0719c11d3913d182d7439846fbdc0a51697a6366c80d33e3b7be338c38427aa0

Analysis

max time kernel
67s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2022 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stardock.Start11-1.25.exe
Size

29.0MB
MD5

8940629ddd025357283f50358afb981a
SHA1

959b55e7d20d4268f95bf9f04320bc0a3c70541e
SHA256

0719c11d3913d182d7439846fbdc0a51697a6366c80d33e3b7be338c38427aa0
SHA512

be36c1f206e63f8985ef9b8f687b6ea86c70e953b13d9b7e8b9d7d1afff5d7760a44d860e5a8951c7a710fb73821d719629dc83433a29e550a115009449a21d8
SSDEEP

393216:qW4rGg5N1smHWVFVB3z5uSHz9T9ilmCi1NYub7aKoCc1jNfPmTBChSEH7AwQAm5O:3yF+xTHZeEiCc1kV6bAwFVCo

Score

10^/10

discovery persistence upx

Malware Config

Signatures

Modifies system executable filetype association 2 TTPs 6 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell	regsvr32.exe

ACProtect 1.3x - 1.4x DLL software 5 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\Aero.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll	acprotect

Executes dropped EXE 10 IoCs

Processes:

Start11Srv.exeStart11Srv.exeStart11_64.exeStart11_64.exeStart11_64.exeStart11Config.exeStart11Config.exeStart11_64.exeStart11Config.exe

pid	process
4956	Start11Srv.exe
1072	Start11Srv.exe
3112	Start11_64.exe
4688	Start11_64.exe
4408	Start11_64.exe
3100	Start11Config.exe
2212
3264	Start11Config.exe
2136	Start11_64.exe
404	Start11Config.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ = "C:\\Program Files (x86)\\Stardock\\Start11\\Start10Shell64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\Aero.dll	upx
behavioral1/memory/4968-137-0x0000000074DE0000-0x0000000074DEA000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll	upx
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll	upx
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll	upx
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll	upx
behavioral1/memory/4968-167-0x0000000074DE0000-0x0000000074DEA000-memory.dmp	upx

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Start11Config.exeStart11Config.exeStart11Config.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Start11Config.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Start11Config.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Start11Config.exe

Loads dropped DLL 31 IoCs

Processes:

Stardock.Start11-1.25.exeStart11_64.exeStart11_64.exeStart11_64.exeStart11Config.exeregsvr32.exeregsvr32.exeStart11Config.exepowershell.exepowershell.exepowershell.exepowershell.exeStart11Config.exe

pid	process
4968	Stardock.Start11-1.25.exe
4968	Stardock.Start11-1.25.exe
4968	Stardock.Start11-1.25.exe
4968	Stardock.Start11-1.25.exe
4968	Stardock.Start11-1.25.exe
4968	Stardock.Start11-1.25.exe
4968	Stardock.Start11-1.25.exe
4968	Stardock.Start11-1.25.exe
4968	Stardock.Start11-1.25.exe
4688	Start11_64.exe
3112	Start11_64.exe
4408	Start11_64.exe
3100	Start11Config.exe
1440	regsvr32.exe
2212
1560	regsvr32.exe
2212
1560	regsvr32.exe
2212
3264	Start11Config.exe
4612
4172
3548	powershell.exe
3992	powershell.exe
2184
5064
2736	powershell.exe
1572
4800	powershell.exe
4296
404	Start11Config.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

Stardock.Start11-1.25.exe

description	ioc	process
File created	C:\Program Files (x86)\Stardock\Start11\Links\23.lnk	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\3.lnk	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\30.lnk	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Dark Wood_x1.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Immersive Control Panel.lnk	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\defs.ini	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\31.lnk	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Biohazard.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Horz Gradient_x1.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Metal_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Default.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Fabric_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe.config	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Arsenic Orb.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Reflow Large.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Sand_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 04 Mono.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\24.lnk	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Sonar Large.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Stardock.ApplicationServices.dll	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\8.lnk	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 01.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Start10.exe	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Triangle One.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\es-la.lng	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\sv.lng	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\GroupPolicy\start8_gp.admx	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\11.lnk	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Flame Grid 04.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Reflow.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\cs-cz.lng	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\fr.lng	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\zh-cn.lng	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\25.lnk	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Old Wood_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Flow Large.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Marble_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 05.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\1.lnk	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Element.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Carbon Fibre_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 03 Mono.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\pt-br.lng	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Corroded_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\DefaultLarge.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Start8 Logo.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Dark Wood_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 02 Mono.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Start10tweak.exe	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\steam_api.dll	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Jeans_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\DeElevate.exe	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\SdAppServices.dll	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Leather_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Small Angle Stripes_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 05 Mono.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\zh-tw.lng	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Start11.exe	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\defs2.ini	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\GroupPolicy\en-us\start8_gp.adml	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\10.lnk	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Small Angle Stripes_x2.png	Stardock.Start11-1.25.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Jeans_x2.png	Stardock.Start11-1.25.exe

