7083ed1da5168ec9e32fb565447b400ee962e3e7b2e59583c24d60b226629a8b

Analysis

max time kernel
139s
max time network
134s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
28/05/2023, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Тихая установка.cmd
Size

28B
MD5

f852832664a46367194b420e06083147
SHA1

e12a499e1bd1fd59ef6958594d0285a222693b84
SHA256

3f45560b1a0e804f1a1d98e72aba37e9704d29f5a3a4d171a5ab5876eb5d418f
SHA512

8c62e212a95c0dcb91ea9bcbde7951fdad0079e8730414f51ffe526fbb3bac581ba7de7701e4d9363125ce7980513b3cea15afab227c22c3c6eef006f481fb40

Score

7^/10

persistence upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral5/files/0x00070000000134da-59.dat	acprotect
behavioral5/files/0x00070000000134da-62.dat	acprotect
behavioral5/files/0x00070000000134da-64.dat	acprotect
behavioral5/memory/908-75-0x0000000010000000-0x000000001000A000-memory.dmp	acprotect

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Control Panel\International\Geo\Nation	Start11Config.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Control Panel\International\Geo\Nation	Start11Config.exe

Executes dropped EXE 8 IoCs

pid	Process
1616	Start11Srv.exe
760	Start11Srv.exe
1728	Start11_64.exe
300	Start11_64.exe
1164	Start11_64.exe
524	Start11Config.exe
1936	Start11Config.exe
1432	Start11_64.exe

Loads dropped DLL 16 IoCs

pid	Process
908	Stardock.Start11-1.43.exe
908	Stardock.Start11-1.43.exe
908	Stardock.Start11-1.43.exe
1616	Start11Srv.exe
760	Start11Srv.exe
1728	Start11_64.exe
300	Start11_64.exe
1164	Start11_64.exe
908	Stardock.Start11-1.43.exe
524	Start11Config.exe
1052	regsvr32.exe
1152	regsvr32.exe
1936	Start11Config.exe
908	Stardock.Start11-1.43.exe
908	Stardock.Start11-1.43.exe
908	Stardock.Start11-1.43.exe

Modifies system executable filetype association 2 TTPs 6 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\ShellEx\ContextMenuHandlers\Start10Shell	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\ShellEx\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ = "C:\\Program Files (x86)\\Stardock\\Start11\\Start10Shell64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral5/files/0x00070000000134da-59.dat	upx
behavioral5/files/0x00070000000134da-62.dat	upx
behavioral5/files/0x00070000000134da-64.dat	upx
behavioral5/memory/908-75-0x0000000010000000-0x000000001000A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Stardock\Start11\Links\9.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Fabric_x2.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Rust_x2.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\zh-cn.lng	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\S11Search64.exe	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Stardock.ApplicationServices.dll	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\mrmsupport.dll	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\25.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\zh-tw.lng	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Sonar Large.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 02 Mono.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\SdAppServices.dll	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\11.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\21.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Wood_x1.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\20.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Default.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Jeans_x2.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\DeElevate.exe	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Immersive Control Panel.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\22.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Flame Grid 04.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\start10_64.dll	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Flame Grid 01.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Element Large.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Wood_x2.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Start11.exe	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\el.lng	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\sv.lng	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Start10ThemeEdit.exe	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\8.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Large Angle Stripes_x2.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Metal Grid_x2.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\fr.lng	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Default.spak	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Start10.exe	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Reflow.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Sonar.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Biohazard.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Flow Large.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Reflow Large.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\ja.lng	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\S11Search.exe	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\defs.ini	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\GroupPolicy\en-us\start8_gp.adml	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\31.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\GroupPolicy\start8_gp.admx	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Old Wood_x2.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Corroded_x2.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\ko.lng	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\it.lng	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\ru.lng	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\23.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Start8 Logo Large.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Start8 Logo.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 01.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\DefaultMedium.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 03 Mono.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 04 Mono.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\10.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\24.lnk	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Marble_x2.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\DefaultLarge.png	Stardock.Start11-1.43.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Metallic_x2.png	Stardock.Start11-1.43.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\womtrust.dll	Stardock.Start11-1.43.exe
File created	C:\Windows\wontrust.dll	Stardock.Start11-1.43.exe

