Malware Analysis Report

2025-04-03 19:51

Sample ID 241109-xc8l7azdpf
Target Start11v2-setup.exe
SHA256 48cb26764e09d08a2303a2b72f02400c4c45d336ce286e1030b6f4ac9d686702
Tags
discovery persistence privilege_escalation upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

48cb26764e09d08a2303a2b72f02400c4c45d336ce286e1030b6f4ac9d686702

Threat Level: Likely benign

The file Start11v2-setup.exe was found to be: Likely benign.

Malicious Activity Summary

discovery persistence privilege_escalation upx

Event Triggered Execution: Component Object Model Hijacking

UPX packed file

Checks computer location settings

Modifies system executable filetype association

Executes dropped EXE

Drops file in Program Files directory

Loads dropped DLL

Checks installed software on the system

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Program crash

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 18:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 18:43

Reported

2024-11-09 18:46

Platform

win10v2004-20241007-en

Max time kernel

82s

Max time network

76s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Stardock\Start11\Uninstall\uninstall.xml C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\MenuTextures\Abstract One.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\MenuTextures\Flame Grid 01.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\MenuTextures\Old Wood_x2.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-08.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 03 Mono.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\DeElevate64.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\DeElevator64.dll C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Launch.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Start10Shell32.dll C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\zip.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Old Wood_x2.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\lang\en-us.lng C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\MenuTextures\Metallic_x2.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Grunge Stone 02_x2.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\DeElevator64.dll C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\lang\pl.lng C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\Links\20.lnk C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\StartButtons\Arsenic Orb.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\StartButtons\DefaultMedium.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\start10_A64.dll C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\DeElevator.dll C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\StartButtons\Element Large.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\StartButtons\Flow Large.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Carbon Fibre_x2.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-09.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-17.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-17.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Start11Config.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\lang\pt-br.lng C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Metallic_x2.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 01.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\lang\en-us.lng C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\StartButtons\Default.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Metal Grid_x2.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Start11.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\Start11_64.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Notifications\Assets\Fences 4-icon.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Uninstall\IRIMG2.JPG C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Links\7.lnk C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\StartButtons\Triangle Two.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Small Angle Stripes_x2.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-01.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Launch2.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Notifications\System.ValueTuple.dll C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Notifications\Assets\Deskscapes 11-icon.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-16.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\lang\ru.lng C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\lang\zh-cn.lng C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Links\21.lnk C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Links\23.lnk C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\StartButtons\Echo2.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-10.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Start11_A64.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Notifications\Assets\Groupy 2-icon.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Rusty Metal Grid_x2.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\DeElevate.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\lang\ja.lng C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\lang\nl.lng C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Links\25.lnk C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File created C:\Program Files (x86)\Stardock\Start11\Links\3.lnk C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
File opened for modification C:\Program Files (x86)\Stardock\Start11\StartButtons\Reflow Large.png C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" C:\Windows\system32\regsvr32.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SdDisplay.exe = "11001" C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL\SdDisplay.exe = "1" C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open\command C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open\command\ = "\"C:\\Program Files (x86)\\Stardock\\Start11\\ExtractS8Theme.exe\" \"%1\"" C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.s8theme\ = "S8Theme" C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\ = "Start10Shell Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\Treatment = "3" C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\ = "open" C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open\ = "Set as Start11 theme" C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.s8theme C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ = "C:\\Program Files (x86)\\Stardock\\Start11\\Start10Shell64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\ = "Start11 Theme" C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\.s8theme\Treatment = "3" C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell C:\Windows\system32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe N/A
Token: 33 N/A C:\Program Files (x86)\Stardock\Start11\Start11_64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Stardock\Start11\Start11_64.exe N/A
Token: 33 N/A C:\Program Files (x86)\Stardock\Start11\Start11_64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Stardock\Start11\Start11_64.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11_64.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11_64.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11_64.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe N/A
N/A N/A C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4068 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 4068 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 4068 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 2424 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\reg.exe
PID 2424 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\reg.exe
PID 2424 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\reg.exe
PID 2424 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe
PID 2424 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe
PID 2424 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe
PID 2424 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\cmd.exe
PID 2424 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\cmd.exe
PID 2424 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\cmd.exe
PID 2424 wrote to memory of 3644 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\cmd.exe
PID 2424 wrote to memory of 3644 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\cmd.exe
PID 2424 wrote to memory of 3644 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\cmd.exe
PID 2424 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
PID 2424 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
PID 2424 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
PID 1460 wrote to memory of 4492 N/A C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
PID 1460 wrote to memory of 4492 N/A C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
PID 1612 wrote to memory of 2888 N/A C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
PID 1612 wrote to memory of 2888 N/A C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
PID 2424 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
PID 2424 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
PID 2424 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
PID 2424 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2424 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2424 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4832 wrote to memory of 4524 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 4832 wrote to memory of 4524 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 2424 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
PID 2424 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
PID 2424 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
PID 2424 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
PID 2424 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
PID 2424 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
PID 4464 wrote to memory of 4080 N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe
PID 4464 wrote to memory of 4080 N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe
PID 4464 wrote to memory of 4080 N/A C:\Program Files (x86)\Stardock\Start11\Start11Config.exe C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe

"C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1936418 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe" "__IRCT:3" "__IRTSS:0" "__IRSID:S-1-5-21-2437139445-1151884604-3026847218-1000"

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" export HKLM\Software\Stardock C:\Users\Admin\AppData\Local\Temp\registry_export.txt /y /reg:32

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe" C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.tmp

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c if exist "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock\Stardock ModernMix.lnk" (del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock\Stardock ModernMix.lnk" & echo found)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c if exist "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock\Stardock Start11.lnk" (del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock\Stardock Start11.lnk" & echo found)

C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe

"C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe" -install

C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe

"C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe"

C:\Program Files (x86)\Stardock\Start11\Start11_64.exe

"C:\Program Files (x86)\Stardock\Start11\Start11_64.exe"

C:\Program Files (x86)\Stardock\Start11\Start11_64.exe

"C:\Program Files (x86)\Stardock\Start11\Start11_64.exe" START

C:\Program Files (x86)\Stardock\Start11\Start11Config.exe

"C:\Program Files (x86)\Stardock\Start11\Start11Config.exe" INSTALL

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll"

C:\Program Files (x86)\Stardock\Start11\Start11Config.exe

"C:\Program Files (x86)\Stardock\Start11\Start11Config.exe" FIXSEARCH

C:\Program Files (x86)\Stardock\Start11\Start11Config.exe

"C:\Program Files (x86)\Stardock\Start11\Start11Config.exe" REBUILDSEARCH

C:\Program Files (x86)\Stardock\Start11\Start11Config.exe

"C:\Program Files (x86)\Stardock\Start11\Start11Config.exe"

C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe

"C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe" -prodId=2674 -ProdName="Start11" -company="Stardock" -forceUi="Welcome" -parentPid=4464 -prodVer="2.1.1.0" -ResponsePipe=1440 -ownerWnd=00070236

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4080 -ip 4080

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 1228

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 install.api.stardock.net udp
US 66.79.209.82:443 install.api.stardock.net tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.23.210.82:80 r10.o.lencr.org tcp
US 8.8.8.8:53 82.209.79.66.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
US 66.79.209.82:443 install.api.stardock.net tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 68ac216f38a5f7c823712c216ca4b060
SHA1 f6ad96e91103c40eb33fd3f1324d99093e5d014e
SHA256 748d48d246526e2a79edcde87255ffa5387e3bcc94f6ca5e59589e07e683cd80
SHA512 9b7dce4ed6e2caee1cdb33e490e7062344d95d27ba48e96f66094a3413da27fb32680dd2e9a5b2091489780929c27fe36914210793fbef81dfb5b4fb1a9b469b

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/2424-12-0x0000000000990000-0x0000000000D78000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\eula.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Encoding.lmd

MD5 6eec47ab86d212fe3ed0f56985c8e817
SHA1 06da90bcc06c73ce2c7e112818af65f66fcae6c3
SHA256 d0b2fa60e707982899ecd8c4dc462721c82491245b26721a7c0e840c5f557aed
SHA512 36d6ef8a3fecb2c423079cadbfcbe2b044095f641c9a6ce0f9d0e96c6400f00a089aa26cc9d361bfdbcfdc3a8487d18d64956b36f39320648d1ddb565221a9cb

memory/2424-47-0x00000000067D0000-0x00000000067D3000-memory.dmp

memory/2424-46-0x0000000010000000-0x0000000010144000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\REG878F.tmp

MD5 c6247e9f51d328f2d7d1bcf2dde15ae9
SHA1 66428b3d3a9789b980c7a820fb72ffb31e200f8b
SHA256 8540a5e828472342d208efce8a59cb130f735331eaaac4dda3a5ba8b4dbc17fd
SHA512 e093d2d3c1826afcac9158e9b5c98faa03c3a1d5642ea4f97cd93a8755d3f5be594651f3c9fbddd4df07850c13158fc84bc7541ebb84a501086f3916244523fc

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe

MD5 55bbf335f75f2a2fe0a5daf603964d41
SHA1 f1b9686e8a9f10682722fc5e08c02c016b597804
SHA256 723adae0e69127a6bfbc65c5ef552a351264205ea5e2bc3b80e505feaa5d0e43
SHA512 af49055234cb4a0ddbc68212db094c7a7a1058ccf6a1a5830238fe3ff96fa35390d242322436839d6d7e419bd9e4ad8962e213222470625cffb46423dec44db6