Drops file in Windows directory 2 IoCs

Processes:

Stardock.Start11-1.25.exe

description ioc process

File created C:\Windows\wontrust.dll Stardock.Start11-1.25.exe
File created C:\Windows\womtrust.dll Stardock.Start11-1.25.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\wontrust.dll	Stardock.Start11-1.25.exe
File created	C:\Windows\womtrust.dll	Stardock.Start11-1.25.exe

Modifies registry class 23 IoCs

Processes:

Start11Config.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open	Start11Config.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open\command	Start11Config.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.s8theme	Start11Config.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell	Start11Config.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\ = "open"	Start11Config.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open\command\ = "\"C:\\Program Files (x86)\\Stardock\\Start11\\ExtractS8Theme.exe\" \"%1\""	Start11Config.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\ = "Start10Shell Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ = "C:\\Program Files (x86)\\Stardock\\Start11\\Start10Shell64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\Treatment = "3"	Start11Config.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open\ = "Set as Start11 theme"	Start11Config.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.s8theme\Treatment = "3"	Start11Config.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme	Start11Config.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\ = "Start11 Theme"	Start11Config.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.s8theme\ = "S8Theme"	Start11Config.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Start11Config.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Start11Config.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Start11Config.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Start11Config.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Start11Config.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Start11Config.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

powershell.exepowershell.exepowershell.exepowershell.exe

pid	process
3548	powershell.exe
3548	powershell.exe
3992	powershell.exe
3992	powershell.exe
3992	powershell.exe
2736	powershell.exe
2736	powershell.exe
2736	powershell.exe
4800	powershell.exe
4800	powershell.exe
4800	powershell.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

Start11Srv.exeStart11_64.exeStart11_64.exepowershell.exepowershell.exepowershell.exepowershell.exe

description	pid	process
Token: 33	1072	Start11Srv.exe
Token: SeIncBasePriorityPrivilege	1072	Start11Srv.exe
Token: 33	4688	Start11_64.exe
Token: SeIncBasePriorityPrivilege	4688	Start11_64.exe
Token: 33	3112	Start11_64.exe
Token: SeIncBasePriorityPrivilege	3112	Start11_64.exe
Token: SeDebugPrivilege	3548	powershell.exe
Token: SeDebugPrivilege	3992	powershell.exe
Token: SeDebugPrivilege	2736	powershell.exe
Token: SeDebugPrivilege	4800	powershell.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

Start11_64.exeStart11_64.exeStart11_64.exe

pid process

4688 Start11_64.exe
3112 Start11_64.exe
4408 Start11_64.exe
4688 Start11_64.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

Start11_64.exeStart11_64.exeStart11_64.exeStart11Config.exeStart11Config.exeStart11Config.exe

pid process

4688 Start11_64.exe
3112 Start11_64.exe
4408 Start11_64.exe
3100 Start11Config.exe
3264 Start11Config.exe
404 Start11Config.exe

pid	process
4688	Start11_64.exe
3112	Start11_64.exe
4408	Start11_64.exe
4688	Start11_64.exe

pid	process
4688	Start11_64.exe
3112	Start11_64.exe
4408	Start11_64.exe
3100	Start11Config.exe
3264	Start11Config.exe
404	Start11Config.exe

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

Stardock.Start11-1.25.exeStart11Srv.exeStart11Srv.exeregsvr32.exe

description	pid	process	target process
PID 4968 wrote to memory of 4956	4968	Stardock.Start11-1.25.exe	Start11Srv.exe
PID 4968 wrote to memory of 4956	4968	Stardock.Start11-1.25.exe	Start11Srv.exe
PID 4968 wrote to memory of 4956	4968	Stardock.Start11-1.25.exe	Start11Srv.exe
PID 4956 wrote to memory of 4688	4956	Start11Srv.exe	Start11_64.exe
PID 4956 wrote to memory of 4688	4956	Start11Srv.exe	Start11_64.exe
PID 1072 wrote to memory of 3112	1072	Start11Srv.exe	Start11_64.exe
PID 1072 wrote to memory of 3112	1072	Start11Srv.exe	Start11_64.exe
PID 4968 wrote to memory of 4408	4968	Stardock.Start11-1.25.exe	Start11_64.exe
PID 4968 wrote to memory of 4408	4968	Stardock.Start11-1.25.exe	Start11_64.exe
PID 4968 wrote to memory of 3100	4968	Stardock.Start11-1.25.exe	Start11Config.exe
PID 4968 wrote to memory of 3100	4968	Stardock.Start11-1.25.exe	Start11Config.exe
PID 4968 wrote to memory of 3100	4968	Stardock.Start11-1.25.exe	Start11Config.exe
PID 4968 wrote to memory of 1440	4968	Stardock.Start11-1.25.exe	regsvr32.exe
PID 4968 wrote to memory of 1440	4968	Stardock.Start11-1.25.exe	regsvr32.exe
PID 4968 wrote to memory of 1440	4968	Stardock.Start11-1.25.exe	regsvr32.exe
PID 1440 wrote to memory of 1560	1440	regsvr32.exe	regsvr32.exe
PID 1440 wrote to memory of 1560	1440	regsvr32.exe	regsvr32.exe
PID 4968 wrote to memory of 3264	4968	Stardock.Start11-1.25.exe	Start11Config.exe
PID 4968 wrote to memory of 3264	4968	Stardock.Start11-1.25.exe	Start11Config.exe
PID 4968 wrote to memory of 3264	4968	Stardock.Start11-1.25.exe	Start11Config.exe
PID 4968 wrote to memory of 2136	4968	Stardock.Start11-1.25.exe	Start11_64.exe
PID 4968 wrote to memory of 2136	4968	Stardock.Start11-1.25.exe	Start11_64.exe