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0c7e0f27c91d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eaa0e2b08ffef84a9b3e9fbc046e098b0000000002000000000010660000000100002000000077367b2e6801b6485bab4d281f2a882021022ed48b663c92dafc6e0398541572000000000e800000000200002000000064738a54c2a513bec4c6e7fdd4603a99d35f161704a5b8421601ef594670bc6a90000000ec057ed17278318a7743a4eb75832b469fe135173533217d3b23d94220f01406d72df13db66a8d5ce847757a57bbd654e2ee91c9a1edc053b643a0cf4ae3600c2cf3658f1d7981c5ba0117c2b536fdfe13c5e31ebd52b250e25e155d01a5e361882148a00d26184fa322c525272e3c7e8d517825ec6b43b3e7bf1105f52f36626c8bd0a240d11aaba5d1e316ddc97bd34000000051b0530f707e01acc50c92f81afdebdd17cb0f2979227af024e3f2188d1b3d22b13c3a6f25b9d6e5ce8b73c429f2d6007e34168de717986ce1d9ad517beb183f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "392054339"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eaa0e2b08ffef84a9b3e9fbc046e098b000000000200000000001066000000010000200000000e800f615e1e078149a0c82cccbe5b1dc5c9cf3d8f47db7485e147f061309de9000000000e80000000020000200000003f4bb5670d4434c5804fdac8d1a477237f32993c6edbaf3b5e61825dbf01dce32000000014a307459a196c24f8759a2aa6a22af39178f08f409ab3f45e42e0c651d9da57400000002d91e6fcb4669320b1ce8feb92a346823fb06b651b579e7c0c0eace4adf236cc765bb3c2b97ea7f0e379af2ea0a5c9c06f586ee653487da54431d264ba74a394	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{24DF9B81-FD70-11ED-927D-F2C06CA9A191} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\ShellEx\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\ = "Start10Shell Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ = "C:\\Program Files (x86)\\Stardock\\Start11\\Start10Shell64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\ShellEx\ContextMenuHandlers\Start10Shell	regsvr32.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Start11Config.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Start11Config.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Start11Config.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Start11Config.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
908	Stardock.Start11-1.43.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	760	Start11Srv.exe
Token: SeIncBasePriorityPrivilege	760	Start11Srv.exe
Token: 33	300	Start11_64.exe
Token: SeIncBasePriorityPrivilege	300	Start11_64.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
300	Start11_64.exe
1728	Start11_64.exe
1164	Start11_64.exe
1484	iexplore.exe
300	Start11_64.exe
300	Start11_64.exe
300	Start11_64.exe
300	Start11_64.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
524	Start11Config.exe
1484	iexplore.exe
1484	iexplore.exe
1936	Start11Config.exe
1688	IEXPLORE.EXE
1688	IEXPLORE.EXE
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 58 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 908	1996	cmd.exe	28
PID 1996 wrote to memory of 908	1996	cmd.exe	28
PID 1996 wrote to memory of 908	1996	cmd.exe	28
PID 1996 wrote to memory of 908	1996	cmd.exe	28
PID 908 wrote to memory of 1616	908	Stardock.Start11-1.43.exe	29
PID 908 wrote to memory of 1616	908	Stardock.Start11-1.43.exe	29
PID 908 wrote to memory of 1616	908	Stardock.Start11-1.43.exe	29
PID 908 wrote to memory of 1616	908	Stardock.Start11-1.43.exe	29
PID 1616 wrote to memory of 1728	1616	Start11Srv.exe	32
PID 1616 wrote to memory of 1728	1616	Start11Srv.exe	32
PID 1616 wrote to memory of 1728	1616	Start11Srv.exe	32
PID 1616 wrote to memory of 1728	1616	Start11Srv.exe	32
PID 760 wrote to memory of 300	760	Start11Srv.exe	33
PID 760 wrote to memory of 300	760	Start11Srv.exe	33
PID 760 wrote to memory of 300	760	Start11Srv.exe	33
PID 760 wrote to memory of 300	760	Start11Srv.exe	33
PID 908 wrote to memory of 1164	908	Stardock.Start11-1.43.exe	34
PID 908 wrote to memory of 1164	908	Stardock.Start11-1.43.exe	34
PID 908 wrote to memory of 1164	908	Stardock.Start11-1.43.exe	34
PID 908 wrote to memory of 1164	908	Stardock.Start11-1.43.exe	34
PID 908 wrote to memory of 524	908	Stardock.Start11-1.43.exe	35
PID 908 wrote to memory of 524	908	Stardock.Start11-1.43.exe	35
PID 908 wrote to memory of 524	908	Stardock.Start11-1.43.exe	35
PID 908 wrote to memory of 524	908	Stardock.Start11-1.43.exe	35
PID 524 wrote to memory of 1484	524	Start11Config.exe	36
PID 524 wrote to memory of 1484	524	Start11Config.exe	36
PID 524 wrote to memory of 1484	524	Start11Config.exe	36
PID 524 wrote to memory of 1484	524	Start11Config.exe	36
PID 908 wrote to memory of 1052	908	Stardock.Start11-1.43.exe	37
PID 908 wrote to memory of 1052	908	Stardock.Start11-1.43.exe	37
PID 908 wrote to memory of 1052	908	Stardock.Start11-1.43.exe	37
PID 908 wrote to memory of 1052	908	Stardock.Start11-1.43.exe	37
PID 908 wrote to memory of 1052	908	Stardock.Start11-1.43.exe	37
PID 908 wrote to memory of 1052	908	Stardock.Start11-1.43.exe	37
PID 908 wrote to memory of 1052	908	Stardock.Start11-1.43.exe	37
PID 1052 wrote to memory of 1152	1052	regsvr32.exe	38
PID 1052 wrote to memory of 1152	1052	regsvr32.exe	38
PID 1052 wrote to memory of 1152	1052	regsvr32.exe	38
PID 1052 wrote to memory of 1152	1052	regsvr32.exe	38
PID 1052 wrote to memory of 1152	1052	regsvr32.exe	38
PID 1052 wrote to memory of 1152	1052	regsvr32.exe	38
PID 1052 wrote to memory of 1152	1052	regsvr32.exe	38
PID 908 wrote to memory of 1936	908	Stardock.Start11-1.43.exe	40
PID 908 wrote to memory of 1936	908	Stardock.Start11-1.43.exe	40
PID 908 wrote to memory of 1936	908	Stardock.Start11-1.43.exe	40
PID 908 wrote to memory of 1936	908	Stardock.Start11-1.43.exe	40
PID 1484 wrote to memory of 1688	1484	iexplore.exe	41
PID 1484 wrote to memory of 1688	1484	iexplore.exe	41
PID 1484 wrote to memory of 1688	1484	iexplore.exe	41
PID 1484 wrote to memory of 1688	1484	iexplore.exe	41
PID 1484 wrote to memory of 1472	1484	iexplore.exe	43
PID 1484 wrote to memory of 1472	1484	iexplore.exe	43
PID 1484 wrote to memory of 1472	1484	iexplore.exe	43
PID 1484 wrote to memory of 1472	1484	iexplore.exe	43
PID 908 wrote to memory of 1432	908	Stardock.Start11-1.43.exe	44
PID 908 wrote to memory of 1432	908	Stardock.Start11-1.43.exe	44
PID 908 wrote to memory of 1432	908	Stardock.Start11-1.43.exe	44
PID 908 wrote to memory of 1432	908	Stardock.Start11-1.43.exe	44