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.tmp

MD5 3161f8a0877b31e91be6070a4aeb8068
SHA1 e95e152ae28361d36f9ece0d7f50c4751b59eb4f
SHA256 a0c92c872545b4a8dffc07f959767a189a3f8e1db12a74af349ae5fee328cf42
SHA512 a012c0c25aa09f3f6b69907739bd836cfc5cea829e4b7a66fc8a980f220588c8af64652ba624593b2fefc124bb9c29e51b62df2af7611dd19e81c3d83251cff1

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.JPG

MD5 3220a6aefb4fc719cc8849f060859169
SHA1 85f624debcefd45fdfdf559ac2510a7d1501b412
SHA256 988cf422cbf400d41c48fbe491b425a827a1b70691f483679c1df02fb9352765
SHA512 5c45ea8f64b3cdfb262c642bd36b08c822427150d28977af33c9021a6316b6efed83f3172c16343fd703d351af3966b06926e5b33630d51b723709712689881d

memory/2424-93-0x0000000000990000-0x0000000000D78000-memory.dmp

memory/2424-94-0x00000000067D0000-0x00000000067D3000-memory.dmp

memory/2424-96-0x0000000010000000-0x0000000010144000-memory.dmp

memory/2424-95-0x0000000000990000-0x0000000000D78000-memory.dmp

C:\Program Files (x86)\Stardock\Start11\Uninstall\uninstall.xml

MD5 59cc4715893db6ec61c51748207e5588
SHA1 c3093fc12775a79ab165944c2824b28710d32cff
SHA256 5018de6cc190915b9534a2443b31008344b3445fb95d52a5779addd37b26e6a0
SHA512 e25df0eb320785a640e6b4ba22e2a7f6186f7b16e957439b30c7bd6996c9bb8443afbea3ad859534fe5b79f02b0f1e717c0a0f3bdb42cceca83cddb4dba493ff

C:\Program Files (x86)\Stardock\Start11\Uninstall\uninstall.xml

MD5 273d0e9716fc1cdd2067a4a1525c833f
SHA1 d47bf51358938a034f5341c8edc3bb0ebdfaeaee
SHA256 4682c84310f0056a0e5b364f592dad3f8729713907a9d584a5d13ecfc6bc572b
SHA512 92604270622333f5f4c9d90759f8149b941f10228329bf566e364a20e9432c2c7b7be134bc251d12a13be8f72bb3b1eeec9d11e04b66bfaa2326ae6ce384361b

C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe

MD5 f70fbcc9916e38d414157a0deab1c4ef
SHA1 e7da005c8fbc1d309b28902cd2fa3d11022f42bf
SHA256 915737d623601c90fb63745a2ce2086b0b6c9551ff3e4b0156d705d8452cb95b
SHA512 50ca193c257a4c2b47d024cd9a002473aa69b64378097677b1265d456716292aa8d27d780082227aef2629970f11de3c4bd5d2c5073fe3c25972d06ecf5b52ed

C:\Program Files (x86)\Stardock\Start11\Start11_64.exe

MD5 46c398c5e82a61580b00b1aa8cc268f0
SHA1 b4d77f62a166521a791ac819d5f15b36089736b5
SHA256 0edd8851ef648039d36f3669bbfdcaee1ef1e45048b224af7f0358758db4604f
SHA512 0ff323d3d6b8eaa699a808991ded23bf572c844cad11fa987d20f482cfcd6fa21c41724484b1b5f7c3c42e1b6181add58a29966dea1726d3eb2febb7d3abc2dc

C:\Program Files (x86)\Stardock\Start11\PinMenu.exe

MD5 e704c5d11852cb776d950444c01e659b
SHA1 00fb5ea2cb4717f9e35cc6cd82f5d345d6192646
SHA256 9ca4b38151db0e233d01a458a75abdc421a799823faa3d488d5a036b50b011cd
SHA512 952c25a2b0b9a4d51f9525f9fe7ed8d40c8d00ac48afcdc60eb228bfe2b25a45e3f351ec06cb85e4e8c54f223c32b0e6e0789fc1134b80d2992aff844c0c2a76

C:\Program Files (x86)\Stardock\Start11\PinLaunch.exe

MD5 e1c1d962824ecf764806166644e4911b
SHA1 d895f81608a01023df27e4bfda228341997f7244
SHA256 351312eb20abf40983ac6bba7a33766355e7b3d4f5ea0e173fd537cb910b900a
SHA512 8c8868d569d381f4927431b582ef0adb301ab12f7aae782f629508a1ce3c44027315799c374cfcd274d0229c3a319af4e0dfb7ead86a794e80ac3208cbf9ba12

C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll

MD5 59daa54e0f5401541bbb2ee0aabb950e
SHA1 0a0452f9ef2f4be99010e496c94a57659694b7fe
SHA256 e2dc00de1303726eb70c9f719efaea948ccf24edc76bf0ada1362343c0ae1887
SHA512 e1b5ce8f62f7b9e1d43788b6d9f12677ee70b4d97f2c8499240ba3018ea2d8f81cf4efc9232016a41da2e3900ad1769a05e9ffe26de718afe652b27a13f81d04

C:\Program Files (x86)\Stardock\Start11\Start10Shell32.dll

MD5 cd8ad09f0d42a8e8c5922ff6c93d7d63
SHA1 66e49537f1234c4243ca0faebb7ce0fd71841731
SHA256 6c1df718f996f2310ff04867e14bbfc1be19b5cf48783d9ebf42cc5e1bcf1251
SHA512 cd61aa3dc932d7c42691629b55c212bd335296c03f922dfbac3b669d412bd03807b60eb80cd37b65d84e1db0dd00bdcd5c9b0bc1862e3fcaed0bc99ea5e5567f

C:\Program Files (x86)\Stardock\Start11\S11Search64.exe

MD5 babbd30ce081bee9a63b399cd2ef9be0
SHA1 5fc81ad3e5437c30949cec375b6fe5d25a5aba4d
SHA256 26c86b920c6f5837078f3eca3a51b5b23563ebb763f7605531c3fc4a8cb2c5f4
SHA512 158d493e2967ecb6ff1a9603886166554c668407f83ad665e043453a1ce9c087473e40055c7c129de4fe02f1107accfb363753bfa322c82a8bd8a76679991980

C:\Program Files (x86)\Stardock\Start11\S11Search.exe

MD5 def5fe3a48b2bebb5d0bc4ffa4e68c8c
SHA1 fdfd31a5c27ae9e163e5400e0efefbbffdc1edee
SHA256 83f01e9fa92a596f1eb5665d0e1dbc94f2b97baa1d1e9f3d96607a6252e5fbdf
SHA512 ce98f707ec1a5fe41171a29b8c57f477783ec2b2bb7a04d2cf62e946179fe51b01cdad12211cfd93d11f229d2ce08ea0c99788f168fa2bb2b4a8539548c16245

C:\Program Files (x86)\Stardock\Start11\Start11Config.exe

MD5 df64879adcae95cb056db6072e9f0c16
SHA1 44bb16da1de26288b92efa4e0a5c9d13d913462c
SHA256 1c1fa960a1504b23a3f75eb865d2c09b853e7b474f23031f01b977fc12cc8a56
SHA512 f435e6adb0591586d302a0c5ec04ac5708a81a4c407c82d788adfa637106e9cc50ee51f79dec5cb11711931508f5d982f166787594685d562a2aca8d9fac8cdc

C:\Program Files (x86)\Stardock\Start11\Start11_A64.exe

MD5 1ad990f26a923a418f0b03dcac0f964b
SHA1 337ae25698287fc151959ca727fd9f89b7bec7c8
SHA256 4690afc0120f278ef47db782ecb8d0f70426157a91a2c8dc8a8246f5fc57a926
SHA512 5438bff71b7e3fc117e3b60482062f5b85b798aa1407441a82a7c8ed4b5d894d5f53c8c410e53a56655a25fa5965affad44a66cbaad92ebaad45df75086c09e6

C:\Program Files (x86)\Stardock\Start11\Start11.exe

MD5 0d905bdf98a16dc6662c5b117e213e06
SHA1 12342c7bf296e027fcc9b61778880767c4bc4c72
SHA256 9cafbcc00ebc8860c3e9c2e0a278b24ae5205e8c36745e6ce377fa680afaa72d
SHA512 832ff7575e9bb44d6cfc9e497ae2fe9cb9b916459af7aeba98a1fdfed8bcccf517b178dcd8ab6b09f0c6e054628d2e36095ff3a18bf9165dd685d02e4a582286

C:\Program Files (x86)\Stardock\Start11\Start10.exe

MD5 3e9994b595f6bffec24ed705398ea2fb
SHA1 01307767dcd1ba3ceab55c69e3e13d569ba1a202
SHA256 02dc0a089946622f72e685dfa24f3530f28cf62f342b2e82a7e0bfab7013c114
SHA512 d9fbce892cc0f848293c927c62085aa43b51e23eb82b03c41a8f4c95dda5e949e5a9a14934fa61723f49bf411d4391a2c45666c3c7b8a508055a3be55d269c63

C:\Program Files (x86)\Stardock\Start11\Start10_32.dll

MD5 09de1164177c97ef4c85313671b1ee9e
SHA1 9fda43faf9e84d8b0d894ccc879fba3ee2af792b
SHA256 04c8d66503b6fc15ecb34a6d8886f3c06f09d505b710a38e84446d1396f92fe6
SHA512 0d2dbc7ee09fa34819097ce64705e8f64f74f7f0d2e82d07f26920b72726a57c69163229cf3da525fe78e3bb4d39fc235237c71530713706831e3d4905515813