C:\Users\Admin\AppData\Local\Temp\Stardock.Start11-1.25.exe
"C:\Users\Admin\AppData\Local\Temp\Stardock.Start11-1.25.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4968

C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe" -install
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4956

C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
"C:\Program Files (x86)\Stardock\Start11\Start11_64.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4688

C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
"C:\Program Files (x86)\Stardock\Start11\Start11_64.exe" START
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4408

C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Config.exe" INSTALL
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:3100

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1440

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll"
3⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
PID:1560

C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Config.exe" FIXSEARCH
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3264

C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
"C:\Program Files (x86)\Stardock\Start11\Start11_64.exe" START
2⤵
- Executes dropped EXE
PID:2136

C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1072

C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
"C:\Program Files (x86)\Stardock\Start11\Start11_64.exe" START
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3112

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -command "Export-StartLayout -UseDesktopApplicationID -path "C:\Users\Admin\AppData\Local\Temp\tempDS11.xml""
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3992

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -command "Export-StartLayout -UseDesktopApplicationID -path "C:\Users\Admin\AppData\Local\Temp\tempDS11A.xml""
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3548

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -command "Export-StartLayout -UseDesktopApplicationID -path "C:\Users\Admin\AppData\Local\Temp\tempDS11A.xml""
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2736

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -command "Export-StartLayout -UseDesktopApplicationID -path "C:\Users\Admin\AppData\Local\Temp\tempDS11A.xml""
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4800

C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Config.exe" REBUILDSEARCH
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:404

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Stardock\Start11\Default.spak
Filesize
265KB

MD5
04836268553825b68fe9f64c8b242130

SHA1
5f82547959547ea10e5f50a07ac8b635a81045da

SHA256
90763510c505da1ab3e9b2811a5d3620ed8d47d1d510a8902134bab0a171e594

SHA512
e87b35de172c88c6efd69ba6e403433ee983d32eec420adfb701d1c6026928d790b9fd291be9773e445d73c36c3fce89ad004bc01521cf43f29b6ba2e75edb0f

Download Submit
C:\Program Files (x86)\Stardock\Start11\S11Search.exe
Filesize
138KB

MD5
def5fe3a48b2bebb5d0bc4ffa4e68c8c

SHA1
fdfd31a5c27ae9e163e5400e0efefbbffdc1edee

SHA256
83f01e9fa92a596f1eb5665d0e1dbc94f2b97baa1d1e9f3d96607a6252e5fbdf

SHA512
ce98f707ec1a5fe41171a29b8c57f477783ec2b2bb7a04d2cf62e946179fe51b01cdad12211cfd93d11f229d2ce08ea0c99788f168fa2bb2b4a8539548c16245

Download Submit
C:\Program Files (x86)\Stardock\Start11\S11Search64.exe
Filesize
178KB

MD5
babbd30ce081bee9a63b399cd2ef9be0

SHA1
5fc81ad3e5437c30949cec375b6fe5d25a5aba4d

SHA256
26c86b920c6f5837078f3eca3a51b5b23563ebb763f7605531c3fc4a8cb2c5f4

SHA512
158d493e2967ecb6ff1a9603886166554c668407f83ad665e043453a1ce9c087473e40055c7c129de4fe02f1107accfb363753bfa322c82a8bd8a76679991980

Download Submit
C:\Program Files (x86)\Stardock\Start11\SdAppServices.dll
Filesize
1.1MB

MD5
6012138cbd163a24465315ee641f49d0

SHA1
6261bebbafe4ba2151556a8814a0516f5b79c4ac

SHA256
e2b2fa1060dd42d636d6a71b2f534a19aa01237ca31062a6df214fb33fb921ab

SHA512
7ab0f223312352ecb25ebbc19972af4b1058cebf1ad3895140b3047da62848b1bab8e1febb357476db46c480d543e09807fd0077c0ecc569ae15fa68933784a4

Download Submit
C:\Program Files (x86)\Stardock\Start11\SdAppServices.dll
Filesize
1.1MB