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Тихая установка.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\Stardock.Start11-1.43.exe
  Stardock.Start11-1.43.exe /S
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious use of WriteProcessMemory
  PID:908
- - C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
    "C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe" -install
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1616
  - - C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
      "C:\Program Files (x86)\Stardock\Start11\Start11_64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of FindShellTrayWindow
      PID:1728
- - C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
    "C:\Program Files (x86)\Stardock\Start11\Start11_64.exe" START
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of FindShellTrayWindow
    PID:1164
- - C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
    "C:\Program Files (x86)\Stardock\Start11\Start11Config.exe" INSTALL
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:524
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://redirects.stardock.com/start8/1.0/product/affiliate/stardock
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1484
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1484 CREDAT:275457 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1688
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1484 CREDAT:275461 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1472
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32.exe /s "C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1052
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll"
      4⤵
      Loads dropped DLL
      Modifies system executable filetype association
      Registers COM server for autorun
      Modifies registry class
      PID:1152
- - C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
    "C:\Program Files (x86)\Stardock\Start11\Start11Config.exe" FIXSEARCH
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1936
- - C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
    "C:\Program Files (x86)\Stardock\Start11\Start11_64.exe" START
    3⤵
    - Executes dropped EXE
    PID:1432

C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:760
- C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
  "C:\Program Files (x86)\Stardock\Start11\Start11_64.exe" START
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:300

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Stardock\Start11\Default.spak

Filesize
265KB

MD5
04836268553825b68fe9f64c8b242130

SHA1
5f82547959547ea10e5f50a07ac8b635a81045da

SHA256
90763510c505da1ab3e9b2811a5d3620ed8d47d1d510a8902134bab0a171e594

SHA512
e87b35de172c88c6efd69ba6e403433ee983d32eec420adfb701d1c6026928d790b9fd291be9773e445d73c36c3fce89ad004bc01521cf43f29b6ba2e75edb0f

Download Submit
C:\Program Files (x86)\Stardock\Start11\S11Search.exe

Filesize
138KB

MD5
def5fe3a48b2bebb5d0bc4ffa4e68c8c

SHA1
fdfd31a5c27ae9e163e5400e0efefbbffdc1edee

SHA256
83f01e9fa92a596f1eb5665d0e1dbc94f2b97baa1d1e9f3d96607a6252e5fbdf

SHA512
ce98f707ec1a5fe41171a29b8c57f477783ec2b2bb7a04d2cf62e946179fe51b01cdad12211cfd93d11f229d2ce08ea0c99788f168fa2bb2b4a8539548c16245

Download Submit
C:\Program Files (x86)\Stardock\Start11\S11Search64.exe

Filesize
178KB

MD5
babbd30ce081bee9a63b399cd2ef9be0

SHA1
5fc81ad3e5437c30949cec375b6fe5d25a5aba4d

SHA256
26c86b920c6f5837078f3eca3a51b5b23563ebb763f7605531c3fc4a8cb2c5f4

SHA512
158d493e2967ecb6ff1a9603886166554c668407f83ad665e043453a1ce9c087473e40055c7c129de4fe02f1107accfb363753bfa322c82a8bd8a76679991980

Download Submit
C:\Program Files (x86)\Stardock\Start11\SdAppServices.dll

Filesize
1.1MB

MD5
6012138cbd163a24465315ee641f49d0

SHA1
6261bebbafe4ba2151556a8814a0516f5b79c4ac

SHA256
e2b2fa1060dd42d636d6a71b2f534a19aa01237ca31062a6df214fb33fb921ab

SHA512
7ab0f223312352ecb25ebbc19972af4b1058cebf1ad3895140b3047da62848b1bab8e1febb357476db46c480d543e09807fd0077c0ecc569ae15fa68933784a4

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10.exe

Filesize
329KB

MD5
3e9994b595f6bffec24ed705398ea2fb

SHA1
01307767dcd1ba3ceab55c69e3e13d569ba1a202

SHA256
02dc0a089946622f72e685dfa24f3530f28cf62f342b2e82a7e0bfab7013c114

SHA512
d9fbce892cc0f848293c927c62085aa43b51e23eb82b03c41a8f4c95dda5e949e5a9a14934fa61723f49bf411d4391a2c45666c3c7b8a508055a3be55d269c63

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10Shell32.dll

Filesize
155KB

MD5
fc4111fa75f85e393284ee0f5ec07bac

SHA1
783b97bc33074854efdb30eae2876dbe3d049f78

SHA256
71a5a79566374da4a9a1048bf7d26165a71fe9e57ca03d6b07a0ea41a8ae8667

SHA512
c126e28c2671edbae8f7ad283ef8c4947fb388f02f069d49d1928cdd8e14e1b749ee943f66414b26e7cc29c5ca205fddeb48e177cd2d255918e3ef4f8bae846a

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll

Filesize
195KB

MD5
1c9970a72a8e0bb84f5dde21c7c58b31

SHA1
6d7ea434f0b29370d4189b51b095720d141fbf8c

SHA256
b276fe71fa4fafd2b0badbedf9a783a285a7a375bf90769ab23189aba733e30f

SHA512
c1889eb164a517e2a56188c26c0bceb70d9b744f5898f525ce44fe0a8d92190bdf624fab63bc5d69d7648f579cf067c8ba5cddf2239a0215f2b011b89b3190cb

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10_32.dll

Filesize
2.1MB

MD5
03e57cb0c99a6bfabb19be198b42d0e0

SHA1
493e6c84b72cebf2ca448e243f4d2131128e70a0

SHA256
38a56d6be0794ead385ea4add18527c68cd8d62d28a903ff3143fbafe4e6895e

SHA512
8a96dc8e1b82ed1e2009008b5652ed1e12458a324c506e673e4441e0b5309c82ac7b68f70ce2bcb88989a67a23657ccd9d941e6c92e5b6daa4091c74ad27cb1d