C:\Program Files (x86)\Stardock\Start11\Start10_64.dll

MD5 15facf106a3246955fa4593525034e67
SHA1 56ba28e1b08f49919155c1b0d99f8539e9d7cfae
SHA256 940a3e78b8a84e322bc8d2ab12f8d7ad6293902ed31ed8f6b10f634cffccd426
SHA512 5e31a13f20bd315df6a89eb37db8079a85a549afa605d77d0550aa502d0693f115356b6d8b2427397a6632de18e8f985de3c032239fa94bb2000065f7bf0b520

C:\Program Files (x86)\Stardock\Start11\Start10_A64.dll

MD5 b0689c7eda4f68f0da202c69b1628904
SHA1 f26734af236299f90804d8b8b1708c44856d09b1
SHA256 5b010aac99d5f79c6211c7b6b345ac3fd200b5bb1203f39380a93c8ee04ba257
SHA512 0dd11d227e6786bba332dd43d3d69ab1afb6c85c2116513c237197b07cb56c74ee3008a6f71bce943f4bef0fea0b5a7dac3e2904d5811be7bc6e7af4e9ef750a

C:\Program Files (x86)\Stardock\Start11\SdAppServices.dll

MD5 468126eb1efaeb2c3897eaee587e0bbc
SHA1 b663598d60d094a90f6a1d07951d83c006be109e
SHA256 00767658b1ba964e19d0748ca4a66f01ff9e634a9f37c15b175a4c3c547d867c
SHA512 247d794cbad172ef6b7e8cfd6f97e5d6d47cf9374910d8d3ff43374bfca7f2cf54057e942f9c7e4e3e7add970c5496659a06485b72ef82c858679b338b836999

C:\Program Files (x86)\Stardock\Start11\Default.spak

MD5 21f335860a7e46e07a27282294e2a89b
SHA1 9bb0459be4493aaeb65cdbf67a85430259f33ddb
SHA256 70f6191e78b2603be47faf53052b3eab4897b311e932c01570444e9b147fa50e
SHA512 78db92966c58cba012d4a876599724d3e4b91e971ac837c85edfcb1603b004c002c799ae287b3b27eb604798a1500be4b3237d2f79fa7e7315b1e3b379d8c8f1

C:\Users\Admin\AppData\Local\Temp\Start11 Setup Log.txt

MD5 25288a685372bc8ef85478429a9a9196
SHA1 67a9b68a2ee5c5bd89a7eb376771e46e45d4690a
SHA256 f300f02cd2b314974bb154d7c54164e5144e766418ef3d1382d82b4cb036590b
SHA512 7a5d25961dd8603e2a9809cfc79c4a6367e4bd4e8e7d10ac04702e8428c6be5613166b815ed16cbd04c973c2f294cb9f4659aae839232930fea82dacae2a85f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_B460DBDB6691F360C14B4617119E5588

MD5 2aceb2f9a214adc6de28d8213df724ef
SHA1 98665218389376d18edc18bcddb5e22602db47a4
SHA256 09d8ee872e0964d56dbc41971335fc7a945df632af1ad8bcf1328d89d92bc252
SHA512 10922e3872c8299d2076b32289aec73a5fa8fe4ea5e029027aa0349800ae7ec6b605d2211601a48404c252fc8f5645cc152a9d161d8869b1380dafc059bcb4e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_B460DBDB6691F360C14B4617119E5588

MD5 f7617b77681f9194ab8d9c98d3e469ad
SHA1 2a5b096c14bf9061a09c8d01485e3c6909716abe
SHA256 569bca1c8dbdb57eb1a6e342aac7692c63e234840d48bb00d151e057e092d6bc
SHA512 b799f5874b0d0c85f6bab87dcd605805bef5404f12b57434121e4753c53b4423e9ac951256763654d4051e79cd8da7f271d554b1388938c8a5f534e3c0fbed6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 f0339c0506fe0b51215f7227b14e656f
SHA1 cf937eeed1483e23e81244baa03d5e8f112c56d5
SHA256 47bf8749c1ac54c6586d625c99219f03c6a073f3b3f5689444985aae85a3e5b1
SHA512 afb55465411bce78b7453e17aca382e0add24a1b0dd7f116cb077a2641abcbde8684e076d69ca6a3a61a3e47d156f85c80621082ab1a80f4a5b3b1b75f20d5bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 3c7facebc63995884dede36d21b19e45
SHA1 23d77d0285235b4540d95d5cb13188dcd24777fb
SHA256 035fcb8fc891bbd480a2f90d10c8cc8a815abb8ee1f96893a817b98e821fb13c
SHA512 fdf7c50442e2a5be01778c0990030f0c29fb267ae1183fda7a9c05702b94b9c8531879f037cddc9983f7fa18861c6495c894c4b4e929db4bbbd66a090f671d31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 766cf5cd1ccee5f31bf4332b8c8629be
SHA1 b2937666b4f615601081a7e1bdaee0326b820e38
SHA256 1e929742ccc963109fe468e0efed37be626873b4d70006928d1ce413c4019c69
SHA512 242343410a5d8ebe6e9d8d0b2fe833e9320068ae163ef02eab7cbb784afd66eb5a9e210cbc12ca419f559e3366d790ccd541e9027efc244ead30035abef6c538

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 180ff32cfbc19e245d8efc265487a3c5
SHA1 34b6d177ac4aee3efcc7fcfb5f8ca9f24016fa83
SHA256 d532de5ad52fe62c0839a0f92ae7bd9b631df34bf1c169790de7f2119cbecb0b
SHA512 a43c12bd996dc6cc4e929496d0d96421dc8722dd9a52d54c65117b4dec6eba12264c59523e29583e41f84180a5e4244eb73496195a2062aef8482d184681ce82

C:\Users\Admin\AppData\Local\Stardock\Start11\SasLog.txt

MD5 6bfc233eb0d8670c6fb8dde7e4f24ee0
SHA1 1470b1c912941bb8c0388e7ec848683cf063db9f
SHA256 68fa1b24b9c97b8e23b724636419d5469b47469cac6397944019254bb149be1d
SHA512 e08d7c9723de0d834fd300187edcba503d19498f8fdbdaae236cd0831680f25f7dc54093ba44e8bf1c0f7085b16ad1bccf9dfb765e7595daccb3248d0b7b5b53

C:\Users\Admin\AppData\Local\Stardock\Start11\SasLog.txt

MD5 d917612fd4dcfb19cd6566823e4a3c2b
SHA1 0c808a1d4a3db0ecf720ceb78a29848a8b1db620
SHA256 fb01baf470265e5cc056bae6ef61d861cf71bbb5062ee2065e05933a1969e08c
SHA512 d0146549437e72b82e5c44edd0d14adfa640aa9f86606a564681942e63299036a41f9e9c249b2ffe76743485baed43c42ac246e2816e60465f0b4b7a5270855b

memory/2424-1142-0x0000000000990000-0x0000000000D78000-memory.dmp

C:\Program Files (x86)\Stardock\Start11\Lang\en-US.lng

MD5 e60dda7ce8af541ac8d3dc821d5937c7
SHA1 316a406fb223cc23a3a1df3bdfa2b27cd1bd7448
SHA256 58c44a3d00e38b550ff21ccbb665dfbed0c2c780a585600acded5854bf153fb2
SHA512 fc64969363249e4e48de4e8aa519908ae9ec3b46f6962c8d252405d961fad2d4f4ddf89067cadf3ff141c72991267e8cbf8c53a0cc32ccc66258175d02cbb16b

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off taps or change the delay on your touchpad.lnk

MD5 3761dab3d0fb874b4ecff252d865f900
SHA1 34c22369158cc6d28ffc26d9ab0e397cb8bc2e81
SHA256 dd95f92c5a1eba5343ad1655c85727ac8c460d6f29da843c10185eb15a5083f4
SHA512 639c53caeaabd5ad2326273c4d350834cb5a53e1ab985c33df9295e95917284d4044e9d102a064d7266ea2068a9be7d4a14950db2002736e362e21744d880ca3

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Windows specifications.lnk

MD5 f2dbe074f53caa49b7fdafb2b3abc4cf
SHA1 0a38ae3258f632da6831733e5d7b861f38bc513b
SHA256 3e11753ef41dce8b635f97429d65929cb61854a08dd6d0d0c8e43a1ad22527da
SHA512 49d1db78e07a939f413032e30184314ae1e95c8559d72a1d15dacbdf66d2a6f0371faaae9db279d93ef1bfcc24ff163c9c67663cd313f5aeffcba910e4569464

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Handwriting Input Panel settings.lnk

MD5 291965faed6c8ca9b7ddea34e0430038
SHA1 2a4406e24f6e520dabfe2ceffd7ddf5ca0a2af36
SHA256 c62d602968283fb5ad7609d612b8f08c8252a3a252f6d38cf7250cd9c6398464
SHA512 71c669caa5755e207d9f6d75a926683a0aaa36676e9cfef6c9055e0d67d5077639e5248b15db7feefadfba278f0dd07dbee94f98c1318eab186b4dab78b332cd

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change when the PC sleeps.lnk

MD5 e31783863c0d22019f46952b4028e24c
SHA1 34fe06fbc37d3854ffad0988b9bed5f72566a38f
SHA256 d1fb63ca3ae2dc2d0e3af743c2cb64017d6cf1a8bc83a4770126b362c3e52d1b
SHA512 0ed1abbc8a011e0acd7ad8b22ddbcb9666b4f380c57ed439a2729b7bb8bc099f6a204d6487e1eac079d212da9f8f805e322733abe8d1de401b567a5aff48bb46

