a89b21f5e78a7c35207964b161749fc4d24

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\SysRestore.dll
        Filesize

        5KB

        MD5

        4310bd09fc2300b106f0437b6e995330

        SHA1

        c6790a68e410d4a619b9b59e7540b702a98ad661

        SHA256

        c686b4df9b4db50fc1ddb7be4cd50d4b1d75894288f4dc50571b79937d7c0d7e

        SHA512

        49e286ccd285871db74867810c9cf243e3c1522ce7b4c0d1d01bafe72552692234cf4b4d787b900e9c041b8a2c12f193b36a6a35c64ffd5deef0e1be9958b1f7

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\System.dll
        Filesize

        12KB

        MD5

        564bb0373067e1785cba7e4c24aab4bf

        SHA1

        7c9416a01d821b10b2eef97b80899d24014d6fc1

        SHA256

        7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

        SHA512

        22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nseEAE4.tmp\nsisFile.dll
        Filesize

        5KB

        MD5

        b7d0d765c151d235165823b48554e442

        SHA1

        fe530e6c6fd60392d4ce611b21ec9daad3f1bc84

        SHA256

        a820a32e5ce89e3e336afc71aa1bf42a357ec542c2bc6e50c6255c1333812587

        SHA512

        5d801c24dfa1b7326f72f9c0acf3a330ef0cc3fce25ceee200bb12eab8c2b653025602e610e0cecda1e7cbd851ce1b66252531220b557a378ddb0b4a1741fa66

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nspBACB.tmp\Aero.dll
        Filesize

        6KB

        MD5

        243bf44688b131c3171f2827a93e39dc

        SHA1

        07e9c7bd16ae47953e42c06ae2606de188386f35

        SHA256

        04a577df50431eb0ff6fb103566402bf66c50415bcc1f8a86b9c235053131455

        SHA512

        a1a8c21d38c54a43d1c6c394f481dfbddcb359c617e9928ecca8f84d47354616a78d20735a1fe7bebd21626c21cf96d0e1a69e3e98f6b35f2a774cc0244f9516

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nspBACB.tmp\System.dll
        Filesize

        11KB

        MD5

        fccff8cb7a1067e23fd2e2b63971a8e1

        SHA1

        30e2a9e137c1223a78a0f7b0bf96a1c361976d91

        SHA256

        6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

        SHA512

        f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nspBACB.tmp\advsplash.dll
        Filesize

        5KB

        MD5

        176ec6dc75972ce900793396723ed374

        SHA1

        551f8cab48da2b2770442d10e3e18edc44760357

        SHA256

        f568ebb5792b5054cd871cbe128e6f409b097e79be7366d409189e0a1c1f9f83

        SHA512

        8ea30e09fc1db2616b4946b65a0136afce96991764693725f956a5aa1cfc871595ea2101cfbd3b3280aba803a1dd8199ba7245b5925ecb0c00e641eca1d64b5f

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nspBACB.tmp\nsDialogs.dll
        Filesize

        9KB

        MD5

        1c8b2b40c642e8b5a5b3ff102796fb37

        SHA1

        3245f55afac50f775eb53fd6d14abb7fe523393d

        SHA256

        8780095aa2f49725388cddf00d79a74e85c9c4863b366f55c39c606a5fb8440c

        SHA512

        4ff2dc83f640933162ec8818bb1bf3b3be1183264750946a3d949d2e7068ee606277b6c840193ef2b4663952387f07f6ab12c84c4a11cae9a8de7bd4e7971c57

        Download Submit
      • \Users\Admin\AppData\Local\Temp\nspBACB.tmp\nsExec.dll
        Filesize

        6KB

        MD5

        09c2e27c626d6f33018b8a34d3d98cb6

        SHA1

        8d6bf50218c8f201f06ecf98ca73b74752a2e453

        SHA256

        114c6941a8b489416c84563e94fd266ea5cad2b518db45cd977f1f9761e00cb1

        SHA512

        883454bef7b6de86d53af790755ae624f756b48b23970f865558ba03a5aecfa8d15f14700e92b3c51546e738c93e53dc50b8a45f79ef3f00aa84382853440954