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start10_64.dll

Filesize
3.4MB

MD5
3a67d9d01bfecdbdf053bb6e74a0cbb7

SHA1
6b90036827b3119f65166e215694938d00d24917

SHA256
6bfacb3e3449ef00477f763a91827548bf67ebf2a77a0abd6c91beb497323236

SHA512
771182ed184c61b634978aaf26b7ea547baa6a10003d27e1f8db6497e8f9a26477d2ce7dc3b2732fcf187dbfdb2d7c58af9bd2d44b6ec6d1e628fd899d1488bf

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11.exe

Filesize
340KB

MD5
45d9368fa2f314c8a6c3319b03b778a3

SHA1
3bd6ccd9319e3655bc438376e1d478e78373e66b

SHA256
410212f90bb582e302963571d75d0597bede5c5b999e06a076ac285ce70f3e7f

SHA512
ad49a67b58f937950c95ca18343fac920e01aa832c8bfc5cbc5a7178827f9132198d8e5af667a4ae32fcdc4497ac80b68c10eacde2daf0623274a4de237cdd17

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe

Filesize
6.5MB

MD5
b70373b2042612a99de30809f720a3c5

SHA1
e55dd012ef51cc2d46e586587a305b264f1dba64

SHA256
3e4de150325e8b492617e51e7a728018cf16b47e361934ca12f5f854299d61d7

SHA512
e5467e5393a5c6a2ef9da491b300ad6c31621d47da05f2d4c3d0c04350c428f93d98609401dcc8f217d8aa47bf555d91d26318cedfab01adb50e834ed00250cf

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe

Filesize
6.5MB

MD5
b70373b2042612a99de30809f720a3c5

SHA1
e55dd012ef51cc2d46e586587a305b264f1dba64

SHA256
3e4de150325e8b492617e51e7a728018cf16b47e361934ca12f5f854299d61d7

SHA512
e5467e5393a5c6a2ef9da491b300ad6c31621d47da05f2d4c3d0c04350c428f93d98609401dcc8f217d8aa47bf555d91d26318cedfab01adb50e834ed00250cf

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe

Filesize
6.5MB

MD5
b70373b2042612a99de30809f720a3c5

SHA1
e55dd012ef51cc2d46e586587a305b264f1dba64

SHA256
3e4de150325e8b492617e51e7a728018cf16b47e361934ca12f5f854299d61d7

SHA512
e5467e5393a5c6a2ef9da491b300ad6c31621d47da05f2d4c3d0c04350c428f93d98609401dcc8f217d8aa47bf555d91d26318cedfab01adb50e834ed00250cf

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe

Filesize
245KB

MD5
86ac3fa95df258390ea75db1f80e5a5a

SHA1
8298a6c4ab594a6a3099bf69dc10bcd5ceced2d9

SHA256
f9f7d8492fce0f2533030900bdb71b8a0f3c38dbc24f56003109d81cd8daa4be

SHA512
4fe8db3952a58072d293a9fc4247f5ed30e34d61456d9a833ef41efc770cb03c290f0e71b5702a997d8519ac8e5a04ce4e1777abb3c611ac21676b0a089e405a

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe

Filesize
245KB

MD5
86ac3fa95df258390ea75db1f80e5a5a

SHA1
8298a6c4ab594a6a3099bf69dc10bcd5ceced2d9

SHA256
f9f7d8492fce0f2533030900bdb71b8a0f3c38dbc24f56003109d81cd8daa4be

SHA512
4fe8db3952a58072d293a9fc4247f5ed30e34d61456d9a833ef41efc770cb03c290f0e71b5702a997d8519ac8e5a04ce4e1777abb3c611ac21676b0a089e405a

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe

Filesize
245KB

MD5
86ac3fa95df258390ea75db1f80e5a5a

SHA1
8298a6c4ab594a6a3099bf69dc10bcd5ceced2d9

SHA256
f9f7d8492fce0f2533030900bdb71b8a0f3c38dbc24f56003109d81cd8daa4be

SHA512
4fe8db3952a58072d293a9fc4247f5ed30e34d61456d9a833ef41efc770cb03c290f0e71b5702a997d8519ac8e5a04ce4e1777abb3c611ac21676b0a089e405a

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe

Filesize
348KB

MD5
19a5e453c2fc38823b8126b21d6b3b6f

SHA1
23aaee14a8c054f08e00fea83213ef9a8947172e

SHA256
e3bc5c0a2a2fd409b65c19ce33f9f21f389d537d851c6c05273ab1533e432f12

SHA512
9eb6e041ad080fb1258d54ad761bf8ded9a948afa3f2bbfead8f5c1b32cdb495ebab49ef78ddd19196b6baf2587095cc9b97b64293b6d2da51eeba412c197f70

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe

Filesize
348KB

MD5
19a5e453c2fc38823b8126b21d6b3b6f

SHA1
23aaee14a8c054f08e00fea83213ef9a8947172e

SHA256
e3bc5c0a2a2fd409b65c19ce33f9f21f389d537d851c6c05273ab1533e432f12

SHA512
9eb6e041ad080fb1258d54ad761bf8ded9a948afa3f2bbfead8f5c1b32cdb495ebab49ef78ddd19196b6baf2587095cc9b97b64293b6d2da51eeba412c197f70

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe

Filesize
348KB

MD5
19a5e453c2fc38823b8126b21d6b3b6f

SHA1
23aaee14a8c054f08e00fea83213ef9a8947172e

SHA256
e3bc5c0a2a2fd409b65c19ce33f9f21f389d537d851c6c05273ab1533e432f12

SHA512
9eb6e041ad080fb1258d54ad761bf8ded9a948afa3f2bbfead8f5c1b32cdb495ebab49ef78ddd19196b6baf2587095cc9b97b64293b6d2da51eeba412c197f70

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe

Filesize
348KB

MD5
19a5e453c2fc38823b8126b21d6b3b6f

SHA1
23aaee14a8c054f08e00fea83213ef9a8947172e

SHA256
e3bc5c0a2a2fd409b65c19ce33f9f21f389d537d851c6c05273ab1533e432f12

SHA512
9eb6e041ad080fb1258d54ad761bf8ded9a948afa3f2bbfead8f5c1b32cdb495ebab49ef78ddd19196b6baf2587095cc9b97b64293b6d2da51eeba412c197f70