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Tabs in apps settings.lnk

MD5 635941a27c93499666e4cb14e9b4b882
SHA1 e0a607b93d54b441ccc49f8b2c550891bf03488f
SHA256 1045697a110b1555d6d2e7f2226d9af2777aa47fdfe71bef4e7ac8ab6b1f179e
SHA512 24f6c9d84a82184786f0d9ef1590eef871c99d59f922bf21c539d0582e9d3bde9309f5c0a007b6f838f6469a80b9f39ead0400becd87b09721e64f1c50449501

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose a default app for each type of file.lnk

MD5 a7b5ffa895c46883acaec5444d370839
SHA1 541c596f101f1c824cc127e7fa83b28b3833b4a6
SHA256 c25bf8cd1e9bfc6e94c50c92b28507ed778754a573570f656aef1acdebbabad0
SHA512 84662f091a1390ca09f5588dbf82d38e614a2f655450a4277b826581d27c9f3b324a53e00010f44b530534b3e469784423b8858eb77c09c4ce3c463b3260c34c

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Battery saver settings.lnk

MD5 9077541552701da1e54476c4d3ee22fc
SHA1 6e9c10d31fbf93b8d4e9e0c7ed20b6f36169f4f5
SHA256 57682f00e82e7c69066545919cdf3383c5490966cdb158fce191c126a63fbab6
SHA512 1f613a881afa0ca2d6e7f480db564c59dfaadbea8b2ed3b4885acbba345db0e017d0824220662222ea21e7639b6760553876d8bc42c1ac8a81c66d32019a8959

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Ease of Access settings.lnk

MD5 b19fcebc4ec8c56537801daec153031b
SHA1 ddee86ccec03bac1f86651ddab9cc9edc4136bf0
SHA256 649aec906d3764ded37ac896e7db280250a384d04f0f7770bf0147d04153de46
SHA512 529d46e5aeecb31440621cbb86a28473366f78feca074ad96b6d44dcd90c5530c22a9127f6e1240eda9bef5543293363e28ccf64fc714878b52f436193daf138

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Ease of Access interaction settings.lnk

MD5 60a193201335c58a50c1d7ad5153a729
SHA1 283101c45cd3315eeabbc53d3bba393dfcf498cb
SHA256 8538178262c6ef1ef3cbb00edb8d8564cac0f38f6da66b340bf37d8391ef8b10
SHA512 883a4ea4558cceb68c03f724d47094671029a44180248dbb9511d280cbf27981e4976988cf8a30e34ab2ec705f6280e7b8b19ebf432f99fe57a0e35c411a247c

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Cloud Search settings.lnk

MD5 e6bbd5f549161c72f4242fc461a7862b
SHA1 926e780e877352ea4b1eec451de3a0e5512a0f52
SHA256 3f1381496042727637ad05a99477fed60ce5361f0d987ca0e9eda4f4427c8026
SHA512 9f0018612e42c5de8e7557259e38971c1603c7a46e734997e972c30ff487e55a4f14dabad85a211955df95fb9b6a102caffae76ca811dff416094eedc8831db8

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Recovery options.lnk

MD5 3b5e1bc5dbb0906ac9256f507b970610
SHA1 4cf8af8c53e560826e7a8d3a1b822326dd42d940
SHA256 7340dec88257c5acf6b1b711bea215d41ba4769c45408ea032735460432ccf04
SHA512 bd4bf0496d5a9283081ef8b731cc9860e067bdfd9867344046e1a57158e98bfd272d4ae4017a16234c204697ba0ca418a930f295090a2c4a518d8d928689cb96

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Search permissions and history.lnk

MD5 571d673b6a9741940007c2c4af42fdd4
SHA1 ae0200e7a9261190e3a66129e8b121c166491ea1
SHA256 1a8a3c47e5e994bfb5fcd05a499ad78a55427272eae0321bf14c9df7676f83c3
SHA512 2ec76862e1434a0f7bf6d97e540d962c3b44213d9e896e2d4069330714da1cea010ff9cd2aac4a7e4dbeb45b8a736734ff318715fb16f1d32bf4539295fee9d2

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Speech settings.lnk

MD5 2e5aca9ec8f3f4a49a887f1c19af7d23
SHA1 7f9790c88d57a1df395d993459ba91d0c76a1e9a
SHA256 4e2130e210d01d5cd3e49a4c466d360d352e679f91b734b499b0f7f581eb0b5a
SHA512 e9170499216853cec23b628fe477e8427b65cd2c005cf4871ff3438b651d16c35af8e02ae58dbf49a079370d0e522218ce8656fcbe70f63db7cf4a4817a7e6bc

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Shared experience settings.lnk

MD5 cf77bb0d3e250d8dc710bf43a1f17db8
SHA1 45440eeb3bcc4c90b0d683149e5a26432cd9e902
SHA256 e53b625bca75ef839b6cb4ba5d6035263b98a771b30119832dd0fefb121af6a6
SHA512 8ff15a4d6bf70526d0200fd46b3db8dc397788623048d2e8c6547d9cd24530fade3b8345e6ad1fbf891caa9aaa2ae9eff98a46b6fd6177e5c608970b96289f20

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Taskbar settings.lnk

MD5 0047495360b441580ded1b9233b61c1a
SHA1 fbe920528c53808c23ca622a25ecf52d37d67b8b
SHA256 f509b4b8125e20f46b5747ece61909ddfbdadc466fa4c8c130db996b8d4875b0
SHA512 acd719aa23568f5607acc75248c543e463e79c0b18a7f8ee082c9c9b941acbec43aaa352d0fca5e11c4d2ac505c60a606be60bcb17c633fa906b6e9609922b22

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\PowerShell Developer Settings.lnk

MD5 6081a51afb513f4ff76322700a5f0f70
SHA1 9586b155821fd3b6dfa41b5bed7f41a142b3c0b0
SHA256 5b2b02f9608ca235b5038ab9db3c1186309e9f14937746bb2fa6c302f40397a8
SHA512 f64119bbff28b1a6958d6b271552f10637c319560d2a4aeb00d381a64e90e054fc9d9d393bef3735843229bb58f30db7b3af929ac296814783029fb60d66325e

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose how the cursor is shown on a braille display.lnk

MD5 bbf98fdef93f584d0757029d3ba39bd1
SHA1 30bb0afcc07593bcdaf453445bdf01421064f5d2
SHA256 1578eed6884f8111992c707a6ab9dd1927c7bc6554f72d5f084a318a25547c3f
SHA512 693997b28e1881114e5933b72fda2fc95ebbbe991d3b95fd6f9dd9e8affc6eefce08c3270efc34d08e6016bdd571690b26bd85ce10d0bfd5fcb2eabff09d86fa

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change caption font color.lnk

MD5 97d0548416f0ef4d331bd01ebffb6e0c
SHA1 1cbdf28d62b8ba000521c8223b6ddd7c4c9783f9
SHA256 fa08def4ed9f4ea292a5fb60d502615f0def48ba4730167cf60377322e92adff
SHA512 e808ab8864c9998caf00e604fdca8ba9abb8c0dee8011735f9456733ca76867cc6c0fab94f86bc221a79ceb458ad9271c3a38f410977f41265328d9d6410968b

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Allow the shortcut key to turn color filters on or off.lnk

MD5 39b870d0bc33d7c28b402cdfb426855e
SHA1 4237025e87440f2a7327cbec5dede0a80ac0b9f5
SHA256 4afe180c3985bc1874008a2701f91fa50132e6b48a1ae85b748e5d1f01834023
SHA512 7650237043be5c393db98bec519bd01d4735cdd73f321f92767884606bb8553b26f221b83f3da2834718f2cad6a8a69a77ba42366758c2d54bcab06d3a444763

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn on text cursor indicator.lnk

MD5 47d7abe5c49016b71b139653767bd8e3
SHA1 c29229e8d1a4e1e9f01223f4285e7758b37a7243
SHA256 ccc64fc96c1ed700a669b7aeb140af3258963c46166888d48de59f3aed67d914
SHA512 91f629fbc77a25d7459b6fd25fccec1502e42e33b608bfa670895e07a1b73683d3a16b3d52fb6503fc95b6dfc100b4fbea861e45b1de76f4bb582f51df771f5e

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn high contrast on or off.lnk

MD5 cb010cdefd65876698aefc37d75fbde3
SHA1 abe4745ccf42b2f9f456c7b60d7a34d56580add1
SHA256 6d1ec1d9c47f1f5369a84831b505e1e258289dae50b03a1cc3771f529c98f879
SHA512 4ff8721e969273c5ed43963f32d3702038596148d7f42a2b6fa40674d43214fde66d9dbb4cc9728dd3b7d0ab2aa79ea9d311062b378e10197c03c2c5836ece78

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn mono audio on or off.lnk

MD5 7134f8a18be5f463d427f0a0037df377
SHA1 6b0ad4c36de6ce1c5b9ad43394d5110ea79fbd26
SHA256 3ff1dcdf775dafa29dfb7aa630dced9baa0501a1086e8765a8727f12ceaaf228
SHA512 323f69cfa2842d2b5b09601714a0eb2afbef7c5d55b7dd9d0b10084859cebf55de915af8b2f197503a8ab453c075914a071a71ce1d73d86bab5e01ab99b22fc7