MD5
6012138cbd163a24465315ee641f49d0

SHA1
6261bebbafe4ba2151556a8814a0516f5b79c4ac

SHA256
e2b2fa1060dd42d636d6a71b2f534a19aa01237ca31062a6df214fb33fb921ab

SHA512
7ab0f223312352ecb25ebbc19972af4b1058cebf1ad3895140b3047da62848b1bab8e1febb357476db46c480d543e09807fd0077c0ecc569ae15fa68933784a4

Download Submit
C:\Program Files (x86)\Stardock\Start11\SdAppServices.dll
Filesize
1.1MB

MD5
6012138cbd163a24465315ee641f49d0

SHA1
6261bebbafe4ba2151556a8814a0516f5b79c4ac

SHA256
e2b2fa1060dd42d636d6a71b2f534a19aa01237ca31062a6df214fb33fb921ab

SHA512
7ab0f223312352ecb25ebbc19972af4b1058cebf1ad3895140b3047da62848b1bab8e1febb357476db46c480d543e09807fd0077c0ecc569ae15fa68933784a4

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10.exe
Filesize
329KB

MD5
3e9994b595f6bffec24ed705398ea2fb

SHA1
01307767dcd1ba3ceab55c69e3e13d569ba1a202

SHA256
02dc0a089946622f72e685dfa24f3530f28cf62f342b2e82a7e0bfab7013c114

SHA512
d9fbce892cc0f848293c927c62085aa43b51e23eb82b03c41a8f4c95dda5e949e5a9a14934fa61723f49bf411d4391a2c45666c3c7b8a508055a3be55d269c63

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10Shell32.dll
Filesize
155KB

MD5
fc4111fa75f85e393284ee0f5ec07bac

SHA1
783b97bc33074854efdb30eae2876dbe3d049f78

SHA256
71a5a79566374da4a9a1048bf7d26165a71fe9e57ca03d6b07a0ea41a8ae8667

SHA512
c126e28c2671edbae8f7ad283ef8c4947fb388f02f069d49d1928cdd8e14e1b749ee943f66414b26e7cc29c5ca205fddeb48e177cd2d255918e3ef4f8bae846a

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll
Filesize
195KB

MD5
1c9970a72a8e0bb84f5dde21c7c58b31

SHA1
6d7ea434f0b29370d4189b51b095720d141fbf8c

SHA256
b276fe71fa4fafd2b0badbedf9a783a285a7a375bf90769ab23189aba733e30f

SHA512
c1889eb164a517e2a56188c26c0bceb70d9b744f5898f525ce44fe0a8d92190bdf624fab63bc5d69d7648f579cf067c8ba5cddf2239a0215f2b011b89b3190cb

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll
Filesize
195KB

MD5
1c9970a72a8e0bb84f5dde21c7c58b31

SHA1
6d7ea434f0b29370d4189b51b095720d141fbf8c

SHA256
b276fe71fa4fafd2b0badbedf9a783a285a7a375bf90769ab23189aba733e30f

SHA512
c1889eb164a517e2a56188c26c0bceb70d9b744f5898f525ce44fe0a8d92190bdf624fab63bc5d69d7648f579cf067c8ba5cddf2239a0215f2b011b89b3190cb

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll
Filesize
195KB

MD5
1c9970a72a8e0bb84f5dde21c7c58b31

SHA1
6d7ea434f0b29370d4189b51b095720d141fbf8c

SHA256
b276fe71fa4fafd2b0badbedf9a783a285a7a375bf90769ab23189aba733e30f

SHA512
c1889eb164a517e2a56188c26c0bceb70d9b744f5898f525ce44fe0a8d92190bdf624fab63bc5d69d7648f579cf067c8ba5cddf2239a0215f2b011b89b3190cb

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10_32.dll
Filesize
2.1MB

MD5
c25233fcf8aade734dcb51cde5f828cd

SHA1
75eaa771284aa46ef71bda33b8cf65cb57ea9ae9

SHA256
1ee5f1979ac9ad80eb44e33d49b3a2c8da9c265e9e53d2d499484b4993956dfe

SHA512
3dcce0593c7ce85d31e0a62528a622c709064c27e3f3b487b1b5dc49be0286b12a6217bbc06a3968be42b8bb9c05fbe3aa218e9dc3c2d59c834f2920505b1245

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11.exe
Filesize
333KB

MD5
d3441ddaec0a0d2e71d96b133d54b14b

SHA1
277436d3d580461721161f48a39d008e5b1094b6

SHA256
356214b66ccde7c5ea79d65637a4f4131c6c9c116a63e28edaf1567a4f5a6f84

SHA512
ba382fb07285f16c5dbe2cfd71d64417d01b822248a70b6eff87a4ab7e9360a25dba9d15ac2119eac02f15824b0d22a673d91f126efeca7bc1ebb556839f943a