        Download Submit
      • \Windows\System32\themeui.dll
        Filesize

        2.7MB

        MD5

        3350fb97f17d354efaf67bd969b7a0d5

        SHA1

        213bcc525e91dd1cc3e2468d52d51deca6c923aa

        SHA256

        de6abddc242d9debf0d2b89d962a1c45cf41a57f6b9659eeedc6748f1b4d0ac6

        SHA512

        0c18d373781876a61d018c19b0c3060746cc0c9b8d053877a7d7d3427eb64cae33245c9c4074c8150088e617bfc37946868be362ae10f705a2a43b9908be5d4f

        Download Submit
      • \Windows\System32\themeui.dll
        Filesize

        2.7MB

        MD5

        3350fb97f17d354efaf67bd969b7a0d5

        SHA1

        213bcc525e91dd1cc3e2468d52d51deca6c923aa

        SHA256

        de6abddc242d9debf0d2b89d962a1c45cf41a57f6b9659eeedc6748f1b4d0ac6

        SHA512

        0c18d373781876a61d018c19b0c3060746cc0c9b8d053877a7d7d3427eb64cae33245c9c4074c8150088e617bfc37946868be362ae10f705a2a43b9908be5d4f

        Download Submit
      • memory/424-665-0x0000000000000000-mapping.dmp
        Download
      • memory/752-624-0x0000000000000000-mapping.dmp
        Download
      • memory/992-306-0x0000000000000000-mapping.dmp
        Download
      • memory/1048-299-0x0000000000000000-mapping.dmp
        Download
      • memory/1440-638-0x0000000000000000-mapping.dmp
        Download
      • memory/1708-557-0x0000000000000000-mapping.dmp
        Download
      • memory/2272-600-0x0000000000000000-mapping.dmp
        Download
      • memory/2500-738-0x0000000000000000-mapping.dmp
        Download
      • memory/2804-149-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-165-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-120-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-160-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-891-0x0000000073CD0000-0x0000000073CDA000-memory.dmp
        Filesize

        40KB

        Download
      • memory/2804-121-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-164-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-162-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-122-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-186-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-184-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-182-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-181-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-179-0x0000000073CD0000-0x0000000073CDA000-memory.dmp
        Filesize

        40KB

        Download
      • memory/2804-178-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-175-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-176-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-159-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-288-0x0000000073CD0000-0x0000000073CDA000-memory.dmp
        Filesize

        40KB

        Download
      • memory/2804-123-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-124-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-125-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-174-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-173-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-158-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-157-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-126-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-156-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-155-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-127-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-154-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-153-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-128-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-152-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-151-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-129-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-132-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-136-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-141-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-131-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-144-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-172-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-171-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-170-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-168-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-130-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-147-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-167-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-133-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-150-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-163-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-148-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-146-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-145-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-166-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-143-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-142-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-140-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-161-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-139-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-138-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-137-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-135-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2804-134-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/3196-543-0x0000000000000000-mapping.dmp
        Download
      • memory/3504-189-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/3504-191-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/3504-190-0x0000000077BF0000-0x0000000077D7E000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/3504-187-0x0000000000000000-mapping.dmp
        Download
      • memory/3568-467-0x0000000000000000-mapping.dmp
        Download
      • memory/4064-297-0x0000000000000000-mapping.dmp
        Download
      • memory/4260-475-0x0000000000000000-mapping.dmp
        Download
      • memory/4272-424-0x0000000000000000-mapping.dmp
        Download
      • memory/4400-661-0x0000000000000000-mapping.dmp
        Download
      • memory/4544-666-0x0000000000000000-mapping.dmp
        Download
      • memory/4600-375-0x0000000000000000-mapping.dmp
        Download
      • memory/4692-296-0x0000000000000000-mapping.dmp
        Download
      • memory/4756-298-0x0000000000000000-mapping.dmp
        Download