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Show the Mouse Keys icon on the taskbar.lnk

MD5 5e1748ca8b864832b6d1fd27db867b6a
SHA1 9778963e21e65f9c5920ab1dafc43d411015693d
SHA256 101385bc3a7585a0dc165bb490afc881e0193d65e90f9fdc6c0116729481d936
SHA512 846742136295ee87907ad17cbea088f288599d74deea8a68383f263215ad53662153b41f8e0ab41e3c480b6650543d8c7ed932e3e3c8a9fa81196dfc705b0128

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Show the Filter Keys icon on the taskbar.lnk

MD5 2c8e1e3a3cb6a1d06b7a218ee5812bda
SHA1 6e6bd5a4c5a781be5543be81fdcaec7770a1a77f
SHA256 0af926a5b56a228c9de8f0bffbb7d751dada2bd30ca38cc97c194ff1bf7a8d7f
SHA512 e5ad034baf57c5ffb44d83ed419359f85af7ff72bf63fa4aca3072557d74c31073618456b1b86bb8e5792ed9d17259e51b714a0262fe84bc45ad87af7efd81c7

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Keep the mouse centered.lnk

MD5 d4c4de0cab16f8d18bae11cedd75678e
SHA1 edecb7b926f6144bd968c10e5aabb2a696f20a66
SHA256 5cce47fb2bf8fb5e4a959430fc9443a58d8f2501d6e3e4a9e720b343a18fcaa6
SHA512 839a85fe9e202b1365bbff74530024d8e41b092645925eee178ea48b9cfb417ac1d7e36e56772163b9a59aa4ee0612205044b349039418ee7138661572939879

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change mouse pointer size.lnk

MD5 5605920f5809ce178c4f494fdc13c5f3
SHA1 1e9fa7580ead80c5411c00bc42ce762420b46f8c
SHA256 1174f00ce2c16685fe281a1f27b5c404edc78873b20c86ca883ab1440889c5a2
SHA512 6a25647f71682481d508538aad4a25998b7390ce18c3cb4ddebaa683471a3734af7bc6571c03e42b008129bee67c03678a0d09d982c48eb025ec0f806662a294

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Buy product key.lnk

MD5 abae748472ccae5bf442f1c15d148d79
SHA1 3241fbe9cbd7d26b71abcec50fa3f1845a5c4849
SHA256 5e6f1875431a189d291462f53a44cb883b16bc1dd79cb0095bd96c44f0f7bf7b
SHA512 da8529754df4878c4025b81a81b9befb43a4f9ed1709c2e72ce6448795afc6fd9f0e9bc487eee6e6ea85108bc28c7b03f0065319f7c8625628c2eb5ff56c5b12

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn AutoPlay on or off.lnk

MD5 df82c4ce9682d5142b3f1f92a3cbb1d3
SHA1 77343dca43c0617179522e915857871b59016f20
SHA256 c3227da3ac420e640eb8ca6a1c9b6c6c01a30f10d557dae9f3538b28d6c31a4f
SHA512 ec42881f4b3f26dc3ea1455acab62e7448c8547ce2a0a032e4715460f97d068b203810d37d911e40e5bd86e3be7729b855be2223ae0bfb18ae0d545e1c9ad46f

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to account info for all apps.lnk

MD5 0b515c92e92484c1e63c6dd2187ad4bf
SHA1 f55153e1323ab716a5514d8ff58d54faddc5e81b
SHA256 a1391c7fe720a90e42783fdb6d37b5a125c84e5bb24983e381f802022d2a2866
SHA512 6ca4df527bb4878a230ed1d2bc4f77fda4046d1c08257e25f80c0721aa8a35b6828f55e557430aef00237f5a0f0be5397f7a57d810d009f55246467704f2947a

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to diagnostic information for all apps.lnk

MD5 5829df6d19f892d48a663237f2a91f8a
SHA1 5c82ca7d8026225dd2bb43d96e8827010e10c677
SHA256 a18c9122052fa5d66cef2afa93692907e57b3693c3e829e162f56cf252f3e074
SHA512 e0768fb0059a95c63cab12c00c0570ca7e33d8c6ebc5ca42fe9f803c3c8a3ce66ad1790404da212795b19585bdd08227de0cc3a05daeb03dcfda1f9a30dbf872

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off calendar access for all apps.lnk

MD5 31069af5d395b9cd331974012aca8c1f
SHA1 d8657e5812c7d3fea179b8a46eb0e3057848a5a9
SHA256 6eaf37ffb1a5d539893ebc10a6c409401a0c3dab6e186aa42c44de10ae98ef26
SHA512 707a655c1c0f88d7f0a18382331b10038f339f09c3636d6bdb3ba6f306b561a97701f3a683f9841512e98739c926da405c1724b11771f2ab850c991a27c65e7f

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off camera access for all apps.lnk

MD5 fc32aed0465703b5dfe7e61946bfcefa
SHA1 71abd48155f9c35cab110446910648da128db244
SHA256 854656aa4c2b0e3d652b4c50add9ea5107f2154911af7ce678fa3c24c1b34642
SHA512 852805ef4af3344631c44ccf3fc49c509d040264844faa868a0a121f73e39bcc08ae2e6ddbea7720c7e5fa0be1f01a91ef512d31bb1be05808e9fb715392d6ca

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to document libraries for all apps.lnk

MD5 276d9b8495b8d598ac0755b1cb0137b5
SHA1 9db3ae45b693160e36de95c94e679d7e60a97f53
SHA256 b8ee44b09161fe8587aaedfb24462a93b6be442a475627ddd958e78ca6db7e18
SHA512 20416ed3e1873572aead6fb5d13f533637d40b92b9525fc673b3fef6efef3a3d700b99db92170bbb4b83f51f02b71c1adeef56111369bc12c4c8acbf378071fc

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off email access for all apps.lnk

MD5 8d861c536097c949989581b890b2eafa
SHA1 f8756b31ee8b9d1d10de30449d4f8e2dc97d954c
SHA256 7f54739e967c8d3825f4787f14287973d9dd4c87a19d6e0333935b1bf09506bb
SHA512 9aee7a189ad412bb468960deb0079ffcd75cb0138967edecfc88a69902c53c765b5023edb205496cee7f5a19d3a309ab20c25b04b539cba6d2efa5621f7edaa0

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off eye tracker access for all apps.lnk

MD5 e8410b0e76e7fe3c111ff51292f840a3
SHA1 5038a6c730b23507e8d960401683ec9ee811b230
SHA256 2438ab8df0b0f466fbbc400930165bad094967dbdfd20a39f812c59cf5fcdda2
SHA512 c4beee72b1d59d26d3b5eb9b9d2e9ce9255bb461d160de229793d8995626de270728b36c99e76e0efdcd045e5d8951a5904beb6630d4ed1582daf4ab6246f77e

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off microphone access for all apps.lnk

MD5 cc8a115bb2e34c5c1b13003e8fa86e88
SHA1 cb3e20d63e7658241ea1544efa0c2a1c37535a6c
SHA256 8894c700d70058196c49863cef695506e371f60b9bd8a1c272de47b4b53bf7a2
SHA512 2dbfa88b6bfb834300448fc3e105911bf62db1a77423bcfecb49fb574cdb61c51366686c765ea1d3b27a35c04ab51a8bb9820400266404b57b72ea876b09a6e8

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to motion data for all apps.lnk

MD5 589713b96eea442a7e4bb7057d3887b4
SHA1 cc69d70da0a60320ebd6a5ff53fa2190b47e594f
SHA256 f80cee18c5b02c3f3fda3501523cf36c5659a7997d1b54ee6027f392b74ffc04
SHA512 d495ccfee4678b4c9b93699586f44def431d8c88cea36eca237e6e6d93c88cc0aa7228b4b13c2d2bfb5519e1b7df4fa53ffabb735698332669945001c517d9d9

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to notifications for all apps.lnk

MD5 503ce5a79498da324fdc1ac56034d000
SHA1 70f1dd53ad1500fef7d7dab0c6c2bcf262a5eaea
SHA256 8a3359caffdbca2aa38a4e7c280ed48387c142099a2b8f5fee8476face45cb7b
SHA512 17892122c07dff1370ba6d43b7c36fb6db1e9ba5bf29cfe8f4d64b0da8e6ab8c4c02fa4d138b5dcecde87a3826d20cc7ae70c23e76d982cb708a7658e917d8ba

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to call history for all apps.lnk

MD5 0fc7528e3acb1834f43f671663ec71db
SHA1 c30471e71ab18fd43207d9bfefa2cb13538c09fd
SHA256 84548ff0b7426501ba17a8ca4790c216c0fdabb6aefb040233d164f88f95193d
SHA512 cf6aaed3a75edfb491cc09e4b266ce0b0898e6660655f9b90bc5e6d54bcfaf234933587d58242b25d9fdf01831d03dc59bd4d76b279b5df211aa79642efd012c

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to picture libraries for all apps.lnk

MD5 ac93b1248b8d7bf70f14db2163fd6a9f
SHA1 cb12be35954a44e859850c6940933478db301888
SHA256 6c5ad3bbd63c22608214fbe0c67b0ff5767966f409625e8580eaf32f69aa4734
SHA512 6f4129d3f7e3d24038e7fa71a6f2ecd80d26c113a91ac0ff13f9186e10f1a25f5ec84e1b89fbaf180aa8f259c07fe15d4f1138762bc18ba4d42977e63e0d5c7b

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Allow apps to make phone calls.lnk