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
Filesize
6.3MB

MD5
9c4c49f049d01f77e274446e4582f865

SHA1
124be0b8a168cc4149745286b62f537f8bb0ada6

SHA256
c6ffe1279b66890570c676f1a959741b732f633b4816093bd866fbccffef83d8

SHA512
8039944bc4c5eaa6345f8b753edc03f40f1904c768b68b5430a496484b7211e51d2a43932a26c5a63ce70f9e4be80a373baeadcbe44040ad20d81926321439d6

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
Filesize
6.3MB

MD5
9c4c49f049d01f77e274446e4582f865

SHA1
124be0b8a168cc4149745286b62f537f8bb0ada6

SHA256
c6ffe1279b66890570c676f1a959741b732f633b4816093bd866fbccffef83d8

SHA512
8039944bc4c5eaa6345f8b753edc03f40f1904c768b68b5430a496484b7211e51d2a43932a26c5a63ce70f9e4be80a373baeadcbe44040ad20d81926321439d6

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
Filesize
6.3MB

MD5
9c4c49f049d01f77e274446e4582f865

SHA1
124be0b8a168cc4149745286b62f537f8bb0ada6

SHA256
c6ffe1279b66890570c676f1a959741b732f633b4816093bd866fbccffef83d8

SHA512
8039944bc4c5eaa6345f8b753edc03f40f1904c768b68b5430a496484b7211e51d2a43932a26c5a63ce70f9e4be80a373baeadcbe44040ad20d81926321439d6

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
Filesize
6.3MB

MD5
9c4c49f049d01f77e274446e4582f865

SHA1
124be0b8a168cc4149745286b62f537f8bb0ada6

SHA256
c6ffe1279b66890570c676f1a959741b732f633b4816093bd866fbccffef83d8

SHA512
8039944bc4c5eaa6345f8b753edc03f40f1904c768b68b5430a496484b7211e51d2a43932a26c5a63ce70f9e4be80a373baeadcbe44040ad20d81926321439d6

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
Filesize
245KB

MD5
86ac3fa95df258390ea75db1f80e5a5a

SHA1
8298a6c4ab594a6a3099bf69dc10bcd5ceced2d9

SHA256
f9f7d8492fce0f2533030900bdb71b8a0f3c38dbc24f56003109d81cd8daa4be

SHA512
4fe8db3952a58072d293a9fc4247f5ed30e34d61456d9a833ef41efc770cb03c290f0e71b5702a997d8519ac8e5a04ce4e1777abb3c611ac21676b0a089e405a

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
Filesize
245KB

MD5
86ac3fa95df258390ea75db1f80e5a5a

SHA1
8298a6c4ab594a6a3099bf69dc10bcd5ceced2d9

SHA256
f9f7d8492fce0f2533030900bdb71b8a0f3c38dbc24f56003109d81cd8daa4be

SHA512
4fe8db3952a58072d293a9fc4247f5ed30e34d61456d9a833ef41efc770cb03c290f0e71b5702a997d8519ac8e5a04ce4e1777abb3c611ac21676b0a089e405a

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
Filesize
245KB

MD5
86ac3fa95df258390ea75db1f80e5a5a

SHA1
8298a6c4ab594a6a3099bf69dc10bcd5ceced2d9

SHA256
f9f7d8492fce0f2533030900bdb71b8a0f3c38dbc24f56003109d81cd8daa4be

SHA512
4fe8db3952a58072d293a9fc4247f5ed30e34d61456d9a833ef41efc770cb03c290f0e71b5702a997d8519ac8e5a04ce4e1777abb3c611ac21676b0a089e405a

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
Filesize
345KB

MD5
9cc0d880fd451943787313505ddb2045

SHA1
41f6449121fdb95b36365d6fa4994e40794adc76

SHA256
e2365da3a0993ad98b123f10dcf643722db2d529d9ef7a657d9253c84bdb0079

SHA512
6015e3958766608aa8b2059d1fd3a77b1a396b1d6a18e36b25639b9ac679e92683933fd7dd3b3c7a56cbbd3d960fe5ec809922df1417fcd6de50f4d47b3aa796

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
Filesize
345KB

MD5
9cc0d880fd451943787313505ddb2045

SHA1
41f6449121fdb95b36365d6fa4994e40794adc76

SHA256
e2365da3a0993ad98b123f10dcf643722db2d529d9ef7a657d9253c84bdb0079

SHA512
6015e3958766608aa8b2059d1fd3a77b1a396b1d6a18e36b25639b9ac679e92683933fd7dd3b3c7a56cbbd3d960fe5ec809922df1417fcd6de50f4d47b3aa796

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
Filesize
345KB

MD5
9cc0d880fd451943787313505ddb2045

SHA1
41f6449121fdb95b36365d6fa4994e40794adc76

SHA256
e2365da3a0993ad98b123f10dcf643722db2d529d9ef7a657d9253c84bdb0079

SHA512
6015e3958766608aa8b2059d1fd3a77b1a396b1d6a18e36b25639b9ac679e92683933fd7dd3b3c7a56cbbd3d960fe5ec809922df1417fcd6de50f4d47b3aa796