Download Submit
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe

Filesize
348KB

MD5
19a5e453c2fc38823b8126b21d6b3b6f

SHA1
23aaee14a8c054f08e00fea83213ef9a8947172e

SHA256
e3bc5c0a2a2fd409b65c19ce33f9f21f389d537d851c6c05273ab1533e432f12

SHA512
9eb6e041ad080fb1258d54ad761bf8ded9a948afa3f2bbfead8f5c1b32cdb495ebab49ef78ddd19196b6baf2587095cc9b97b64293b6d2da51eeba412c197f70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FA

Filesize
471B

MD5
c1a528e707ee6bb29e571cc98323901a

SHA1
37773acaf5c3064159e5a3248364f92c7333f2fa

SHA256
03dcefa756fad95696f1d02ac17d6d723aedc9c3019bbcf4a25aa8f6f1ff7418

SHA512
ef8c8802349c1dc11090557de186f307db92590eeb6b6c60a97c32ab9568878b2e3ce4eb7b633230b6e6b2c26dfc0893a0d1a53f6a3cd9a3b862522409559f3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_B460DBDB6691F360C14B4617119E5588

Filesize
727B

MD5
6916879798dbb5b963962f2a5ea2d85e

SHA1
c2c7dfdb16ba5d6c68d69538832287e2189d02f4

SHA256
fc1fe0f7b747d5ea4031354ef4f3a0ca265aa641f9aa0944d123b0abe8a1cbe4

SHA512
9a0e69643673494172fdc72ea742febf9a2777bf0c15c01dee5911a9688e6faeab10b42ead375b987ce0fb0fb50c33c82d672195b4ed84c5fe8928a738d3c476

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
b5fcc55cffd66f38d548e8b63206c5e6

SHA1
79db08ababfa33a4f644fa8fe337195b5aba44c7

SHA256
7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

SHA512
aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
b5fcc55cffd66f38d548e8b63206c5e6

SHA1
79db08ababfa33a4f644fa8fe337195b5aba44c7

SHA256
7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

SHA512
aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
c9cf48b97144ed7bbb08788089ac5e41

SHA1
d7c00ee8fcac943d83713242c9fc6f9c51622650

SHA256
d29e7eaef6a0550bca5b165feb3209ba232138105fdce84de42997323597deac

SHA512
03143d812fa81a85eb86d0868615256dd3d137996b713ac2b760f685f6e36d6ba8f4dcf03e3f8efab97b3a66067a1a6b29a9fb0282f2c44aa99a55ce1ddc0368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FA

Filesize
400B

MD5
b4b7ecc10225154f5d8d9f041f2cae96

SHA1
d1edb747b8feaf483cc860c836c9230bb68610fa

SHA256
0759ea7a75733411970fa23f36a67728e7e352601a04ed01bfe434e0e107602e

SHA512
0ab07cf75a8098c6d29c98a16effe845ff7e95f100b806c053635169ed9f91683620cbc289679739ca9f947ccd6d26ebe9cd7b4d78ce869531a655c64c47cae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_B460DBDB6691F360C14B4617119E5588

Filesize
438B

MD5
cf9507ad8706266c679ddec6b4c61822

SHA1
6e947e919be151817c133bd36e784797d954c9f6

SHA256
9969712ec451a8486e1af8584006a878cd9814524f782c67ed140f1f3f3ec417

SHA512
8b1537e8fc725f93e3533df3db39ac3d5cdae955b82dce1ffe271f0f81c371041613033344d128c83f52d47f8f860bd0a02946b23f2b40650a59a70fad6035bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecdda85ba3d3df7da37dc7d37d9ce55a

SHA1
d74468825ddb6d4c76b5b03dd751bedc65409e91

SHA256
d616993789ec22cfae1c16175ad27bd85cdf294712b9193c6aaf795eb8b0ec4a

SHA512
f2070b1cea011a184675064622a2629185920545e7ef4d8a5e042f7ae427ff7f6350da40a526a20d8e1fb84423e175db65752c5b4259e7275b2a33f48396900c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fa761d4491e4b698a95cc3efe01c259

SHA1
7ea4ee3655e8373d18cc0f24f2ec5d00ed455201

SHA256
32971a349aa3655b580bb8b92de603700a58a1674ab92c177fd8a5faa9b60a47

SHA512
f3e72bf23a8c6fe144ea5a6fb96f999c9e7bef345b6b6f1257dcf85c962047319e27d8ec9154711c2822fa0284f8608b70ffb7e5f89c2fd520089713ed2dd51d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fa4889083acdaaaf1d516da549caeb4

SHA1
a99884a18d7d9c84a67751847bf3992348cb4e2f

SHA256
043c7c2f44519888452d28b94cff88dd8b07c8b6bf0d4e2442dd51d86d55c98b

SHA512
7e5d8008e4fbd2f967c1462d6e687a1cb161f71a77365a999e6dd661ebd843f28b94e38b9044b1dc72ea208d989ffc912e21985fc0717e1fff590f755b4bc0e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
613c3879d4485a18945168f8be0b3b19

SHA1
90bf458e131eb28245568ce4b134f8b02f5b594b

SHA256
e8adf77d35e03328ead88214eee8f426d944d121472db76ceb2464bf3a3c68f8

SHA512
a3313bc84168f06fd5783ed1908ce8a4ce7980aee633e285cd66ec880718a2dfc241b1e2cd4d05836eff09dc474f6c6e1c704559614f71d361bef30f11c6f6a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76628d43d212285a9fc9c266d53cc481