MD5 5838a3ed16367cfd6bfd3d65ce7fefd6
SHA1 58ff2e8763d64d6689cb48544ee76494b3a9372f
SHA256 d76815b63831d8344def8082d94c24ff9655422a89a506a7b3e66660c5652c3a
SHA512 333b02d26e4722a4fa84731d2752fba675280a948d3f8464141996b6848b6b1f465f9e990d25c1375fb1c2126af8b22a9691106e495cf575dde221c2604bdc21

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to radios for all apps.lnk

MD5 6a99de5c4d12852f86dbeba267b8d281
SHA1 f665394adb59ae9b9cbdef23ea545cbafe82ef1f
SHA256 73cc9f0c1ac851a17219e30ee81e61466bd07d6524bff54d39f4928ed10ed3cb
SHA512 5f744c6a0b5806f5071a2075ae709425d03056328fde89b8b194109b9b49eb210e661ac36e6be6b4f32cb766adeddd76e8d1d3b9e0fda696ff5c01790ffb0d16

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Clear clipboard data.lnk

MD5 110b400dd6f2a0e9d57a02fcd250aaf6
SHA1 26fc40e3d7e49feeb7a0112face1a8e4efa69bab
SHA256 feeb5a4700adca45e23174d7526075578ee58d1ba64d7f91ae60039b1a2cd1ce
SHA512 ddb28479e8f30e01fe57272c3727bc6c43398c895ac138063f224128a8c19fc6709e383ccabf4c1867126361a184df43bb5be670e426f5c8991dcdaac105cb98

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\View your network properties.lnk

MD5 64fc31ac34afd34b8fbff2dd48854bc5
SHA1 a25f5643a448a64737c56f7ea5652754ce801da7
SHA256 8adfe50a191d764940eee54fd548da735a9034254c0a17c0575db8ad8dcfce88
SHA512 ba85a70dff54d103095fd954d5f4cee3f9ad16bcc0b4da6e6ed20768e4af6ed615da9387a3099c570ffad9c8fa07b7b140bf7917d47fab90ffc1669e45e3b5cd

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Allow another device to turn on mobile hotspot.lnk

MD5 e6567d317588919fa9e447930f1df788
SHA1 8001012d802de109bf99b4f751144dc058c11f1f
SHA256 daae25bf3c5bbe39b3390a6399f38481fff3fbb46993f4fb042d610c569ec24c
SHA512 c6aad3de912c02fea71945b86fcb4e13098e2776805e87f3349a2d1f30967f5c42ba150ee861e6b1c84ad3b214c8b3290aee16e9e81bd6965b7314fce3b0f517

C:\Users\Admin\AppData\Local\Stardock\Start11\SasLog.txt

MD5 4bbfae4197e5707a01d99db28820e997
SHA1 3a7fc4ab82c3110481999d66c39781f39f7f63a5
SHA256 ddc64e3eaad735bf362e3830195429c4a68e81cf4f89ebb23efc75b093fe6bfb
SHA512 168b7b7054a903fae1258f163dcac793a17f9f9535a0c58049a3f241933bb025e33e00ade2311aa3b4c6151d93fa176008d3868580e79ed4748af57c206b3ebf

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Use random hardware addresses.lnk

MD5 256ec8dd048478d8e215c56acc7caaf0
SHA1 86dddfad6c086036ab5304f583db73e759d27661
SHA256 dc0923800a67fc7400ff2c57f4cdaf60e711243ed40876f4880eae315669434c
SHA512 100a05db27473b4c5007d30325ed1a2b5cdc81c44527a408adb338f5edf127e9d7e874b5f8d305ffaa477348fb2d9c9b0a6a1f22923a8cdf957f136176da5e01

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Sync and display your button flows as quick actions.lnk

MD5 bdd44d417a9ca05a106ce3206df9a195
SHA1 82be572f54675cb8143f805234d87087c7280cc1
SHA256 397a797c59ded4e755c57963a97fdcc6d374f37b84b493ff6a98847527c1ebd4
SHA512 0eebf05b491d3c734836a9523e5080f29065bd12b57e4c16ebd657a191d38dad9aa8c2ee943a129270589a0113d5d9777c431882f875528adf87769d305d80b5

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose which files and folders are indexed.lnk

MD5 704ad4041197186bea8bccd54769069f
SHA1 6105a31e042b8f66e493f24fff4e5d9a01ac0699
SHA256 56bba79a6a8c4122e785730014b39356b540caa9cfb0f27ca23999d96bb8e6db
SHA512 4f950c4a6bdf6ee71af9868ce4735cd921b94046a7449f0f58f007c643a803a5715de579415fd291a0813c3989e28e2e087262c740bf19e42cfc4d98b697e2b8

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Set the time automatically.lnk

MD5 94e0d01a5ec4e85bc9777b6766f4ca38
SHA1 72fae34dfdf2fb31157680bd0464a58ed9de57f6
SHA256 3aa38db82c1349e8f7ddf7ff8655db3acac4683d13540b3eb9668481564b5140
SHA512 462df22dabbc40033b22ab59c566d83309a9be18971d219234f0d1b71e38c679d4905f4f4cddcea251fe331ee32b45dccbdf97ff027717729274fa4714077cb8

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Use Cortana even when my device is locked.lnk

MD5 93510794b0a27f178dfb7816d0e55ffc
SHA1 0c0d4d65eeddf00205d4f0ed620761ef43b4c9ef
SHA256 ba27eb6787c29f3bb7181db971c03b93018ea2519362be54a0f4ffa806ba482b
SHA512 0e94e166f2745e053434b6552e52f06756a1172895b03625888acae18ac4d77c2b29cc551571d4b6bd35e081e725923e237c41092c009a2273667042f3534dba

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Allow downloads from other PCs.lnk

MD5 d315fed9764bfad3c401d4c2caaad768
SHA1 b7a752c70e8ee6d232ac1903faf54d348dcae057
SHA256 b8019a0e81ad98833a5e33a41bcae45858359e0f43bbb4c8390b01df5462b841
SHA512 5d9c9f93f86cc78be4f85d0b7efd097d68adfe0e46194429b84678536035f83c09e4592cf26aa7cfa355fc6c50074d001bea6d24e2e6b22e5e646fa53f6b6c06

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Wheel vibration settings.lnk

MD5 ee246e39c9e47e4bbb2fab3a75709cf4
SHA1 643964ef90a89377572dbe66682e84799525ffaa
SHA256 ab95bc3d5ea6dc27caee0ad4e7c1b616fece4de1e91fd59ee9c51952a74675fe
SHA512 6c7e04c43b7932e03ce7eebb616f94353d4ab8ec9581329f7f44d55725ab610f03962a6dd5ea19bc1be0b5c7683132daff609ca46e80b9885cdd0970511c5114

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Adjust strength of adaptive color.lnk

MD5 a013a3626693e88bcd2a87a4ee4947d5
SHA1 262e0c14f044b8aacb1018fe732d6df8c568f07a
SHA256 1937be651f324f8b18b5f2965ba3e740bbce53edb2ba2205374efe0be53e6d55
SHA512 53785918a49f8c25209c548bee33d175c45ab120e60fedefde473a608e2597e0e776d805821dd60a04c14a1521d79e89d83c9cc1a2eebd1364288faa2b8aa1c1

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Enable Xbox Game Bar.lnk

MD5 e5d9329a8de676bdf4900391036b0eac
SHA1 9926115e6ded438a2c306a62fdefb1bb03f778f3
SHA256 01e1ec24957f26938528ed31f08f45467446b1d4a6f149a979fb919a84254205
SHA512 5761c6df545e99e1eebeccd8c465916e74bd481a9fad3e4e7ed51539a2867a40e5443ae32b3edbb27c81fe35b2cf4cf96ddfd77113e15a930da0ce1c2f30f189

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn mic on by default when I record.lnk

MD5 b08e303d74a5617a8fc01c3a8a0c3918
SHA1 063ddba95871fe05719dbbfcbb2f74fc01f3d0f6
SHA256 0faed293f8dd026a2604dc82b64cfdb8ecbc1fe72b39712b703fe39052759763
SHA512 8fb849e4b6249bbcc348d55581aa67945cb851d8dd205d8e3fb06141c796ac93ffc21ce28dccf95a6c06f584867da2943018612657c2afa6b79c15236e4a16dd

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose a microphone to use with Windows Mixed Reality.lnk

MD5 6fb78b5a5bf9b43168fa8fdb9d8feeb3
SHA1 e453e4a081c065d7bbc19e8834b0dfb4754c042a
SHA256 b3bc74aee07c2aaefe03bb784fc162112fae1b567579f677f31e4ff6550582a7
SHA512 03fa1f7a1deb65ed18208681be52ec277f5e29136fb83b3b8a2091b0d755aed59000d794da9b0cd307c0265053485f939a5984a33308d2904b0b247722c48d06

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change performance optimization in Mixed Reality.lnk

MD5 7ca8b0e33148288e52f92883a4c4ec50
SHA1 89a7641d568cd207c4e38df3ed98f81ed65ca380
SHA256 cac9d9850a1842db9b1bb5617df89c549a699310afec51bb8e1ed8e0c12cd0a6
SHA512 d5d87ded7b611b0f35ee0e9f5526c20f66a8dfbafaf85967c029091207432a980b533d57be00378d844b339c3d0f46ec37e4bb30fb35c39839a7a9e4f0df315f

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change the primary button on your mouse.lnk