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
Filesize
345KB

MD5
9cc0d880fd451943787313505ddb2045

SHA1
41f6449121fdb95b36365d6fa4994e40794adc76

SHA256
e2365da3a0993ad98b123f10dcf643722db2d529d9ef7a657d9253c84bdb0079

SHA512
6015e3958766608aa8b2059d1fd3a77b1a396b1d6a18e36b25639b9ac679e92683933fd7dd3b3c7a56cbbd3d960fe5ec809922df1417fcd6de50f4d47b3aa796

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
Filesize
345KB

MD5
9cc0d880fd451943787313505ddb2045

SHA1
41f6449121fdb95b36365d6fa4994e40794adc76

SHA256
e2365da3a0993ad98b123f10dcf643722db2d529d9ef7a657d9253c84bdb0079

SHA512
6015e3958766608aa8b2059d1fd3a77b1a396b1d6a18e36b25639b9ac679e92683933fd7dd3b3c7a56cbbd3d960fe5ec809922df1417fcd6de50f4d47b3aa796

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Program Files (x86)\Stardock\Start11\start10_64.dll
Filesize
3.2MB

MD5
9d4cedad6d9004c7be52b097d1389c3d

SHA1
7de2ac2e57e4623354180ec3d66037c22fecb645

SHA256
46359433658bb02acbacc49398e7ac8ef2f48fe2b7e25b0e886649fe7782afe1

SHA512
5e4378e0ddb0f6d4ffa5b58969b05c81f34c10e3b327a21d0f7761b3c085506869d18853ee260294f0d0253b2e0cc82f43de50a505449fe327d91a1ad1d083ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FA
Filesize
471B

MD5
696c07660f0d88f9ec5e7292b203f3b7

SHA1
c87763f51aad8ff1de3a56798e40d96a831094c3

SHA256
a1f63bbfce2eaa3e65ef7e76a5a8ffa93f59a34f27d592810bce9a2c75ab782d

SHA512
6037c5464cf93c085663c520f790aec7149709ec80a86ba2ee86f0115f2991307f8eea08d551a9cf7cf4d3bd66229a2da02ce9b753537230a998a788c2a615d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_B460DBDB6691F360C14B4617119E5588
Filesize
727B

MD5
ddc923f8b3c7f719455811a1ebcf5696

SHA1
99a73e6a8accbeee249f5c0c49bdeaa9636ad9e6

SHA256
9226f959a472cfcd6bf5182424b76643693a31320f80d4f8fd83b7674b9ffd74

SHA512
d7d424ff10883d5e5eaff7be92cd54a3a9e93a4dddc71621fa71845e60709af7c253cf8d64a2b36156d140df124448078da6c96aa60b7c7e0466714aec3e878a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize
727B

MD5
834f905425ed65195956f893fc07851e

SHA1
35fb69b7fc5e57a293e56d6ea9b531c6fa62f048

SHA256
b7fe52cca1507fbe722201a9956bba6ea907ab31a49ffb39e16af532b754e4b5

SHA512
9f8dec519966229b04039947e465c009f74fbf2c6496f2ba018276a1f95ced0eab0096a05826c1ff1babc97b0cc2685ebe58bf0e5d1576fcba58a181768cbcc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FA
Filesize
400B

MD5
ce0e940374682ab0e3c74bed834c4674

SHA1
3455cc178493e63162f6425deac67501c514ac5f

SHA256
f2f34f46887be1c12cddc99608f596bc92d6567d79a27a4df0dbcac557db2033

SHA512
a2dcce5c51945bba1c142db36cb41f7115b314b06385ccaad441b36323f6946c62db9d4c59384431b6861ba3fefa536ca12b375dc1286bfbc63361222865b52c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_B460DBDB6691F360C14B4617119E5588
Filesize
408B

MD5
9752ddb3638fe97658a5b8dd92f114aa

SHA1
472e74fc302b0dce481324c32047018b8be4dad3

SHA256
82ad2e3b141837470c305cbb0bd1abf857f293c2dcf428914a23c6aca0b14b93

SHA512
21b164416c0febd1fd788f2cc2672f0becc7ab73aca04f4d35dfa32e34364466513e8f923d994ef656abdc7d384654b3df2d0e39e8595f6fd27345691cad6dff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize
412B

MD5
9dafcb413f3d97a7e37d35586e70bc66

SHA1
6e486f5b0c55a8510b81e058d5eb250eee8d9139

SHA256
ede614b56f17a031c6d071d713ebe1ea002bf6af13aaec06f7e3559ff0d6572e

SHA512
3d564bed4fcfd8b68f3b0bacd91dc93960946d71c1496f8b0071fdf5a9ff65bbdd1059ecd094b750a8887dd1d169173cfc6be1e63b9bb3ef1580ebd6d02f1477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
2KB