SHA1
015fa19af358752068470d8b188afa18719624f3

SHA256
f78e8bda906a0f1756041c983b211af0f3cf0ddef6a9a6704d33c9a531da8056

SHA512
384a4f0ffc4f146914b59d2f764b61c5fc8143096c69c4ed294d32cb16300d9c5758e33b32913585eb629b085d4fcd595ef21c57f93c7590b3ab119f027b01ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76628d43d212285a9fc9c266d53cc481

SHA1
015fa19af358752068470d8b188afa18719624f3

SHA256
f78e8bda906a0f1756041c983b211af0f3cf0ddef6a9a6704d33c9a531da8056

SHA512
384a4f0ffc4f146914b59d2f764b61c5fc8143096c69c4ed294d32cb16300d9c5758e33b32913585eb629b085d4fcd595ef21c57f93c7590b3ab119f027b01ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26c0ba3a1410c79c0f75d469b3a2cbef

SHA1
086c2eaa731e7c4c2968141839cc381687e1149d

SHA256
4406888858a39c3e6d78ead135f9e9a50ce35d369e863ed1b8aea26fcfb287c2

SHA512
43f843919ecf3d90eca0a3c93ccc18425da2097c4015c4b8686ff8ee6efcd897eff52a8a089379ee9f0d4b24ff7bbb1d03e94f7b3a1a9396e00b8741e1027fb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26c0ba3a1410c79c0f75d469b3a2cbef

SHA1
086c2eaa731e7c4c2968141839cc381687e1149d

SHA256
4406888858a39c3e6d78ead135f9e9a50ce35d369e863ed1b8aea26fcfb287c2

SHA512
43f843919ecf3d90eca0a3c93ccc18425da2097c4015c4b8686ff8ee6efcd897eff52a8a089379ee9f0d4b24ff7bbb1d03e94f7b3a1a9396e00b8741e1027fb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5231f887348e851e69012ac12f68e087

SHA1
fe9aa1e22b56bb3f6e3dde2950c3370e937a86e0

SHA256
7b6f41497decb6c5cab060add5d21b92e4fff961eab8a91a57cbc8b7e2161de5

SHA512
28ed3dc6db004ef8a0e6902dae1648d9d89f9f5c2f08b1fbbb743ea17cd194c80fb693a4952201d6369b8ef37a4ff0379363ff657f4b17acffd3cf801118ac8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c22c6dbcc21052471670e1774350d1f7

SHA1
839445e3b8f6d26b226e81f01ea46e32985084a2

SHA256
dda9f8cf6176f6871d420d95ae66ead7d906c17e85f78ffa51e5e405570534c5

SHA512
58f85d8fc2328fd6e99b6f76035fa7fd7ce2140812d434da58dd0b08290fb006a9944a5fe6d708c0adf05346e4f16dc9aab8f8a7f746cd0549cead27141fece8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c22c6dbcc21052471670e1774350d1f7

SHA1
839445e3b8f6d26b226e81f01ea46e32985084a2

SHA256
dda9f8cf6176f6871d420d95ae66ead7d906c17e85f78ffa51e5e405570534c5

SHA512
58f85d8fc2328fd6e99b6f76035fa7fd7ce2140812d434da58dd0b08290fb006a9944a5fe6d708c0adf05346e4f16dc9aab8f8a7f746cd0549cead27141fece8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfa3c9a5671b02da3c2b1311ed4f4722

SHA1
b188f0895a6bbf1ebda412462b4266d275a2aba3

SHA256
2ea8c569808de5baaa07563772129821afd73a1a0e54442259272d1c684de0c7

SHA512
9409edbcd21af491385eaed09dc78cfdb61a6786e329f75955b6b8d8347d02a5c76403a15b9616f59601597dbe442a580404ac9e4bc091e3c953f09caba19ecf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
089cb54ca90f041b9357a1eb70b80386

SHA1
aa6dc722df43236fedfc87b6af4f38a330d7b442

SHA256
f5cb830f28a21b2ff629e9de854096c9b531c87cfff36549d6d7fa14aa1abda0

SHA512
b4b466d730d17e174f38d54e4b0d27e9b199e55b39fbb67d9028cdb69233e16a217650f5a5ead4d1d0cbe0b91f10b4110e7b14b5fd0d0cbfed6f359bd29fa3df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
089cb54ca90f041b9357a1eb70b80386

SHA1
aa6dc722df43236fedfc87b6af4f38a330d7b442

SHA256
f5cb830f28a21b2ff629e9de854096c9b531c87cfff36549d6d7fa14aa1abda0

SHA512
b4b466d730d17e174f38d54e4b0d27e9b199e55b39fbb67d9028cdb69233e16a217650f5a5ead4d1d0cbe0b91f10b4110e7b14b5fd0d0cbfed6f359bd29fa3df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32213c7d02a99b63b750b13b02c4601d

SHA1
781b06a8ea58c39115f6e0823ff6c893a33afcea

SHA256
1e45e4b060dc46303d2b3cf8ad69f516804258be32d731548ed272ec240e51c2

SHA512
0971b71d9a85e553786f41e87d3e4f026b523023177e455f04cd1ced1ee24c014d325f804dc4ccc5d6675cfe2e3a24ec71b92dbf55d905a655729f6867bf3ab8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32213c7d02a99b63b750b13b02c4601d

SHA1
781b06a8ea58c39115f6e0823ff6c893a33afcea

SHA256
1e45e4b060dc46303d2b3cf8ad69f516804258be32d731548ed272ec240e51c2

SHA512
0971b71d9a85e553786f41e87d3e4f026b523023177e455f04cd1ced1ee24c014d325f804dc4ccc5d6675cfe2e3a24ec71b92dbf55d905a655729f6867bf3ab8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d69d633c245518a1671e5049427e240

SHA1
179a8d268a04e73a468b2cfdccb35cbec64d07b7

SHA256
c1ae504356bd39e4777fdfea0f2493ee79c6cb28bfa1225e20447700d156e2ae

SHA512
ba630b252749a741b86768da853ab635ef7e58e4fe7649365f3908feccdbd289ffdd0801166690dbf2f72c8888c07074cc74af22361462dda4b6e8c0156e4a80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
442B