MD5 b2ff0bb59c9414a824b489889a6e79db
SHA1 e1f2cc6b554c7ae93cef8a5ba155c9408f0273a8
SHA256 35c6addc4eab35000651ea08aaee91a3672a1d159d777bea1feb48b915e4ec55
SHA512 607d87c6378ca5b163fb958850654d222809a509caa37ae176a6cc9978f8ba5ab4d5c170b0efcdc8fbc1ee83201fc7554a5609d95662f6f6ebe0af4ae004af84

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Override for default input method.lnk

MD5 51fe8126db6eabf9ad5f2e7ac07d3c59
SHA1 9c25f42b535bdcb78d0a46d8414743064c1bd28d
SHA256 532266a76c611a7553326f041bf327cbf22b3e1b3f60f006603a7cbe4afd80ac
SHA512 4984d3fd27d8d39c85c63c29c040af0756e92c5a933e79013cb1324e73282fd893dc2f9acdc3a1d31a57f74b16ac8e060f2288104f34faef9a49997982564ae9

C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe

MD5 bc5118ad146ea4de922e2eace6660751
SHA1 bf2d9a0baf01bd66b188230770c7eb972001158a
SHA256 7ffef2e309177d2f454cfc715ecdac4bd12aa6d481613a9e910bcfcf0fe6ba58
SHA512 aef5b73cb9a34d17c6df3e8f55d7d4aa0193879447b06fd7e0fe323bfd2ab708b71b07c8756a4092608c1761671d3170994479585e92dbd8c95753a4487e1ee8

C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe.config

MD5 285a4b35c0f55ed5c23214ae737889a4
SHA1 cfefb1722158720c9c2b54457af2b351695e29b6
SHA256 e0ae71b7dc3e1e989d86764fdab0f50f0824d18f05e2cac3043f9f1d0cbfba2e
SHA512 a8529ee2dbe04bfc88fe25bf1990da5603271460a2c8a85e237e1ea113c83196e45e62baecce0e9c774b8be3779c3aff63526e039129c23debc2b21f3ab1c327

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change the language that Windows features appear in.lnk

MD5 2715077bef33f732d2fad42923e798c2
SHA1 b7e348b0ffadf0f475a612c9ed254197c88f3dee
SHA256 1d0adfafdd81a177a5a5d21fd5a1f95f8fe3f3010cfc69cebe121babb9be2f4c
SHA512 829550a3a5a10ac5e7c9200bdb1e21ebe67f0a47766c5dbebecb59aa8165810454c04f88cb163aa5733693100a276d0c2981b94e49d0d32c08ac66d1ba56aea6

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Delete downloaded maps.lnk

MD5 6e24dd8b7cb69ceb610742bddcb7db53
SHA1 b7d498030388ec222459c7d50545889bf95f3c99
SHA256 ae34462da7e4d509a9a65661a56fffffb932119d3daadccb41e39b184aac8f55
SHA512 78bb5d9823e16bab1b1dddc806e0a8727e4e7b95fcd4588675c1a9824e3144df3ee37a9fcee001c545314e7d5f2b92caf3d448d4f2df9a2fc82f5bdd935e2dd0

memory/4080-2255-0x00000000030D0000-0x00000000030DE000-memory.dmp

C:\Program Files (x86)\Stardock\Start11\Stardock.ApplicationServices.dll

MD5 147df3d63306ab94964c8498b6135015
SHA1 43165dc6cde38aea8e505eb070702053c7eca222
SHA256 420284bfbf6be8ef006d33f9e96bf5415ca17f011ebd381855fce20f466e9607
SHA512 23bdb905ac87eedaab84ec06135d984387d6c98d7bbf287700648def79a8693fbd1a5b9ef147b0f73812db17718928d6e65f021b10a7b322f6eced95012a9029

memory/4080-2245-0x0000000000FD0000-0x0000000000FE4000-memory.dmp

memory/4080-2283-0x0000000006160000-0x0000000006704000-memory.dmp

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\View configured update policies.lnk

MD5 9cf93947d4e44b556d0b88147a2a9831
SHA1 1bf46519c89ee49263aa7e04caede08baad51385
SHA256 f8d5d49d8614aa4244a83912764099343773ef9e02dc237d77cfb7d66018e544
SHA512 f20e9df5be5d5b08b9369fb142c6b92abeeadc45cdbf228731dc05299fa0f5d96b2d9e05f56ca7c712cb5644333136150b891580de88ea4d701235c00020059b

C:\Users\Admin\AppData\Local\Stardock\Start11\SasLog.txt

MD5 2dee5f96ae98b030048835d6319d2d74
SHA1 98db43a2c9197a73ce53af041ffcec9e993b32f4
SHA256 ffacd7c089b882101e591af239633d49c9989f905a9bdb1ce61ec0698f0a0840
SHA512 dc9399201fac888bdfaa25dafb29c5dd41dd734063988122b3507b730eea14ba95e8b90e3c096a165bb4aec404e04d264c81a663ef623448a270dcdcaf8810d0

memory/4080-2338-0x0000000005F30000-0x0000000005FC2000-memory.dmp

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Browse for an account picture.lnk

MD5 10fc16cd6ae8625817e02d00e3b8c550
SHA1 cbdc9fc0baa71a31b2d96e7c4908537ec436910e
SHA256 2fe1f8ea6d998d3b3942bf8c17832178489026bcfadcb76d0f751ef081001d55
SHA512 06f00fa5a71cd19720be89f1ffc111c459567cbccfefcebe090ad2c1391943997905dc166aa39c479dbf2e9bce111208500117d61d9b4194bda75ab5e7e526bb

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn on light mode systemwide.lnk

MD5 5a59ae0e62448984efebd144d71d437d
SHA1 91cd1d92de061f7e72164c07d59f1a236cec351b
SHA256 3b35843502593a482afa674bd954e5fb0352865a6b9811dfaaf49be47e4c8939
SHA512 377415e8bdaeec4d28827f229970015d3737f2d20b451c2e5bb297070e7b39154a6ddb6edc41019a67d9cf39e1c1b8da058c66b424de143325ed7c3e61b50e33

memory/4080-2372-0x0000000005FD0000-0x0000000005FDA000-memory.dmp

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose an app to display detailed status.lnk

MD5 53747d82c1f03cb936ab30fced4f93a7
SHA1 1975a49a154fb0ae99be74241f9b4584f7be5320
SHA256 18b4b95fcc292763451b15f2a72da3db81cba8124d28aeffb3b3850f6e961a5f
SHA512 bc9b4e89d6f75b730b7354fec60d011acbc967d1f689299a081e6e26189124b5e7249590aefa1b7f641ea772b7c6e1b9489dbb86c215a7514723611b212bcd91

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Add a printer or scanner.lnk

MD5 12bf1b4e8ec0463a76ab408c985fecd8
SHA1 f572d7ab412d2805a616d61abf3565c4b34df6c5
SHA256 45f0a27c140a58ade1aaf5870f13fefed506114e4fe74b9080baee6c1cb10fa1
SHA512 4e57866c51c7b6da19fb4d8c721341d998895f67bf9ffd1d66aca2dc1c5328e3ccd34597b8be8c734eda9433150fd284bd135ec2a582ba3ff814ced1e9917708

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Clear activity history.lnk

MD5 0d5176f48dd5813063d9bbe114a71fd8
SHA1 0de79e88157bb17753bd1d369ba3b4ea253cd286
SHA256 d24d2e32642122f2453f78060aa3f626f323696f172ed53a14ce6558efaabb41
SHA512 9fdc671e24fb975624a2f1e9e6d76f64c1d2eb9b9ebf91204742b1e95638d203de858ace79434f824e88f65e4060ed43cdc92f097a54c677539d7780781d0ace

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off suggested content in the Settings app.lnk

MD5 fdd990c548e7d4a029dfc9ce5d20416e
SHA1 1c9a977791eb0804411dde27325094ae25427c43
SHA256 a633484cc74a4fa0287301a1543d837d6b8dc5488bfaa7dfd6739a2ec0503dd0
SHA512 5815c806e1e0fcaa9531d46d62e5caaf0749dd8e8691dd215e55a62a1c6382b23c07830e8b53977f3bdb1faca6babc29348033972e704b8d1e7d759468905863

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Improve inking & typing recognition.lnk

MD5 7954ab541d5a2bf90709c332f849ad27
SHA1 3c81afc24c478beaf49ef861d5301d8f0bd258c2
SHA256 707066b9be4eced17b2ffddb0f735d022fec20a8b82ebbcda360b111a4cd83a3
SHA512 bf1220d80de22a6e91afb8dd907051418e286e1e005ae6936ab24dbde8cb2cfce694459c44616b6920bf5ddcc66cf90654462d0dc6a4c53e04a34fb363d00b6f

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Set default location.lnk

MD5 d8181d26525f364b0da4f77be4cc8a4c
SHA1 1167ee60b9d865928ae8c2a0262f72b8c0536c56
SHA256 84b5c52b16798a4e5a07fc981f65bf9844201cba52809ceb76922060552457ca
SHA512 488b19876df940273d6656090109193589345eef86dca2cc255e0887568a64c5793e24d7f2a2df13f900979b4275f5082fd666ee49e9e46b5ebb1df069fc8715

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Require authentication to access the proxy.lnk

MD5 1bcd2f0032a24b5e1f0869026480639e
SHA1 17ea1b536bc38429f4d82ccab7d228ac7b764dad
SHA256 41529bfeb1ab800692054778e488eba80174560e4b806d63a944021591a8eb9d
SHA512 a3bfdf0ff611aca1a4b98ca68bf05ec44c8996b1523a75302a4f0f013f4e5ff6d8b8e9d4c8915f61b7754cdc8e956efc9b68eff1d7a87d479f312a02fd21184c

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off typing history.lnk

MD5 166a28149111b7662029162678a35dda
SHA1 8d1ee3ea22c984eaacf05cb6fc8320d706f087b3
SHA256 8e8808899deed64daebd9fa01a3837d1553620d39e4c100af0f5fdcc88fe8aa0
SHA512 e63310a3f1a3cf6a09ee1dd90788ada6e87c96daf9df55f9a1b582ce3be98135211cfe2045c79e3b713f987a76e5acd577494002f6520f3dbfda9b1f801cca55

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose which apps can run in the background.lnk

MD5 8d18860d830bff9cd35d0a2d3cae2357
SHA1 63fc228046b0cc010afff865da188b51f1744c6f
SHA256 36f41a8a42b0022a2da50b18fef87c7774d12279175329998df68bc1575d0b8d
SHA512 6fbb05b8841c4414fb05b4a7f5e34e8f9a602985859a7075d87c6fef76a214e0a4c113ec169488e51447c5d7032b3caeffc1ccdbffe0bf8d7dc6df42b22e6af6

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Select users that can remotely access this PC.lnk

MD5 57f0c45ecda31caa14e5d9ab08188930
SHA1 825ccccb919a81983dd6b29a6830c4f6ac4b72a9
SHA256 a87faa1f539bc95c0eec8a8c927e8e51aaa8fe5adcb6ff5b9764105d94f3e67d
SHA512 3363254803f17db1546cf4f8c462843ee3af51ece4035fdf7ae2b27b263df0c007f9d0fc4b759ce48bee6730b660c84d5c49c5d4c58016da84f9f286ca05aa9d

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Set regional format.lnk

MD5 de141092b0ddcd227fc6f8b2d35e9232
SHA1 73d8179a363fa52bfb38e97e0c5e877ede0a06bf
SHA256 63f48cca8a52e6fd09e93133914584530703a813dcf0130cbb5e2ab1fc48c1f8
SHA512 eaa3636eecc91fba14d1741e9889c5e4cf2880ca89bc6833cf7e0419d7183a89f51cded11935ee693fdef0ceaff4736fd0d358e07d67f909dec4627820a2e7bb

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Show me a summary of what I missed while focus assist was on.lnk

MD5 0c4f9717006df0858728e262efec701b
SHA1 37bb51977036e53a0a5dc0afa0d3e9796ef7fc79
SHA256 509a1fab59eca5c703b7fb65f7e9c3829691872da4ea8191c883b751f74fa2d4
SHA512 10c7cd0c306350a826771982e05fc59896ed8875803369b2d9c49b4addb83fdb1b6a0685bc0acdc12a8d9850739db188e754d2dc94c40bc8ed6d022b4f9989bf

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Show more tiles on Start.lnk

MD5 fcab013f6bdd5e3f8a22eda1e334bbe4
SHA1 53bee0a64891b74c4d5ee54bb908ca71f142738e
SHA256 bb98950a8db7620b6893ff47d8abb3383e6bff5f7b864030b5be523ee0d6e749
SHA512 894e86c4c42c72421848794a11ff22e8e3da78b00a2f93759b8b6f42a8d19fc1120e337c50443c755ae6d6fdcb543ad257edd8a421fc4a3c4bcffd43fda95a02

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Add an optional feature.lnk

MD5 46d99691f9a8cf2d9aab3f6247a92f89
SHA1 3e0620c185cbc1b744252084a8846728dcc46d12
SHA256 8825e46a2aa72c0721b7f0cb900dace4ad54fd0a6ae228718be82998d19e6625
SHA512 1bd1f23ebf15ad6660494b8f35198a40685c534675e361c6ac370c1733acf5a3d3a87c9ccc93280356f99dabb9f70c8568a98cfa2ab2ba1f3b0fbdc9457399a3

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change how Storage Sense frees up space.lnk

MD5 4ac23194e163c28de544269ee26b0f81
SHA1 114e948101eb5eac8a36d95d04c20499ef323d4d
SHA256 ad6ae40342a1c2ee2a54ebb97c66572a203fd7b567e40258211640d89211a401
SHA512 7d2dd49714a8e7c0370ff2c1e958746e2661666e1b94d112a507af80c56d89ba3f969fc4cbc3ccf185ef62fda39ab73c6b4c8d60118354a6fc59760e8d8218d2

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose if settings are synced on this PC.lnk

MD5 349fd4f91ed3a3467efa121b49ded61a
SHA1 db183d357c430a0e479d979e02149c89be0f0068
SHA256 40edabd5bbc7f9dfe21ad820ee0b279961ea1c2af1829f8a045e009c0d19d185
SHA512 ba19ce6581a8fa9b3fa472208b430d92ba46c8244346409a06da03a3eac23b9416eeb52653f07c26fcbc228d45acbea7feae077b6f4bd906b358e2bb19ea86cd

memory/4080-2616-0x0000000009360000-0x0000000009B06000-memory.dmp

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Available Recommended troubleshooting.lnk

MD5 c0e5637d335b5266762d88456696330c
SHA1 a84a55274902aa08a2dea92fb7c7ead742459dd4
SHA256 162ff2d7a3e97fc2aa22a3b57ba846484e11beb377efef186e5f5434b73b2ee0
SHA512 0b028e8d629ddc9ed07e0077a07afb83650f1f07bc70632c6578ccd6311f893a8981413c7d51408f87460c80a9b7df12c4e187d47a8dcbc3b605f1178dd2bc7f

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Ask me when PCs try to connect to my mobile device using USB.lnk

MD5 b94a556d5065aeb5c7057f7d78a2dd3e
SHA1 d221a7e5d9c4012913e7d1562aea74433e54b09c
SHA256 93a8717f8ef823ed85479b8d6d5a40ea20648cce102c6c0b19d92be29b34f25c
SHA512 6d5070c6411f8c8b1fa245144609b635bca1e31562a7678acee709d7ef53895b922e4f9dca7545f47ab6f806cfc984345d779ede04a2cd40882c5bd3758683f7

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose an account for assigned access.lnk

MD5 930cf8ac9eef9fc946d1a3ed5ec8afca
SHA1 21c45c955c9c50d15024fbde392aef468cc68a3c
SHA256 d817e91ff51b9145c068fc4e7dd956b4bcc274df00493f452746f6ace5217fd7
SHA512 7dd0a4466f0f92643579d9006d99586ef852ded4c25f4d03676b11316d7b60606386979fe13ed183b37e278d4e6991716cf8c2b035d86af835f3c46c6614341b

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change the sign-in requirements.lnk

MD5 c0b13045167ec82a13121f26192adc0b
SHA1 099af31565cebe8f302d2c20b65dfbbb75f7b075
SHA256 d3d18767b644f459d5c47ea3afdaa49ff1f3c5552107314ece09f15c1fedeb69
SHA512 bac1bed21250c5f37ce26350f69dc9b03069d95c88ece7ff99e8ba82f18702b35c216766b8797fc5f721b387a32850a6ed4de5b3b31f9798e1e703c2a909988c

memory/4080-2655-0x0000000009B10000-0x000000000A03C000-memory.dmp

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Play streaming video at a lower resolution.lnk

MD5 a162ac77c4825eac5f7ca1f91a4be16f
SHA1 f00efacaf494e5cde0df1db0539590c4d379aa73
SHA256 cb9ef162b1cad3b35aac2c8d354181b0339589b7fd6c1410760cf2d15679d75f
SHA512 39869d2914916379381673f812991ebba183b5067a6fc0ba2f5e280b699cafba9e8b819adc2f0e966020f9c259c4ab3cf85c2ac44bed24aa08771125e46256fd

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Add a VPN connection.lnk

MD5 bee64eccd3288a549f77a6ffb8bca78a
SHA1 b11fe2fbfb4e0714b7e10013b6d5c199bdd8b797
SHA256 a653dbad94805c252bf45be97dbb3505f61de1881e79e5e8ed549860ba793d6a
SHA512 271b2a4715f413a250b6d02fdbb52213190004289d523eaa84e4ed353ca44a0b1ae1a14c40d49f7431ba42dfefdae9b0477df87513afe33ab224724037c9b6e3

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Allow your organization to manage your PC.lnk

MD5 495deb11a42c2e90842c2b5f027c4c93
SHA1 7ff1f2e036fcaa403736dbb18e36cf7edf5545f8
SHA256 5ec4b3c5fe6fa57cd3f4817bf852cf42a0feed3d18909c4e5c378676510d87b1
SHA512 39d97baab22f4256fa0a71a5092c9a53b52501d09b3888f23806ea4b162e6ead7f3be7a665e60c61ba55c19208b5ece4fe8a044d3322adc343b09a3734f71435

C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Set up an account for taking tests.lnk

MD5 16cb3d8f84d58ac8cac52715b9ec70dd
SHA1 cddb11b8a87ae3251f4ac9dc9375d81a914f111c
SHA256 9bbf57193ccd65479e848c4ba96240bdfde3eef1c062b96e389b2f076b1dd9ea
SHA512 3f624c5a52ccd1018b8568aff9a3734efcc910dc0acf90758b40aef9bdfba9fbb83a3e29e7d441ae80f4bf9d1900dd564f432aa38f857b9e3cc8b4283df64137

memory/2424-2709-0x0000000000990000-0x0000000000D78000-memory.dmp