MD5
4ddffa34ba64b4a0f233e8a5460390c7

SHA1
cb81e25fd15badccc03954f0f9e3c129df4c8f0a

SHA256
33910de4403096fe3eadbcb20989bc1ff822b8c07d32cd230ae6655a88a5a204

SHA512
af8e8ebaa8b33d49652adc68e6be2785cda3935db4366fb5ea76b17a82ab15dd289cb90a060a0e738e7019b2cacba10b1c383b71ef765d65e7039c9e7b37969a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1004B

MD5
0dcbc7484a8b41482119223e9fb036dd

SHA1
2750927701a6be7cae7796d99cb44ccb921ce4d8

SHA256
abd8095f837964160224840ff0dd9d47c74512ac8fb83e274f30d4262c1a7255

SHA512
a37e8c043c3a86d2563ece1f9ba6c128fcbd26b9b29779c2e71b3349ba8957a283298601c752ee89ce7bca8ee53b560759e5b42a420edf94dcf26a6ccdf0175b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1004B

MD5
0dcbc7484a8b41482119223e9fb036dd

SHA1
2750927701a6be7cae7796d99cb44ccb921ce4d8

SHA256
abd8095f837964160224840ff0dd9d47c74512ac8fb83e274f30d4262c1a7255

SHA512
a37e8c043c3a86d2563ece1f9ba6c128fcbd26b9b29779c2e71b3349ba8957a283298601c752ee89ce7bca8ee53b560759e5b42a420edf94dcf26a6ccdf0175b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1004B

MD5
89b90568ad3f2f1ee2704189ec972922

SHA1
fd9ceb288f6e2d459d6915c901b0ab553dd9e736

SHA256
ce09e1b39813ae5f14f884f0794d4de692a97ffae81a288265d77a27471e6858

SHA512
9c745f352c121448a142a90fa96d55a0ee3013540a3e7c92c0f7d1d6df58d5f29d7395b7931bf53e3b76a447193671af0ad2aff17eed5ffb29b8ae4676da6617

Download Submit
C:\Users\Admin\AppData\Local\Stardock\Start11\SasLog.txt
Filesize
824B

MD5
285af46b4036923aede617814d3af032

SHA1
8e064f06ae9aa657b1630a6eba290a068cdcdf4e

SHA256
77117a13abbfe051a2b95c52f614da8f4db9cc7f691dbd3b42b38dc20bc62921

SHA512
d99c4412033578a822bd87ebe57976be8ae3c9922e56a9565de7c7959b42b163e14e821098d68743a564eb79c6f3834a35e23f76fa4e96b4f086a96c55ba38fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\Aero.dll
Filesize
6KB

MD5
243bf44688b131c3171f2827a93e39dc

SHA1
07e9c7bd16ae47953e42c06ae2606de188386f35

SHA256
04a577df50431eb0ff6fb103566402bf66c50415bcc1f8a86b9c235053131455

SHA512
a1a8c21d38c54a43d1c6c394f481dfbddcb359c617e9928ecca8f84d47354616a78d20735a1fe7bebd21626c21cf96d0e1a69e3e98f6b35f2a774cc0244f9516

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\BrandingURL.dll
Filesize
4KB

MD5
71c46b663baa92ad941388d082af97e7

SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421

SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\LangDLL.dll
Filesize
5KB

MD5
40eaa85160444940ff71d7aec7c6aa39

SHA1
62b0c779f32af751f3ef00833d3f5c75ed9f081d

SHA256
b4e00150349af7a646a84792b565a0c81f080a838a6e0da69e5cf8f4cdc560a3

SHA512
6d9e04dae68f9fd78a4f20a1d3fd34a9b92cf78b554d1e3e8e7fc3b2881d4659e49346f707cab43fd72c001ac192516deea7ef458ecab6b9f74b16ec05382ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\System.dll
Filesize
11KB

MD5
8571f5fc7f75b0ee8d99849a147e0a67

SHA1
0881a57ef76dae56454d3af836f0f8da8e583d49

SHA256
6c84f2582301ac235aa5ad222c7138f44f262d7a03dcab2a293f0f2a5e32c002

SHA512
e1e5854e9378f0c9d8590b66c10e23b56977ba367d724e272f5714b16845369d53a4bab29f0d41a9bb383032f7fb4ea3d814bf13b7fbb29a04f5876c14d61e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll
Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll
Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll
Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\md5dll.dll
Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc815B.tmp\nsDialogs.dll
Filesize
9KB

MD5
2d4e6314e1291e211f3326b9e9a7be8c

SHA1
67236ee783506c854a40229f311eec7f8a74d218

SHA256
01c37f54c7019f09734ce28ac929d2f1f3da1ae469282a6df1d34b69b8ff9280

SHA512
6063b3f82376cacf95bcc70061cb29bd2c4261959cfa1063426f4b4617e399d263f4ad63551ec64187ec04b847304bfd1cbbbc6825c810cecdff5b17f0b64fd1

Download Submit
C:\Windows\womtrust.dll
Filesize
93KB

MD5
d24ada011a7440b33b625612bd549fde

SHA1
2c4ac5e8d63bd3cc14f35fc6f3898c8814811d59

SHA256
c5ba737662ff8a5fe634b77b44b0bfa028ab7d756b9cc608026da3d8b4cdb9be

SHA512
c3196482aab2e831d29870404200758d2e0b8784f699b3236cc031a7b0e5ac485ba2c4dfeaa0c1b3bcbeda29e5425af5a661f48dec9f1adcccf3f4040a528c23

Download Submit
C:\Windows\womtrust.dll
Filesize
93KB

MD5
d24ada011a7440b33b625612bd549fde

SHA1
2c4ac5e8d63bd3cc14f35fc6f3898c8814811d59

SHA256
c5ba737662ff8a5fe634b77b44b0bfa028ab7d756b9cc608026da3d8b4cdb9be

SHA512
c3196482aab2e831d29870404200758d2e0b8784f699b3236cc031a7b0e5ac485ba2c4dfeaa0c1b3bcbeda29e5425af5a661f48dec9f1adcccf3f4040a528c23

Download Submit
C:\Windows\womtrust.dll
Filesize
93KB

MD5
d24ada011a7440b33b625612bd549fde

SHA1
2c4ac5e8d63bd3cc14f35fc6f3898c8814811d59

SHA256
c5ba737662ff8a5fe634b77b44b0bfa028ab7d756b9cc608026da3d8b4cdb9be

SHA512
c3196482aab2e831d29870404200758d2e0b8784f699b3236cc031a7b0e5ac485ba2c4dfeaa0c1b3bcbeda29e5425af5a661f48dec9f1adcccf3f4040a528c23

Download Submit
memory/404-225-0x0000000000400000-0x0000000000C31000-memory.dmp

Filesize
8.2MB

Download
memory/404-226-0x0000000000400000-0x0000000000C31000-memory.dmp

Filesize
8.2MB

Download
memory/404-227-0x0000000000400000-0x0000000000C31000-memory.dmp

Filesize
8.2MB

Download
memory/1440-178-0x0000000000000000-mapping.dmp

Download
memory/1560-181-0x0000000000000000-mapping.dmp

Download
memory/2136-198-0x0000000000000000-mapping.dmp

Download
memory/2736-216-0x00007FFC85CD0000-0x00007FFC86791000-memory.dmp

Filesize
10.8MB

Download
memory/3100-175-0x0000000000400000-0x0000000000C31000-memory.dmp

Filesize
8.2MB

Download
memory/3100-171-0x0000000000000000-mapping.dmp

Download
memory/3100-177-0x0000000000400000-0x0000000000C31000-memory.dmp

Filesize
8.2MB

Download
memory/3112-149-0x0000000000000000-mapping.dmp

Download
memory/3264-187-0x0000000000000000-mapping.dmp

Download
memory/3264-197-0x0000000000400000-0x0000000000C31000-memory.dmp

Filesize
8.2MB

Download
memory/3548-204-0x000002A531590000-0x000002A53159A000-memory.dmp

Filesize
40KB

Download
memory/3548-205-0x00007FFC85E40000-0x00007FFC86901000-memory.dmp

Filesize
10.8MB

Download
memory/3548-202-0x000002A531500000-0x000002A531522000-memory.dmp

Filesize
136KB

Download
memory/3548-212-0x00007FFC85E40000-0x00007FFC86901000-memory.dmp

Filesize
10.8MB

Download
memory/3992-207-0x00007FFC85E40000-0x00007FFC86901000-memory.dmp

Filesize
10.8MB

Download
memory/3992-209-0x00007FFC85E40000-0x00007FFC86901000-memory.dmp

Filesize
10.8MB

Download
memory/4408-164-0x0000000000000000-mapping.dmp

Download
memory/4688-148-0x0000000000000000-mapping.dmp

Download
memory/4800-218-0x00007FFC85CD0000-0x00007FFC86791000-memory.dmp

Filesize
10.8MB

Download
memory/4800-221-0x00007FFC85CD0000-0x00007FFC86791000-memory.dmp

Filesize
10.8MB

Download
memory/4956-144-0x0000000000000000-mapping.dmp

Download
memory/4968-168-0x0000000007230000-0x000000000723A000-memory.dmp

Filesize
40KB

Download
memory/4968-142-0x0000000007230000-0x000000000723A000-memory.dmp

Filesize
40KB

Download
memory/4968-222-0x0000000074DE0000-0x0000000074DEA000-memory.dmp

Filesize
40KB

Download
memory/4968-167-0x0000000074DE0000-0x0000000074DEA000-memory.dmp

Filesize
40KB

Download
memory/4968-169-0x0000000007230000-0x000000000723A000-memory.dmp

Filesize
40KB

Download
memory/4968-137-0x0000000074DE0000-0x0000000074DEA000-memory.dmp

Filesize
40KB

Download
memory/4968-170-0x0000000007230000-0x000000000723A000-memory.dmp

Filesize
40KB

Download
memory/4968-143-0x0000000007230000-0x000000000723A000-memory.dmp

Filesize
40KB

Download