MD5
d40f18db5a9f188a0003a9f0c0d86247

SHA1
9307f2dbba8bb01814a5ac3e36a159a2df9b84d1

SHA256
cddbbdd8ce0e67d7f9c30e44097251aa93e0c0e85d5fd46b0ea2b886c49c3a08

SHA512
a0029f2bd46c417e1f1e44bcad284e543223875088ca1e8da4f38e4a1ca7aa19dadf1cd25422da28649cfca61a13aff6cb676df5261ed788fdbcaf16409210ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BYN4WSI\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV74ZOZO\stardock[1].htm

Filesize
267B

MD5
46acd35eb1eca43a5a99b258d6ec3ca3

SHA1
bad16fbb3825934a5fcf81e7cb7eb71731564d81

SHA256
fad8e0d1cec5bbfd116ef8625e42261f239ae181e2d49894d01b3d1630a65b9e

SHA512
a38ce59813bb23d6b8f72ef548763ae9fdcb45fea0f373c5adf04144c7a7549ecd76ec8bd4a58acff649f7ac128f22559bcfb8ba70582da76e055215f8488696

Download Submit
C:\Users\Admin\AppData\Local\Stardock\Start11\SasLog.txt

Filesize
656B

MD5
5b711c9748e7485a2b4c52d111135602

SHA1
852766263817e925d59669c1cdef09aa08865eca

SHA256
2d61d4b2f03c2ead4bc523abe35e6aaed0ded58cce0f65dde70b23f318336431

SHA512
e4e6c0cd1d96bdc024cc6696065abf2249c8129198abd150a7ff5a92eb6d1c36590f1efc013126a23e37cfca1b5119117e8d976a175a138ec82dddae25eee1a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso5FFD.tmp\md5dll.dll

Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XJRN9P97.txt

Filesize
603B

MD5
ac6f053b25e40429d44a1d7bde8618cf

SHA1
14a18a5a6244bbe900c85e0e9f3e0f0c2cd96803

SHA256
cca4f03d43a0d8857bbd8dc1c9ab1a67613f487376afe6f206b558342271bc75

SHA512
d91cc75da780bb29961b5fc719d86662e5980c193db0a8cb2dafc2c5763cec2d31b7439412300b0060823f46f3cd6b7e05d74937edfa8f76c882742b85d56dfc

Download Submit
\Program Files (x86)\Stardock\Start11\SdAppServices.dll

Filesize
1.1MB

MD5
6012138cbd163a24465315ee641f49d0

SHA1
6261bebbafe4ba2151556a8814a0516f5b79c4ac

SHA256
e2b2fa1060dd42d636d6a71b2f534a19aa01237ca31062a6df214fb33fb921ab

SHA512
7ab0f223312352ecb25ebbc19972af4b1058cebf1ad3895140b3047da62848b1bab8e1febb357476db46c480d543e09807fd0077c0ecc569ae15fa68933784a4

Download Submit
\Program Files (x86)\Stardock\Start11\SdAppServices.dll

Filesize
1.1MB

MD5
6012138cbd163a24465315ee641f49d0

SHA1
6261bebbafe4ba2151556a8814a0516f5b79c4ac

SHA256
e2b2fa1060dd42d636d6a71b2f534a19aa01237ca31062a6df214fb33fb921ab

SHA512
7ab0f223312352ecb25ebbc19972af4b1058cebf1ad3895140b3047da62848b1bab8e1febb357476db46c480d543e09807fd0077c0ecc569ae15fa68933784a4

Download Submit
\Program Files (x86)\Stardock\Start11\Start10Shell64.dll

Filesize
195KB

MD5
1c9970a72a8e0bb84f5dde21c7c58b31

SHA1
6d7ea434f0b29370d4189b51b095720d141fbf8c

SHA256
b276fe71fa4fafd2b0badbedf9a783a285a7a375bf90769ab23189aba733e30f

SHA512
c1889eb164a517e2a56188c26c0bceb70d9b744f5898f525ce44fe0a8d92190bdf624fab63bc5d69d7648f579cf067c8ba5cddf2239a0215f2b011b89b3190cb

Download Submit
\Program Files (x86)\Stardock\Start11\Start10Shell64.dll

Filesize
195KB

MD5
1c9970a72a8e0bb84f5dde21c7c58b31

SHA1
6d7ea434f0b29370d4189b51b095720d141fbf8c

SHA256
b276fe71fa4fafd2b0badbedf9a783a285a7a375bf90769ab23189aba733e30f

SHA512
c1889eb164a517e2a56188c26c0bceb70d9b744f5898f525ce44fe0a8d92190bdf624fab63bc5d69d7648f579cf067c8ba5cddf2239a0215f2b011b89b3190cb

Download Submit
\Program Files (x86)\Stardock\Start11\Start11Config.exe

Filesize
6.5MB

MD5
b70373b2042612a99de30809f720a3c5

SHA1
e55dd012ef51cc2d46e586587a305b264f1dba64

SHA256
3e4de150325e8b492617e51e7a728018cf16b47e361934ca12f5f854299d61d7

SHA512
e5467e5393a5c6a2ef9da491b300ad6c31621d47da05f2d4c3d0c04350c428f93d98609401dcc8f217d8aa47bf555d91d26318cedfab01adb50e834ed00250cf

Download Submit
\Program Files (x86)\Stardock\Start11\Start11Config.exe

Filesize
6.5MB

MD5
b70373b2042612a99de30809f720a3c5

SHA1
e55dd012ef51cc2d46e586587a305b264f1dba64

SHA256
3e4de150325e8b492617e51e7a728018cf16b47e361934ca12f5f854299d61d7

SHA512
e5467e5393a5c6a2ef9da491b300ad6c31621d47da05f2d4c3d0c04350c428f93d98609401dcc8f217d8aa47bf555d91d26318cedfab01adb50e834ed00250cf

Download Submit
\Program Files (x86)\Stardock\Start11\Start11Config.exe

Filesize
6.5MB

MD5
b70373b2042612a99de30809f720a3c5

SHA1
e55dd012ef51cc2d46e586587a305b264f1dba64

SHA256
3e4de150325e8b492617e51e7a728018cf16b47e361934ca12f5f854299d61d7

SHA512
e5467e5393a5c6a2ef9da491b300ad6c31621d47da05f2d4c3d0c04350c428f93d98609401dcc8f217d8aa47bf555d91d26318cedfab01adb50e834ed00250cf

Download Submit
\Program Files (x86)\Stardock\Start11\Start11Srv.exe

Filesize
245KB

MD5
86ac3fa95df258390ea75db1f80e5a5a

SHA1
8298a6c4ab594a6a3099bf69dc10bcd5ceced2d9

SHA256
f9f7d8492fce0f2533030900bdb71b8a0f3c38dbc24f56003109d81cd8daa4be

SHA512
4fe8db3952a58072d293a9fc4247f5ed30e34d61456d9a833ef41efc770cb03c290f0e71b5702a997d8519ac8e5a04ce4e1777abb3c611ac21676b0a089e405a

Download Submit
\Program Files (x86)\Stardock\Start11\Start11_64.exe

Filesize
348KB

MD5
19a5e453c2fc38823b8126b21d6b3b6f

SHA1
23aaee14a8c054f08e00fea83213ef9a8947172e

SHA256
e3bc5c0a2a2fd409b65c19ce33f9f21f389d537d851c6c05273ab1533e432f12

SHA512
9eb6e041ad080fb1258d54ad761bf8ded9a948afa3f2bbfead8f5c1b32cdb495ebab49ef78ddd19196b6baf2587095cc9b97b64293b6d2da51eeba412c197f70

Download Submit
\Program Files (x86)\Stardock\Start11\Start11_64.exe

Filesize
348KB

MD5
19a5e453c2fc38823b8126b21d6b3b6f

SHA1
23aaee14a8c054f08e00fea83213ef9a8947172e

SHA256
e3bc5c0a2a2fd409b65c19ce33f9f21f389d537d851c6c05273ab1533e432f12

SHA512
9eb6e041ad080fb1258d54ad761bf8ded9a948afa3f2bbfead8f5c1b32cdb495ebab49ef78ddd19196b6baf2587095cc9b97b64293b6d2da51eeba412c197f70

Download Submit
\Program Files (x86)\Stardock\Start11\start10_64.dll

Filesize
3.4MB

MD5
3a67d9d01bfecdbdf053bb6e74a0cbb7

SHA1
6b90036827b3119f65166e215694938d00d24917

SHA256
6bfacb3e3449ef00477f763a91827548bf67ebf2a77a0abd6c91beb497323236

SHA512
771182ed184c61b634978aaf26b7ea547baa6a10003d27e1f8db6497e8f9a26477d2ce7dc3b2732fcf187dbfdb2d7c58af9bd2d44b6ec6d1e628fd899d1488bf

Download Submit
\Program Files (x86)\Stardock\Start11\start10_64.dll

Filesize
3.4MB

MD5
3a67d9d01bfecdbdf053bb6e74a0cbb7

SHA1
6b90036827b3119f65166e215694938d00d24917

SHA256
6bfacb3e3449ef00477f763a91827548bf67ebf2a77a0abd6c91beb497323236

SHA512
771182ed184c61b634978aaf26b7ea547baa6a10003d27e1f8db6497e8f9a26477d2ce7dc3b2732fcf187dbfdb2d7c58af9bd2d44b6ec6d1e628fd899d1488bf

Download Submit
\Program Files (x86)\Stardock\Start11\start10_64.dll

Filesize
3.4MB

MD5
3a67d9d01bfecdbdf053bb6e74a0cbb7

SHA1
6b90036827b3119f65166e215694938d00d24917

SHA256
6bfacb3e3449ef00477f763a91827548bf67ebf2a77a0abd6c91beb497323236

SHA512
771182ed184c61b634978aaf26b7ea547baa6a10003d27e1f8db6497e8f9a26477d2ce7dc3b2732fcf187dbfdb2d7c58af9bd2d44b6ec6d1e628fd899d1488bf

Download Submit
\Program Files (x86)\Stardock\Start11\Удалить Start11Config.exe

Filesize
176KB

MD5
413d970c37dfd06362ca4acd29e6d0de

SHA1
027e7cf1477679503ffcdbccb1cf9680ed7f7c34

SHA256
c81bca79e662d42afa0b3755e2deeb075b1d1d8bb022892b22d5c601c563a820

SHA512
c880080dd5fb1cfd889d8cfe4f2f14c247f7f167fd925648b3e2b79c3cfdd9747027a662d597b810df3c708290189caf0680168bd5bb0796e99c8e27e118dde5

Download Submit
\Users\Admin\AppData\Local\Temp\nso5FFD.tmp\md5dll.dll

Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
\Users\Admin\AppData\Local\Temp\nso5FFD.tmp\md5dll.dll

Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
memory/524-359-0x0000000000400000-0x0000000001171000-memory.dmp

Filesize
13.4MB

Download
memory/524-396-0x0000000000400000-0x0000000001171000-memory.dmp

Filesize
13.4MB

Download
memory/908-797-0x0000000000590000-0x00000000005A0000-memory.dmp

Filesize
64KB

Download
memory/908-358-0x00000000064F0000-0x0000000007261000-memory.dmp

Filesize
13.4MB

Download
memory/908-352-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/908-584-0x0000000000590000-0x00000000005A0000-memory.dmp

Filesize
64KB

Download
memory/908-77-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/908-75-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/908-353-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/1936-443-0x0000000000400000-0x0000000001171000-memory.dmp

Filesize
13.4MB

Download
memory/1936-416-0x0000000000400000-0x0000000001171000-memory.dmp

Filesize
13.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads