Analysis Overview
SHA256
48cb26764e09d08a2303a2b72f02400c4c45d336ce286e1030b6f4ac9d686702
Threat Level: Likely benign
The file Start11v2-setup.exe was found to be: Likely benign.
Malicious Activity Summary
Event Triggered Execution: Component Object Model Hijacking
UPX packed file
Checks computer location settings
Modifies system executable filetype association
Executes dropped EXE
Drops file in Program Files directory
Loads dropped DLL
Checks installed software on the system
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Program crash
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 18:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 18:43
Reported
2024-11-09 18:46
Platform
win10v2004-20241007-en
Max time kernel
82s
Max time network
76s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\Uninstall\uninstall.xml | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\MenuTextures\Abstract One.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\MenuTextures\Flame Grid 01.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\MenuTextures\Old Wood_x2.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-08.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 03 Mono.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\DeElevate64.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\DeElevator64.dll | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Launch.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Start10Shell32.dll | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\zip.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Old Wood_x2.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\lang\en-us.lng | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\MenuTextures\Metallic_x2.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Grunge Stone 02_x2.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\DeElevator64.dll | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\lang\pl.lng | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\Links\20.lnk | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\StartButtons\Arsenic Orb.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\StartButtons\DefaultMedium.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\start10_A64.dll | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\DeElevator.dll | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\StartButtons\Element Large.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\StartButtons\Flow Large.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Carbon Fibre_x2.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-09.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-17.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-17.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\lang\pt-br.lng | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Metallic_x2.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 01.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\lang\en-us.lng | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\StartButtons\Default.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Metal Grid_x2.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Start11.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Notifications\Assets\Fences 4-icon.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Uninstall\IRIMG2.JPG | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Links\7.lnk | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\StartButtons\Triangle Two.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Small Angle Stripes_x2.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-01.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Launch2.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Notifications\System.ValueTuple.dll | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Notifications\Assets\Deskscapes 11-icon.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-16.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\lang\ru.lng | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\lang\zh-cn.lng | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Links\21.lnk | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Links\23.lnk | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\StartButtons\Echo2.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\TabTextures\s11-tab-texture-10.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Start11_A64.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Notifications\Assets\Groupy 2-icon.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Rusty Metal Grid_x2.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\DeElevate.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\lang\ja.lng | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\lang\nl.lng | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Links\25.lnk | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File created | C:\Program Files (x86)\Stardock\Start11\Links\3.lnk | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Stardock\Start11\StartButtons\Reflow Large.png | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
| N/A | N/A | N/A | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" | C:\Windows\system32\regsvr32.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SdDisplay.exe = "11001" | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL\SdDisplay.exe = "1" | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open\command | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open\command\ = "\"C:\\Program Files (x86)\\Stardock\\Start11\\ExtractS8Theme.exe\" \"%1\"" | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.s8theme\ = "S8Theme" | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\ = "Start10Shell Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\Treatment = "3" | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\ = "open" | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell\open\ = "Set as Start11 theme" | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.s8theme | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A451C0A-9597-4915-BCCE-6E859BC996B2}\InprocServer32\ = "C:\\Program Files (x86)\\Stardock\\Start11\\Start10Shell64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\shell | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\S8Theme\ = "Start11 Theme" | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\.s8theme\Treatment = "3" | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Start10Shell\ = "{6A451C0A-9597-4915-BCCE-6E859BC996B2}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Start10Shell | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Start10Shell | C:\Windows\system32\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe | N/A |
| Token: 33 | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| Token: 33 | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11Config.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Stardock\Start11\Start11_64.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe
"C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1936418 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\Start11v2-setup.exe" "__IRCT:3" "__IRTSS:0" "__IRSID:S-1-5-21-2437139445-1151884604-3026847218-1000"
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" export HKLM\Software\Stardock C:\Users\Admin\AppData\Local\Temp\registry_export.txt /y /reg:32
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe" C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.tmp
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c if exist "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock\Stardock ModernMix.lnk" (del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock\Stardock ModernMix.lnk" & echo found)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c if exist "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock\Stardock Start11.lnk" (del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock\Stardock Start11.lnk" & echo found)
C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe" -install
C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe"
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
"C:\Program Files (x86)\Stardock\Start11\Start11_64.exe"
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
"C:\Program Files (x86)\Stardock\Start11\Start11_64.exe" START
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Config.exe" INSTALL
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll"
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Config.exe" FIXSEARCH
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Config.exe" REBUILDSEARCH
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
"C:\Program Files (x86)\Stardock\Start11\Start11Config.exe"
C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe
"C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe" -prodId=2674 -ProdName="Start11" -company="Stardock" -forceUi="Welcome" -parentPid=4464 -prodVer="2.1.1.0" -ResponsePipe=1440 -ownerWnd=00070236
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4080 -ip 4080
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 1228
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | install.api.stardock.net | udp |
| US | 66.79.209.82:443 | install.api.stardock.net | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 82.209.79.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| US | 66.79.209.82:443 | install.api.stardock.net | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 68ac216f38a5f7c823712c216ca4b060 |
| SHA1 | f6ad96e91103c40eb33fd3f1324d99093e5d014e |
| SHA256 | 748d48d246526e2a79edcde87255ffa5387e3bcc94f6ca5e59589e07e683cd80 |
| SHA512 | 9b7dce4ed6e2caee1cdb33e490e7062344d95d27ba48e96f66094a3413da27fb32680dd2e9a5b2091489780929c27fe36914210793fbef81dfb5b4fb1a9b469b |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
memory/2424-12-0x0000000000990000-0x0000000000D78000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\eula.txt
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Encoding.lmd
| MD5 | 6eec47ab86d212fe3ed0f56985c8e817 |
| SHA1 | 06da90bcc06c73ce2c7e112818af65f66fcae6c3 |
| SHA256 | d0b2fa60e707982899ecd8c4dc462721c82491245b26721a7c0e840c5f557aed |
| SHA512 | 36d6ef8a3fecb2c423079cadbfcbe2b044095f641c9a6ce0f9d0e96c6400f00a089aa26cc9d361bfdbcfdc3a8487d18d64956b36f39320648d1ddb565221a9cb |
memory/2424-47-0x00000000067D0000-0x00000000067D3000-memory.dmp
memory/2424-46-0x0000000010000000-0x0000000010144000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\REG878F.tmp
| MD5 | c6247e9f51d328f2d7d1bcf2dde15ae9 |
| SHA1 | 66428b3d3a9789b980c7a820fb72ffb31e200f8b |
| SHA256 | 8540a5e828472342d208efce8a59cb130f735331eaaac4dda3a5ba8b4dbc17fd |
| SHA512 | e093d2d3c1826afcac9158e9b5c98faa03c3a1d5642ea4f97cd93a8755d3f5be594651f3c9fbddd4df07850c13158fc84bc7541ebb84a501086f3916244523fc |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe
| MD5 | 55bbf335f75f2a2fe0a5daf603964d41 |
| SHA1 | f1b9686e8a9f10682722fc5e08c02c016b597804 |
| SHA256 | 723adae0e69127a6bfbc65c5ef552a351264205ea5e2bc3b80e505feaa5d0e43 |
| SHA512 | af49055234cb4a0ddbc68212db094c7a7a1058ccf6a1a5830238fe3ff96fa35390d242322436839d6d7e419bd9e4ad8962e213222470625cffb46423dec44db6 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.tmp
| MD5 | 3161f8a0877b31e91be6070a4aeb8068 |
| SHA1 | e95e152ae28361d36f9ece0d7f50c4751b59eb4f |
| SHA256 | a0c92c872545b4a8dffc07f959767a189a3f8e1db12a74af349ae5fee328cf42 |
| SHA512 | a012c0c25aa09f3f6b69907739bd836cfc5cea829e4b7a66fc8a980f220588c8af64652ba624593b2fefc124bb9c29e51b62df2af7611dd19e81c3d83251cff1 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.JPG
| MD5 | 3220a6aefb4fc719cc8849f060859169 |
| SHA1 | 85f624debcefd45fdfdf559ac2510a7d1501b412 |
| SHA256 | 988cf422cbf400d41c48fbe491b425a827a1b70691f483679c1df02fb9352765 |
| SHA512 | 5c45ea8f64b3cdfb262c642bd36b08c822427150d28977af33c9021a6316b6efed83f3172c16343fd703d351af3966b06926e5b33630d51b723709712689881d |
memory/2424-93-0x0000000000990000-0x0000000000D78000-memory.dmp
memory/2424-94-0x00000000067D0000-0x00000000067D3000-memory.dmp
memory/2424-96-0x0000000010000000-0x0000000010144000-memory.dmp
memory/2424-95-0x0000000000990000-0x0000000000D78000-memory.dmp
C:\Program Files (x86)\Stardock\Start11\Uninstall\uninstall.xml
| MD5 | 59cc4715893db6ec61c51748207e5588 |
| SHA1 | c3093fc12775a79ab165944c2824b28710d32cff |
| SHA256 | 5018de6cc190915b9534a2443b31008344b3445fb95d52a5779addd37b26e6a0 |
| SHA512 | e25df0eb320785a640e6b4ba22e2a7f6186f7b16e957439b30c7bd6996c9bb8443afbea3ad859534fe5b79f02b0f1e717c0a0f3bdb42cceca83cddb4dba493ff |
C:\Program Files (x86)\Stardock\Start11\Uninstall\uninstall.xml
| MD5 | 273d0e9716fc1cdd2067a4a1525c833f |
| SHA1 | d47bf51358938a034f5341c8edc3bb0ebdfaeaee |
| SHA256 | 4682c84310f0056a0e5b364f592dad3f8729713907a9d584a5d13ecfc6bc572b |
| SHA512 | 92604270622333f5f4c9d90759f8149b941f10228329bf566e364a20e9432c2c7b7be134bc251d12a13be8f72bb3b1eeec9d11e04b66bfaa2326ae6ce384361b |
C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
| MD5 | f70fbcc9916e38d414157a0deab1c4ef |
| SHA1 | e7da005c8fbc1d309b28902cd2fa3d11022f42bf |
| SHA256 | 915737d623601c90fb63745a2ce2086b0b6c9551ff3e4b0156d705d8452cb95b |
| SHA512 | 50ca193c257a4c2b47d024cd9a002473aa69b64378097677b1265d456716292aa8d27d780082227aef2629970f11de3c4bd5d2c5073fe3c25972d06ecf5b52ed |
C:\Program Files (x86)\Stardock\Start11\Start11_64.exe
| MD5 | 46c398c5e82a61580b00b1aa8cc268f0 |
| SHA1 | b4d77f62a166521a791ac819d5f15b36089736b5 |
| SHA256 | 0edd8851ef648039d36f3669bbfdcaee1ef1e45048b224af7f0358758db4604f |
| SHA512 | 0ff323d3d6b8eaa699a808991ded23bf572c844cad11fa987d20f482cfcd6fa21c41724484b1b5f7c3c42e1b6181add58a29966dea1726d3eb2febb7d3abc2dc |
C:\Program Files (x86)\Stardock\Start11\PinMenu.exe
| MD5 | e704c5d11852cb776d950444c01e659b |
| SHA1 | 00fb5ea2cb4717f9e35cc6cd82f5d345d6192646 |
| SHA256 | 9ca4b38151db0e233d01a458a75abdc421a799823faa3d488d5a036b50b011cd |
| SHA512 | 952c25a2b0b9a4d51f9525f9fe7ed8d40c8d00ac48afcdc60eb228bfe2b25a45e3f351ec06cb85e4e8c54f223c32b0e6e0789fc1134b80d2992aff844c0c2a76 |
C:\Program Files (x86)\Stardock\Start11\PinLaunch.exe
| MD5 | e1c1d962824ecf764806166644e4911b |
| SHA1 | d895f81608a01023df27e4bfda228341997f7244 |
| SHA256 | 351312eb20abf40983ac6bba7a33766355e7b3d4f5ea0e173fd537cb910b900a |
| SHA512 | 8c8868d569d381f4927431b582ef0adb301ab12f7aae782f629508a1ce3c44027315799c374cfcd274d0229c3a319af4e0dfb7ead86a794e80ac3208cbf9ba12 |
C:\Program Files (x86)\Stardock\Start11\Start10Shell64.dll
| MD5 | 59daa54e0f5401541bbb2ee0aabb950e |
| SHA1 | 0a0452f9ef2f4be99010e496c94a57659694b7fe |
| SHA256 | e2dc00de1303726eb70c9f719efaea948ccf24edc76bf0ada1362343c0ae1887 |
| SHA512 | e1b5ce8f62f7b9e1d43788b6d9f12677ee70b4d97f2c8499240ba3018ea2d8f81cf4efc9232016a41da2e3900ad1769a05e9ffe26de718afe652b27a13f81d04 |
C:\Program Files (x86)\Stardock\Start11\Start10Shell32.dll
| MD5 | cd8ad09f0d42a8e8c5922ff6c93d7d63 |
| SHA1 | 66e49537f1234c4243ca0faebb7ce0fd71841731 |
| SHA256 | 6c1df718f996f2310ff04867e14bbfc1be19b5cf48783d9ebf42cc5e1bcf1251 |
| SHA512 | cd61aa3dc932d7c42691629b55c212bd335296c03f922dfbac3b669d412bd03807b60eb80cd37b65d84e1db0dd00bdcd5c9b0bc1862e3fcaed0bc99ea5e5567f |
C:\Program Files (x86)\Stardock\Start11\S11Search64.exe
| MD5 | babbd30ce081bee9a63b399cd2ef9be0 |
| SHA1 | 5fc81ad3e5437c30949cec375b6fe5d25a5aba4d |
| SHA256 | 26c86b920c6f5837078f3eca3a51b5b23563ebb763f7605531c3fc4a8cb2c5f4 |
| SHA512 | 158d493e2967ecb6ff1a9603886166554c668407f83ad665e043453a1ce9c087473e40055c7c129de4fe02f1107accfb363753bfa322c82a8bd8a76679991980 |
C:\Program Files (x86)\Stardock\Start11\S11Search.exe
| MD5 | def5fe3a48b2bebb5d0bc4ffa4e68c8c |
| SHA1 | fdfd31a5c27ae9e163e5400e0efefbbffdc1edee |
| SHA256 | 83f01e9fa92a596f1eb5665d0e1dbc94f2b97baa1d1e9f3d96607a6252e5fbdf |
| SHA512 | ce98f707ec1a5fe41171a29b8c57f477783ec2b2bb7a04d2cf62e946179fe51b01cdad12211cfd93d11f229d2ce08ea0c99788f168fa2bb2b4a8539548c16245 |
C:\Program Files (x86)\Stardock\Start11\Start11Config.exe
| MD5 | df64879adcae95cb056db6072e9f0c16 |
| SHA1 | 44bb16da1de26288b92efa4e0a5c9d13d913462c |
| SHA256 | 1c1fa960a1504b23a3f75eb865d2c09b853e7b474f23031f01b977fc12cc8a56 |
| SHA512 | f435e6adb0591586d302a0c5ec04ac5708a81a4c407c82d788adfa637106e9cc50ee51f79dec5cb11711931508f5d982f166787594685d562a2aca8d9fac8cdc |
C:\Program Files (x86)\Stardock\Start11\Start11_A64.exe
| MD5 | 1ad990f26a923a418f0b03dcac0f964b |
| SHA1 | 337ae25698287fc151959ca727fd9f89b7bec7c8 |
| SHA256 | 4690afc0120f278ef47db782ecb8d0f70426157a91a2c8dc8a8246f5fc57a926 |
| SHA512 | 5438bff71b7e3fc117e3b60482062f5b85b798aa1407441a82a7c8ed4b5d894d5f53c8c410e53a56655a25fa5965affad44a66cbaad92ebaad45df75086c09e6 |
C:\Program Files (x86)\Stardock\Start11\Start11.exe
| MD5 | 0d905bdf98a16dc6662c5b117e213e06 |
| SHA1 | 12342c7bf296e027fcc9b61778880767c4bc4c72 |
| SHA256 | 9cafbcc00ebc8860c3e9c2e0a278b24ae5205e8c36745e6ce377fa680afaa72d |
| SHA512 | 832ff7575e9bb44d6cfc9e497ae2fe9cb9b916459af7aeba98a1fdfed8bcccf517b178dcd8ab6b09f0c6e054628d2e36095ff3a18bf9165dd685d02e4a582286 |
C:\Program Files (x86)\Stardock\Start11\Start10.exe
| MD5 | 3e9994b595f6bffec24ed705398ea2fb |
| SHA1 | 01307767dcd1ba3ceab55c69e3e13d569ba1a202 |
| SHA256 | 02dc0a089946622f72e685dfa24f3530f28cf62f342b2e82a7e0bfab7013c114 |
| SHA512 | d9fbce892cc0f848293c927c62085aa43b51e23eb82b03c41a8f4c95dda5e949e5a9a14934fa61723f49bf411d4391a2c45666c3c7b8a508055a3be55d269c63 |
C:\Program Files (x86)\Stardock\Start11\Start10_32.dll
| MD5 | 09de1164177c97ef4c85313671b1ee9e |
| SHA1 | 9fda43faf9e84d8b0d894ccc879fba3ee2af792b |
| SHA256 | 04c8d66503b6fc15ecb34a6d8886f3c06f09d505b710a38e84446d1396f92fe6 |
| SHA512 | 0d2dbc7ee09fa34819097ce64705e8f64f74f7f0d2e82d07f26920b72726a57c69163229cf3da525fe78e3bb4d39fc235237c71530713706831e3d4905515813 |
C:\Program Files (x86)\Stardock\Start11\Start10_64.dll
| MD5 | 15facf106a3246955fa4593525034e67 |
| SHA1 | 56ba28e1b08f49919155c1b0d99f8539e9d7cfae |
| SHA256 | 940a3e78b8a84e322bc8d2ab12f8d7ad6293902ed31ed8f6b10f634cffccd426 |
| SHA512 | 5e31a13f20bd315df6a89eb37db8079a85a549afa605d77d0550aa502d0693f115356b6d8b2427397a6632de18e8f985de3c032239fa94bb2000065f7bf0b520 |
C:\Program Files (x86)\Stardock\Start11\Start10_A64.dll
| MD5 | b0689c7eda4f68f0da202c69b1628904 |
| SHA1 | f26734af236299f90804d8b8b1708c44856d09b1 |
| SHA256 | 5b010aac99d5f79c6211c7b6b345ac3fd200b5bb1203f39380a93c8ee04ba257 |
| SHA512 | 0dd11d227e6786bba332dd43d3d69ab1afb6c85c2116513c237197b07cb56c74ee3008a6f71bce943f4bef0fea0b5a7dac3e2904d5811be7bc6e7af4e9ef750a |
C:\Program Files (x86)\Stardock\Start11\SdAppServices.dll
| MD5 | 468126eb1efaeb2c3897eaee587e0bbc |
| SHA1 | b663598d60d094a90f6a1d07951d83c006be109e |
| SHA256 | 00767658b1ba964e19d0748ca4a66f01ff9e634a9f37c15b175a4c3c547d867c |
| SHA512 | 247d794cbad172ef6b7e8cfd6f97e5d6d47cf9374910d8d3ff43374bfca7f2cf54057e942f9c7e4e3e7add970c5496659a06485b72ef82c858679b338b836999 |
C:\Program Files (x86)\Stardock\Start11\Default.spak
| MD5 | 21f335860a7e46e07a27282294e2a89b |
| SHA1 | 9bb0459be4493aaeb65cdbf67a85430259f33ddb |
| SHA256 | 70f6191e78b2603be47faf53052b3eab4897b311e932c01570444e9b147fa50e |
| SHA512 | 78db92966c58cba012d4a876599724d3e4b91e971ac837c85edfcb1603b004c002c799ae287b3b27eb604798a1500be4b3237d2f79fa7e7315b1e3b379d8c8f1 |
C:\Users\Admin\AppData\Local\Temp\Start11 Setup Log.txt
| MD5 | 25288a685372bc8ef85478429a9a9196 |
| SHA1 | 67a9b68a2ee5c5bd89a7eb376771e46e45d4690a |
| SHA256 | f300f02cd2b314974bb154d7c54164e5144e766418ef3d1382d82b4cb036590b |
| SHA512 | 7a5d25961dd8603e2a9809cfc79c4a6367e4bd4e8e7d10ac04702e8428c6be5613166b815ed16cbd04c973c2f294cb9f4659aae839232930fea82dacae2a85f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_B460DBDB6691F360C14B4617119E5588
| MD5 | 2aceb2f9a214adc6de28d8213df724ef |
| SHA1 | 98665218389376d18edc18bcddb5e22602db47a4 |
| SHA256 | 09d8ee872e0964d56dbc41971335fc7a945df632af1ad8bcf1328d89d92bc252 |
| SHA512 | 10922e3872c8299d2076b32289aec73a5fa8fe4ea5e029027aa0349800ae7ec6b605d2211601a48404c252fc8f5645cc152a9d161d8869b1380dafc059bcb4e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_B460DBDB6691F360C14B4617119E5588
| MD5 | f7617b77681f9194ab8d9c98d3e469ad |
| SHA1 | 2a5b096c14bf9061a09c8d01485e3c6909716abe |
| SHA256 | 569bca1c8dbdb57eb1a6e342aac7692c63e234840d48bb00d151e057e092d6bc |
| SHA512 | b799f5874b0d0c85f6bab87dcd605805bef5404f12b57434121e4753c53b4423e9ac951256763654d4051e79cd8da7f271d554b1388938c8a5f534e3c0fbed6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | f0339c0506fe0b51215f7227b14e656f |
| SHA1 | cf937eeed1483e23e81244baa03d5e8f112c56d5 |
| SHA256 | 47bf8749c1ac54c6586d625c99219f03c6a073f3b3f5689444985aae85a3e5b1 |
| SHA512 | afb55465411bce78b7453e17aca382e0add24a1b0dd7f116cb077a2641abcbde8684e076d69ca6a3a61a3e47d156f85c80621082ab1a80f4a5b3b1b75f20d5bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 3c7facebc63995884dede36d21b19e45 |
| SHA1 | 23d77d0285235b4540d95d5cb13188dcd24777fb |
| SHA256 | 035fcb8fc891bbd480a2f90d10c8cc8a815abb8ee1f96893a817b98e821fb13c |
| SHA512 | fdf7c50442e2a5be01778c0990030f0c29fb267ae1183fda7a9c05702b94b9c8531879f037cddc9983f7fa18861c6495c894c4b4e929db4bbbd66a090f671d31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 766cf5cd1ccee5f31bf4332b8c8629be |
| SHA1 | b2937666b4f615601081a7e1bdaee0326b820e38 |
| SHA256 | 1e929742ccc963109fe468e0efed37be626873b4d70006928d1ce413c4019c69 |
| SHA512 | 242343410a5d8ebe6e9d8d0b2fe833e9320068ae163ef02eab7cbb784afd66eb5a9e210cbc12ca419f559e3366d790ccd541e9027efc244ead30035abef6c538 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 180ff32cfbc19e245d8efc265487a3c5 |
| SHA1 | 34b6d177ac4aee3efcc7fcfb5f8ca9f24016fa83 |
| SHA256 | d532de5ad52fe62c0839a0f92ae7bd9b631df34bf1c169790de7f2119cbecb0b |
| SHA512 | a43c12bd996dc6cc4e929496d0d96421dc8722dd9a52d54c65117b4dec6eba12264c59523e29583e41f84180a5e4244eb73496195a2062aef8482d184681ce82 |
C:\Users\Admin\AppData\Local\Stardock\Start11\SasLog.txt
| MD5 | 6bfc233eb0d8670c6fb8dde7e4f24ee0 |
| SHA1 | 1470b1c912941bb8c0388e7ec848683cf063db9f |
| SHA256 | 68fa1b24b9c97b8e23b724636419d5469b47469cac6397944019254bb149be1d |
| SHA512 | e08d7c9723de0d834fd300187edcba503d19498f8fdbdaae236cd0831680f25f7dc54093ba44e8bf1c0f7085b16ad1bccf9dfb765e7595daccb3248d0b7b5b53 |
C:\Users\Admin\AppData\Local\Stardock\Start11\SasLog.txt
| MD5 | d917612fd4dcfb19cd6566823e4a3c2b |
| SHA1 | 0c808a1d4a3db0ecf720ceb78a29848a8b1db620 |
| SHA256 | fb01baf470265e5cc056bae6ef61d861cf71bbb5062ee2065e05933a1969e08c |
| SHA512 | d0146549437e72b82e5c44edd0d14adfa640aa9f86606a564681942e63299036a41f9e9c249b2ffe76743485baed43c42ac246e2816e60465f0b4b7a5270855b |
memory/2424-1142-0x0000000000990000-0x0000000000D78000-memory.dmp
C:\Program Files (x86)\Stardock\Start11\Lang\en-US.lng
| MD5 | e60dda7ce8af541ac8d3dc821d5937c7 |
| SHA1 | 316a406fb223cc23a3a1df3bdfa2b27cd1bd7448 |
| SHA256 | 58c44a3d00e38b550ff21ccbb665dfbed0c2c780a585600acded5854bf153fb2 |
| SHA512 | fc64969363249e4e48de4e8aa519908ae9ec3b46f6962c8d252405d961fad2d4f4ddf89067cadf3ff141c72991267e8cbf8c53a0cc32ccc66258175d02cbb16b |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off taps or change the delay on your touchpad.lnk
| MD5 | 3761dab3d0fb874b4ecff252d865f900 |
| SHA1 | 34c22369158cc6d28ffc26d9ab0e397cb8bc2e81 |
| SHA256 | dd95f92c5a1eba5343ad1655c85727ac8c460d6f29da843c10185eb15a5083f4 |
| SHA512 | 639c53caeaabd5ad2326273c4d350834cb5a53e1ab985c33df9295e95917284d4044e9d102a064d7266ea2068a9be7d4a14950db2002736e362e21744d880ca3 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Windows specifications.lnk
| MD5 | f2dbe074f53caa49b7fdafb2b3abc4cf |
| SHA1 | 0a38ae3258f632da6831733e5d7b861f38bc513b |
| SHA256 | 3e11753ef41dce8b635f97429d65929cb61854a08dd6d0d0c8e43a1ad22527da |
| SHA512 | 49d1db78e07a939f413032e30184314ae1e95c8559d72a1d15dacbdf66d2a6f0371faaae9db279d93ef1bfcc24ff163c9c67663cd313f5aeffcba910e4569464 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Handwriting Input Panel settings.lnk
| MD5 | 291965faed6c8ca9b7ddea34e0430038 |
| SHA1 | 2a4406e24f6e520dabfe2ceffd7ddf5ca0a2af36 |
| SHA256 | c62d602968283fb5ad7609d612b8f08c8252a3a252f6d38cf7250cd9c6398464 |
| SHA512 | 71c669caa5755e207d9f6d75a926683a0aaa36676e9cfef6c9055e0d67d5077639e5248b15db7feefadfba278f0dd07dbee94f98c1318eab186b4dab78b332cd |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change when the PC sleeps.lnk
| MD5 | e31783863c0d22019f46952b4028e24c |
| SHA1 | 34fe06fbc37d3854ffad0988b9bed5f72566a38f |
| SHA256 | d1fb63ca3ae2dc2d0e3af743c2cb64017d6cf1a8bc83a4770126b362c3e52d1b |
| SHA512 | 0ed1abbc8a011e0acd7ad8b22ddbcb9666b4f380c57ed439a2729b7bb8bc099f6a204d6487e1eac079d212da9f8f805e322733abe8d1de401b567a5aff48bb46 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Tabs in apps settings.lnk
| MD5 | 635941a27c93499666e4cb14e9b4b882 |
| SHA1 | e0a607b93d54b441ccc49f8b2c550891bf03488f |
| SHA256 | 1045697a110b1555d6d2e7f2226d9af2777aa47fdfe71bef4e7ac8ab6b1f179e |
| SHA512 | 24f6c9d84a82184786f0d9ef1590eef871c99d59f922bf21c539d0582e9d3bde9309f5c0a007b6f838f6469a80b9f39ead0400becd87b09721e64f1c50449501 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose a default app for each type of file.lnk
| MD5 | a7b5ffa895c46883acaec5444d370839 |
| SHA1 | 541c596f101f1c824cc127e7fa83b28b3833b4a6 |
| SHA256 | c25bf8cd1e9bfc6e94c50c92b28507ed778754a573570f656aef1acdebbabad0 |
| SHA512 | 84662f091a1390ca09f5588dbf82d38e614a2f655450a4277b826581d27c9f3b324a53e00010f44b530534b3e469784423b8858eb77c09c4ce3c463b3260c34c |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Battery saver settings.lnk
| MD5 | 9077541552701da1e54476c4d3ee22fc |
| SHA1 | 6e9c10d31fbf93b8d4e9e0c7ed20b6f36169f4f5 |
| SHA256 | 57682f00e82e7c69066545919cdf3383c5490966cdb158fce191c126a63fbab6 |
| SHA512 | 1f613a881afa0ca2d6e7f480db564c59dfaadbea8b2ed3b4885acbba345db0e017d0824220662222ea21e7639b6760553876d8bc42c1ac8a81c66d32019a8959 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Ease of Access settings.lnk
| MD5 | b19fcebc4ec8c56537801daec153031b |
| SHA1 | ddee86ccec03bac1f86651ddab9cc9edc4136bf0 |
| SHA256 | 649aec906d3764ded37ac896e7db280250a384d04f0f7770bf0147d04153de46 |
| SHA512 | 529d46e5aeecb31440621cbb86a28473366f78feca074ad96b6d44dcd90c5530c22a9127f6e1240eda9bef5543293363e28ccf64fc714878b52f436193daf138 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Ease of Access interaction settings.lnk
| MD5 | 60a193201335c58a50c1d7ad5153a729 |
| SHA1 | 283101c45cd3315eeabbc53d3bba393dfcf498cb |
| SHA256 | 8538178262c6ef1ef3cbb00edb8d8564cac0f38f6da66b340bf37d8391ef8b10 |
| SHA512 | 883a4ea4558cceb68c03f724d47094671029a44180248dbb9511d280cbf27981e4976988cf8a30e34ab2ec705f6280e7b8b19ebf432f99fe57a0e35c411a247c |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Cloud Search settings.lnk
| MD5 | e6bbd5f549161c72f4242fc461a7862b |
| SHA1 | 926e780e877352ea4b1eec451de3a0e5512a0f52 |
| SHA256 | 3f1381496042727637ad05a99477fed60ce5361f0d987ca0e9eda4f4427c8026 |
| SHA512 | 9f0018612e42c5de8e7557259e38971c1603c7a46e734997e972c30ff487e55a4f14dabad85a211955df95fb9b6a102caffae76ca811dff416094eedc8831db8 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Recovery options.lnk
| MD5 | 3b5e1bc5dbb0906ac9256f507b970610 |
| SHA1 | 4cf8af8c53e560826e7a8d3a1b822326dd42d940 |
| SHA256 | 7340dec88257c5acf6b1b711bea215d41ba4769c45408ea032735460432ccf04 |
| SHA512 | bd4bf0496d5a9283081ef8b731cc9860e067bdfd9867344046e1a57158e98bfd272d4ae4017a16234c204697ba0ca418a930f295090a2c4a518d8d928689cb96 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Search permissions and history.lnk
| MD5 | 571d673b6a9741940007c2c4af42fdd4 |
| SHA1 | ae0200e7a9261190e3a66129e8b121c166491ea1 |
| SHA256 | 1a8a3c47e5e994bfb5fcd05a499ad78a55427272eae0321bf14c9df7676f83c3 |
| SHA512 | 2ec76862e1434a0f7bf6d97e540d962c3b44213d9e896e2d4069330714da1cea010ff9cd2aac4a7e4dbeb45b8a736734ff318715fb16f1d32bf4539295fee9d2 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Speech settings.lnk
| MD5 | 2e5aca9ec8f3f4a49a887f1c19af7d23 |
| SHA1 | 7f9790c88d57a1df395d993459ba91d0c76a1e9a |
| SHA256 | 4e2130e210d01d5cd3e49a4c466d360d352e679f91b734b499b0f7f581eb0b5a |
| SHA512 | e9170499216853cec23b628fe477e8427b65cd2c005cf4871ff3438b651d16c35af8e02ae58dbf49a079370d0e522218ce8656fcbe70f63db7cf4a4817a7e6bc |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Shared experience settings.lnk
| MD5 | cf77bb0d3e250d8dc710bf43a1f17db8 |
| SHA1 | 45440eeb3bcc4c90b0d683149e5a26432cd9e902 |
| SHA256 | e53b625bca75ef839b6cb4ba5d6035263b98a771b30119832dd0fefb121af6a6 |
| SHA512 | 8ff15a4d6bf70526d0200fd46b3db8dc397788623048d2e8c6547d9cd24530fade3b8345e6ad1fbf891caa9aaa2ae9eff98a46b6fd6177e5c608970b96289f20 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Taskbar settings.lnk
| MD5 | 0047495360b441580ded1b9233b61c1a |
| SHA1 | fbe920528c53808c23ca622a25ecf52d37d67b8b |
| SHA256 | f509b4b8125e20f46b5747ece61909ddfbdadc466fa4c8c130db996b8d4875b0 |
| SHA512 | acd719aa23568f5607acc75248c543e463e79c0b18a7f8ee082c9c9b941acbec43aaa352d0fca5e11c4d2ac505c60a606be60bcb17c633fa906b6e9609922b22 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\PowerShell Developer Settings.lnk
| MD5 | 6081a51afb513f4ff76322700a5f0f70 |
| SHA1 | 9586b155821fd3b6dfa41b5bed7f41a142b3c0b0 |
| SHA256 | 5b2b02f9608ca235b5038ab9db3c1186309e9f14937746bb2fa6c302f40397a8 |
| SHA512 | f64119bbff28b1a6958d6b271552f10637c319560d2a4aeb00d381a64e90e054fc9d9d393bef3735843229bb58f30db7b3af929ac296814783029fb60d66325e |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose how the cursor is shown on a braille display.lnk
| MD5 | bbf98fdef93f584d0757029d3ba39bd1 |
| SHA1 | 30bb0afcc07593bcdaf453445bdf01421064f5d2 |
| SHA256 | 1578eed6884f8111992c707a6ab9dd1927c7bc6554f72d5f084a318a25547c3f |
| SHA512 | 693997b28e1881114e5933b72fda2fc95ebbbe991d3b95fd6f9dd9e8affc6eefce08c3270efc34d08e6016bdd571690b26bd85ce10d0bfd5fcb2eabff09d86fa |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change caption font color.lnk
| MD5 | 97d0548416f0ef4d331bd01ebffb6e0c |
| SHA1 | 1cbdf28d62b8ba000521c8223b6ddd7c4c9783f9 |
| SHA256 | fa08def4ed9f4ea292a5fb60d502615f0def48ba4730167cf60377322e92adff |
| SHA512 | e808ab8864c9998caf00e604fdca8ba9abb8c0dee8011735f9456733ca76867cc6c0fab94f86bc221a79ceb458ad9271c3a38f410977f41265328d9d6410968b |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Allow the shortcut key to turn color filters on or off.lnk
| MD5 | 39b870d0bc33d7c28b402cdfb426855e |
| SHA1 | 4237025e87440f2a7327cbec5dede0a80ac0b9f5 |
| SHA256 | 4afe180c3985bc1874008a2701f91fa50132e6b48a1ae85b748e5d1f01834023 |
| SHA512 | 7650237043be5c393db98bec519bd01d4735cdd73f321f92767884606bb8553b26f221b83f3da2834718f2cad6a8a69a77ba42366758c2d54bcab06d3a444763 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn on text cursor indicator.lnk
| MD5 | 47d7abe5c49016b71b139653767bd8e3 |
| SHA1 | c29229e8d1a4e1e9f01223f4285e7758b37a7243 |
| SHA256 | ccc64fc96c1ed700a669b7aeb140af3258963c46166888d48de59f3aed67d914 |
| SHA512 | 91f629fbc77a25d7459b6fd25fccec1502e42e33b608bfa670895e07a1b73683d3a16b3d52fb6503fc95b6dfc100b4fbea861e45b1de76f4bb582f51df771f5e |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn high contrast on or off.lnk
| MD5 | cb010cdefd65876698aefc37d75fbde3 |
| SHA1 | abe4745ccf42b2f9f456c7b60d7a34d56580add1 |
| SHA256 | 6d1ec1d9c47f1f5369a84831b505e1e258289dae50b03a1cc3771f529c98f879 |
| SHA512 | 4ff8721e969273c5ed43963f32d3702038596148d7f42a2b6fa40674d43214fde66d9dbb4cc9728dd3b7d0ab2aa79ea9d311062b378e10197c03c2c5836ece78 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn mono audio on or off.lnk
| MD5 | 7134f8a18be5f463d427f0a0037df377 |
| SHA1 | 6b0ad4c36de6ce1c5b9ad43394d5110ea79fbd26 |
| SHA256 | 3ff1dcdf775dafa29dfb7aa630dced9baa0501a1086e8765a8727f12ceaaf228 |
| SHA512 | 323f69cfa2842d2b5b09601714a0eb2afbef7c5d55b7dd9d0b10084859cebf55de915af8b2f197503a8ab453c075914a071a71ce1d73d86bab5e01ab99b22fc7 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Show the Mouse Keys icon on the taskbar.lnk
| MD5 | 5e1748ca8b864832b6d1fd27db867b6a |
| SHA1 | 9778963e21e65f9c5920ab1dafc43d411015693d |
| SHA256 | 101385bc3a7585a0dc165bb490afc881e0193d65e90f9fdc6c0116729481d936 |
| SHA512 | 846742136295ee87907ad17cbea088f288599d74deea8a68383f263215ad53662153b41f8e0ab41e3c480b6650543d8c7ed932e3e3c8a9fa81196dfc705b0128 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Show the Filter Keys icon on the taskbar.lnk
| MD5 | 2c8e1e3a3cb6a1d06b7a218ee5812bda |
| SHA1 | 6e6bd5a4c5a781be5543be81fdcaec7770a1a77f |
| SHA256 | 0af926a5b56a228c9de8f0bffbb7d751dada2bd30ca38cc97c194ff1bf7a8d7f |
| SHA512 | e5ad034baf57c5ffb44d83ed419359f85af7ff72bf63fa4aca3072557d74c31073618456b1b86bb8e5792ed9d17259e51b714a0262fe84bc45ad87af7efd81c7 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Keep the mouse centered.lnk
| MD5 | d4c4de0cab16f8d18bae11cedd75678e |
| SHA1 | edecb7b926f6144bd968c10e5aabb2a696f20a66 |
| SHA256 | 5cce47fb2bf8fb5e4a959430fc9443a58d8f2501d6e3e4a9e720b343a18fcaa6 |
| SHA512 | 839a85fe9e202b1365bbff74530024d8e41b092645925eee178ea48b9cfb417ac1d7e36e56772163b9a59aa4ee0612205044b349039418ee7138661572939879 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change mouse pointer size.lnk
| MD5 | 5605920f5809ce178c4f494fdc13c5f3 |
| SHA1 | 1e9fa7580ead80c5411c00bc42ce762420b46f8c |
| SHA256 | 1174f00ce2c16685fe281a1f27b5c404edc78873b20c86ca883ab1440889c5a2 |
| SHA512 | 6a25647f71682481d508538aad4a25998b7390ce18c3cb4ddebaa683471a3734af7bc6571c03e42b008129bee67c03678a0d09d982c48eb025ec0f806662a294 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Buy product key.lnk
| MD5 | abae748472ccae5bf442f1c15d148d79 |
| SHA1 | 3241fbe9cbd7d26b71abcec50fa3f1845a5c4849 |
| SHA256 | 5e6f1875431a189d291462f53a44cb883b16bc1dd79cb0095bd96c44f0f7bf7b |
| SHA512 | da8529754df4878c4025b81a81b9befb43a4f9ed1709c2e72ce6448795afc6fd9f0e9bc487eee6e6ea85108bc28c7b03f0065319f7c8625628c2eb5ff56c5b12 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn AutoPlay on or off.lnk
| MD5 | df82c4ce9682d5142b3f1f92a3cbb1d3 |
| SHA1 | 77343dca43c0617179522e915857871b59016f20 |
| SHA256 | c3227da3ac420e640eb8ca6a1c9b6c6c01a30f10d557dae9f3538b28d6c31a4f |
| SHA512 | ec42881f4b3f26dc3ea1455acab62e7448c8547ce2a0a032e4715460f97d068b203810d37d911e40e5bd86e3be7729b855be2223ae0bfb18ae0d545e1c9ad46f |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to account info for all apps.lnk
| MD5 | 0b515c92e92484c1e63c6dd2187ad4bf |
| SHA1 | f55153e1323ab716a5514d8ff58d54faddc5e81b |
| SHA256 | a1391c7fe720a90e42783fdb6d37b5a125c84e5bb24983e381f802022d2a2866 |
| SHA512 | 6ca4df527bb4878a230ed1d2bc4f77fda4046d1c08257e25f80c0721aa8a35b6828f55e557430aef00237f5a0f0be5397f7a57d810d009f55246467704f2947a |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to diagnostic information for all apps.lnk
| MD5 | 5829df6d19f892d48a663237f2a91f8a |
| SHA1 | 5c82ca7d8026225dd2bb43d96e8827010e10c677 |
| SHA256 | a18c9122052fa5d66cef2afa93692907e57b3693c3e829e162f56cf252f3e074 |
| SHA512 | e0768fb0059a95c63cab12c00c0570ca7e33d8c6ebc5ca42fe9f803c3c8a3ce66ad1790404da212795b19585bdd08227de0cc3a05daeb03dcfda1f9a30dbf872 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off calendar access for all apps.lnk
| MD5 | 31069af5d395b9cd331974012aca8c1f |
| SHA1 | d8657e5812c7d3fea179b8a46eb0e3057848a5a9 |
| SHA256 | 6eaf37ffb1a5d539893ebc10a6c409401a0c3dab6e186aa42c44de10ae98ef26 |
| SHA512 | 707a655c1c0f88d7f0a18382331b10038f339f09c3636d6bdb3ba6f306b561a97701f3a683f9841512e98739c926da405c1724b11771f2ab850c991a27c65e7f |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off camera access for all apps.lnk
| MD5 | fc32aed0465703b5dfe7e61946bfcefa |
| SHA1 | 71abd48155f9c35cab110446910648da128db244 |
| SHA256 | 854656aa4c2b0e3d652b4c50add9ea5107f2154911af7ce678fa3c24c1b34642 |
| SHA512 | 852805ef4af3344631c44ccf3fc49c509d040264844faa868a0a121f73e39bcc08ae2e6ddbea7720c7e5fa0be1f01a91ef512d31bb1be05808e9fb715392d6ca |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to document libraries for all apps.lnk
| MD5 | 276d9b8495b8d598ac0755b1cb0137b5 |
| SHA1 | 9db3ae45b693160e36de95c94e679d7e60a97f53 |
| SHA256 | b8ee44b09161fe8587aaedfb24462a93b6be442a475627ddd958e78ca6db7e18 |
| SHA512 | 20416ed3e1873572aead6fb5d13f533637d40b92b9525fc673b3fef6efef3a3d700b99db92170bbb4b83f51f02b71c1adeef56111369bc12c4c8acbf378071fc |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off email access for all apps.lnk
| MD5 | 8d861c536097c949989581b890b2eafa |
| SHA1 | f8756b31ee8b9d1d10de30449d4f8e2dc97d954c |
| SHA256 | 7f54739e967c8d3825f4787f14287973d9dd4c87a19d6e0333935b1bf09506bb |
| SHA512 | 9aee7a189ad412bb468960deb0079ffcd75cb0138967edecfc88a69902c53c765b5023edb205496cee7f5a19d3a309ab20c25b04b539cba6d2efa5621f7edaa0 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off eye tracker access for all apps.lnk
| MD5 | e8410b0e76e7fe3c111ff51292f840a3 |
| SHA1 | 5038a6c730b23507e8d960401683ec9ee811b230 |
| SHA256 | 2438ab8df0b0f466fbbc400930165bad094967dbdfd20a39f812c59cf5fcdda2 |
| SHA512 | c4beee72b1d59d26d3b5eb9b9d2e9ce9255bb461d160de229793d8995626de270728b36c99e76e0efdcd045e5d8951a5904beb6630d4ed1582daf4ab6246f77e |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off microphone access for all apps.lnk
| MD5 | cc8a115bb2e34c5c1b13003e8fa86e88 |
| SHA1 | cb3e20d63e7658241ea1544efa0c2a1c37535a6c |
| SHA256 | 8894c700d70058196c49863cef695506e371f60b9bd8a1c272de47b4b53bf7a2 |
| SHA512 | 2dbfa88b6bfb834300448fc3e105911bf62db1a77423bcfecb49fb574cdb61c51366686c765ea1d3b27a35c04ab51a8bb9820400266404b57b72ea876b09a6e8 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to motion data for all apps.lnk
| MD5 | 589713b96eea442a7e4bb7057d3887b4 |
| SHA1 | cc69d70da0a60320ebd6a5ff53fa2190b47e594f |
| SHA256 | f80cee18c5b02c3f3fda3501523cf36c5659a7997d1b54ee6027f392b74ffc04 |
| SHA512 | d495ccfee4678b4c9b93699586f44def431d8c88cea36eca237e6e6d93c88cc0aa7228b4b13c2d2bfb5519e1b7df4fa53ffabb735698332669945001c517d9d9 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to notifications for all apps.lnk
| MD5 | 503ce5a79498da324fdc1ac56034d000 |
| SHA1 | 70f1dd53ad1500fef7d7dab0c6c2bcf262a5eaea |
| SHA256 | 8a3359caffdbca2aa38a4e7c280ed48387c142099a2b8f5fee8476face45cb7b |
| SHA512 | 17892122c07dff1370ba6d43b7c36fb6db1e9ba5bf29cfe8f4d64b0da8e6ab8c4c02fa4d138b5dcecde87a3826d20cc7ae70c23e76d982cb708a7658e917d8ba |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to call history for all apps.lnk
| MD5 | 0fc7528e3acb1834f43f671663ec71db |
| SHA1 | c30471e71ab18fd43207d9bfefa2cb13538c09fd |
| SHA256 | 84548ff0b7426501ba17a8ca4790c216c0fdabb6aefb040233d164f88f95193d |
| SHA512 | cf6aaed3a75edfb491cc09e4b266ce0b0898e6660655f9b90bc5e6d54bcfaf234933587d58242b25d9fdf01831d03dc59bd4d76b279b5df211aa79642efd012c |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to picture libraries for all apps.lnk
| MD5 | ac93b1248b8d7bf70f14db2163fd6a9f |
| SHA1 | cb12be35954a44e859850c6940933478db301888 |
| SHA256 | 6c5ad3bbd63c22608214fbe0c67b0ff5767966f409625e8580eaf32f69aa4734 |
| SHA512 | 6f4129d3f7e3d24038e7fa71a6f2ecd80d26c113a91ac0ff13f9186e10f1a25f5ec84e1b89fbaf180aa8f259c07fe15d4f1138762bc18ba4d42977e63e0d5c7b |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Allow apps to make phone calls.lnk
| MD5 | 5838a3ed16367cfd6bfd3d65ce7fefd6 |
| SHA1 | 58ff2e8763d64d6689cb48544ee76494b3a9372f |
| SHA256 | d76815b63831d8344def8082d94c24ff9655422a89a506a7b3e66660c5652c3a |
| SHA512 | 333b02d26e4722a4fa84731d2752fba675280a948d3f8464141996b6848b6b1f465f9e990d25c1375fb1c2126af8b22a9691106e495cf575dde221c2604bdc21 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off access to radios for all apps.lnk
| MD5 | 6a99de5c4d12852f86dbeba267b8d281 |
| SHA1 | f665394adb59ae9b9cbdef23ea545cbafe82ef1f |
| SHA256 | 73cc9f0c1ac851a17219e30ee81e61466bd07d6524bff54d39f4928ed10ed3cb |
| SHA512 | 5f744c6a0b5806f5071a2075ae709425d03056328fde89b8b194109b9b49eb210e661ac36e6be6b4f32cb766adeddd76e8d1d3b9e0fda696ff5c01790ffb0d16 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Clear clipboard data.lnk
| MD5 | 110b400dd6f2a0e9d57a02fcd250aaf6 |
| SHA1 | 26fc40e3d7e49feeb7a0112face1a8e4efa69bab |
| SHA256 | feeb5a4700adca45e23174d7526075578ee58d1ba64d7f91ae60039b1a2cd1ce |
| SHA512 | ddb28479e8f30e01fe57272c3727bc6c43398c895ac138063f224128a8c19fc6709e383ccabf4c1867126361a184df43bb5be670e426f5c8991dcdaac105cb98 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\View your network properties.lnk
| MD5 | 64fc31ac34afd34b8fbff2dd48854bc5 |
| SHA1 | a25f5643a448a64737c56f7ea5652754ce801da7 |
| SHA256 | 8adfe50a191d764940eee54fd548da735a9034254c0a17c0575db8ad8dcfce88 |
| SHA512 | ba85a70dff54d103095fd954d5f4cee3f9ad16bcc0b4da6e6ed20768e4af6ed615da9387a3099c570ffad9c8fa07b7b140bf7917d47fab90ffc1669e45e3b5cd |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Allow another device to turn on mobile hotspot.lnk
| MD5 | e6567d317588919fa9e447930f1df788 |
| SHA1 | 8001012d802de109bf99b4f751144dc058c11f1f |
| SHA256 | daae25bf3c5bbe39b3390a6399f38481fff3fbb46993f4fb042d610c569ec24c |
| SHA512 | c6aad3de912c02fea71945b86fcb4e13098e2776805e87f3349a2d1f30967f5c42ba150ee861e6b1c84ad3b214c8b3290aee16e9e81bd6965b7314fce3b0f517 |
C:\Users\Admin\AppData\Local\Stardock\Start11\SasLog.txt
| MD5 | 4bbfae4197e5707a01d99db28820e997 |
| SHA1 | 3a7fc4ab82c3110481999d66c39781f39f7f63a5 |
| SHA256 | ddc64e3eaad735bf362e3830195429c4a68e81cf4f89ebb23efc75b093fe6bfb |
| SHA512 | 168b7b7054a903fae1258f163dcac793a17f9f9535a0c58049a3f241933bb025e33e00ade2311aa3b4c6151d93fa176008d3868580e79ed4748af57c206b3ebf |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Use random hardware addresses.lnk
| MD5 | 256ec8dd048478d8e215c56acc7caaf0 |
| SHA1 | 86dddfad6c086036ab5304f583db73e759d27661 |
| SHA256 | dc0923800a67fc7400ff2c57f4cdaf60e711243ed40876f4880eae315669434c |
| SHA512 | 100a05db27473b4c5007d30325ed1a2b5cdc81c44527a408adb338f5edf127e9d7e874b5f8d305ffaa477348fb2d9c9b0a6a1f22923a8cdf957f136176da5e01 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Sync and display your button flows as quick actions.lnk
| MD5 | bdd44d417a9ca05a106ce3206df9a195 |
| SHA1 | 82be572f54675cb8143f805234d87087c7280cc1 |
| SHA256 | 397a797c59ded4e755c57963a97fdcc6d374f37b84b493ff6a98847527c1ebd4 |
| SHA512 | 0eebf05b491d3c734836a9523e5080f29065bd12b57e4c16ebd657a191d38dad9aa8c2ee943a129270589a0113d5d9777c431882f875528adf87769d305d80b5 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose which files and folders are indexed.lnk
| MD5 | 704ad4041197186bea8bccd54769069f |
| SHA1 | 6105a31e042b8f66e493f24fff4e5d9a01ac0699 |
| SHA256 | 56bba79a6a8c4122e785730014b39356b540caa9cfb0f27ca23999d96bb8e6db |
| SHA512 | 4f950c4a6bdf6ee71af9868ce4735cd921b94046a7449f0f58f007c643a803a5715de579415fd291a0813c3989e28e2e087262c740bf19e42cfc4d98b697e2b8 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Set the time automatically.lnk
| MD5 | 94e0d01a5ec4e85bc9777b6766f4ca38 |
| SHA1 | 72fae34dfdf2fb31157680bd0464a58ed9de57f6 |
| SHA256 | 3aa38db82c1349e8f7ddf7ff8655db3acac4683d13540b3eb9668481564b5140 |
| SHA512 | 462df22dabbc40033b22ab59c566d83309a9be18971d219234f0d1b71e38c679d4905f4f4cddcea251fe331ee32b45dccbdf97ff027717729274fa4714077cb8 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Use Cortana even when my device is locked.lnk
| MD5 | 93510794b0a27f178dfb7816d0e55ffc |
| SHA1 | 0c0d4d65eeddf00205d4f0ed620761ef43b4c9ef |
| SHA256 | ba27eb6787c29f3bb7181db971c03b93018ea2519362be54a0f4ffa806ba482b |
| SHA512 | 0e94e166f2745e053434b6552e52f06756a1172895b03625888acae18ac4d77c2b29cc551571d4b6bd35e081e725923e237c41092c009a2273667042f3534dba |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Allow downloads from other PCs.lnk
| MD5 | d315fed9764bfad3c401d4c2caaad768 |
| SHA1 | b7a752c70e8ee6d232ac1903faf54d348dcae057 |
| SHA256 | b8019a0e81ad98833a5e33a41bcae45858359e0f43bbb4c8390b01df5462b841 |
| SHA512 | 5d9c9f93f86cc78be4f85d0b7efd097d68adfe0e46194429b84678536035f83c09e4592cf26aa7cfa355fc6c50074d001bea6d24e2e6b22e5e646fa53f6b6c06 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Wheel vibration settings.lnk
| MD5 | ee246e39c9e47e4bbb2fab3a75709cf4 |
| SHA1 | 643964ef90a89377572dbe66682e84799525ffaa |
| SHA256 | ab95bc3d5ea6dc27caee0ad4e7c1b616fece4de1e91fd59ee9c51952a74675fe |
| SHA512 | 6c7e04c43b7932e03ce7eebb616f94353d4ab8ec9581329f7f44d55725ab610f03962a6dd5ea19bc1be0b5c7683132daff609ca46e80b9885cdd0970511c5114 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Adjust strength of adaptive color.lnk
| MD5 | a013a3626693e88bcd2a87a4ee4947d5 |
| SHA1 | 262e0c14f044b8aacb1018fe732d6df8c568f07a |
| SHA256 | 1937be651f324f8b18b5f2965ba3e740bbce53edb2ba2205374efe0be53e6d55 |
| SHA512 | 53785918a49f8c25209c548bee33d175c45ab120e60fedefde473a608e2597e0e776d805821dd60a04c14a1521d79e89d83c9cc1a2eebd1364288faa2b8aa1c1 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Enable Xbox Game Bar.lnk
| MD5 | e5d9329a8de676bdf4900391036b0eac |
| SHA1 | 9926115e6ded438a2c306a62fdefb1bb03f778f3 |
| SHA256 | 01e1ec24957f26938528ed31f08f45467446b1d4a6f149a979fb919a84254205 |
| SHA512 | 5761c6df545e99e1eebeccd8c465916e74bd481a9fad3e4e7ed51539a2867a40e5443ae32b3edbb27c81fe35b2cf4cf96ddfd77113e15a930da0ce1c2f30f189 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn mic on by default when I record.lnk
| MD5 | b08e303d74a5617a8fc01c3a8a0c3918 |
| SHA1 | 063ddba95871fe05719dbbfcbb2f74fc01f3d0f6 |
| SHA256 | 0faed293f8dd026a2604dc82b64cfdb8ecbc1fe72b39712b703fe39052759763 |
| SHA512 | 8fb849e4b6249bbcc348d55581aa67945cb851d8dd205d8e3fb06141c796ac93ffc21ce28dccf95a6c06f584867da2943018612657c2afa6b79c15236e4a16dd |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose a microphone to use with Windows Mixed Reality.lnk
| MD5 | 6fb78b5a5bf9b43168fa8fdb9d8feeb3 |
| SHA1 | e453e4a081c065d7bbc19e8834b0dfb4754c042a |
| SHA256 | b3bc74aee07c2aaefe03bb784fc162112fae1b567579f677f31e4ff6550582a7 |
| SHA512 | 03fa1f7a1deb65ed18208681be52ec277f5e29136fb83b3b8a2091b0d755aed59000d794da9b0cd307c0265053485f939a5984a33308d2904b0b247722c48d06 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change performance optimization in Mixed Reality.lnk
| MD5 | 7ca8b0e33148288e52f92883a4c4ec50 |
| SHA1 | 89a7641d568cd207c4e38df3ed98f81ed65ca380 |
| SHA256 | cac9d9850a1842db9b1bb5617df89c549a699310afec51bb8e1ed8e0c12cd0a6 |
| SHA512 | d5d87ded7b611b0f35ee0e9f5526c20f66a8dfbafaf85967c029091207432a980b533d57be00378d844b339c3d0f46ec37e4bb30fb35c39839a7a9e4f0df315f |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change the primary button on your mouse.lnk
| MD5 | b2ff0bb59c9414a824b489889a6e79db |
| SHA1 | e1f2cc6b554c7ae93cef8a5ba155c9408f0273a8 |
| SHA256 | 35c6addc4eab35000651ea08aaee91a3672a1d159d777bea1feb48b915e4ec55 |
| SHA512 | 607d87c6378ca5b163fb958850654d222809a509caa37ae176a6cc9978f8ba5ab4d5c170b0efcdc8fbc1ee83201fc7554a5609d95662f6f6ebe0af4ae004af84 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Override for default input method.lnk
| MD5 | 51fe8126db6eabf9ad5f2e7ac07d3c59 |
| SHA1 | 9c25f42b535bdcb78d0a46d8414743064c1bd28d |
| SHA256 | 532266a76c611a7553326f041bf327cbf22b3e1b3f60f006603a7cbe4afd80ac |
| SHA512 | 4984d3fd27d8d39c85c63c29c040af0756e92c5a933e79013cb1324e73282fd893dc2f9acdc3a1d31a57f74b16ac8e060f2288104f34faef9a49997982564ae9 |
C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe
| MD5 | bc5118ad146ea4de922e2eace6660751 |
| SHA1 | bf2d9a0baf01bd66b188230770c7eb972001158a |
| SHA256 | 7ffef2e309177d2f454cfc715ecdac4bd12aa6d481613a9e910bcfcf0fe6ba58 |
| SHA512 | aef5b73cb9a34d17c6df3e8f55d7d4aa0193879447b06fd7e0fe323bfd2ab708b71b07c8756a4092608c1761671d3170994479585e92dbd8c95753a4487e1ee8 |
C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe.config
| MD5 | 285a4b35c0f55ed5c23214ae737889a4 |
| SHA1 | cfefb1722158720c9c2b54457af2b351695e29b6 |
| SHA256 | e0ae71b7dc3e1e989d86764fdab0f50f0824d18f05e2cac3043f9f1d0cbfba2e |
| SHA512 | a8529ee2dbe04bfc88fe25bf1990da5603271460a2c8a85e237e1ea113c83196e45e62baecce0e9c774b8be3779c3aff63526e039129c23debc2b21f3ab1c327 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change the language that Windows features appear in.lnk
| MD5 | 2715077bef33f732d2fad42923e798c2 |
| SHA1 | b7e348b0ffadf0f475a612c9ed254197c88f3dee |
| SHA256 | 1d0adfafdd81a177a5a5d21fd5a1f95f8fe3f3010cfc69cebe121babb9be2f4c |
| SHA512 | 829550a3a5a10ac5e7c9200bdb1e21ebe67f0a47766c5dbebecb59aa8165810454c04f88cb163aa5733693100a276d0c2981b94e49d0d32c08ac66d1ba56aea6 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Delete downloaded maps.lnk
| MD5 | 6e24dd8b7cb69ceb610742bddcb7db53 |
| SHA1 | b7d498030388ec222459c7d50545889bf95f3c99 |
| SHA256 | ae34462da7e4d509a9a65661a56fffffb932119d3daadccb41e39b184aac8f55 |
| SHA512 | 78bb5d9823e16bab1b1dddc806e0a8727e4e7b95fcd4588675c1a9824e3144df3ee37a9fcee001c545314e7d5f2b92caf3d448d4f2df9a2fc82f5bdd935e2dd0 |
memory/4080-2255-0x00000000030D0000-0x00000000030DE000-memory.dmp
C:\Program Files (x86)\Stardock\Start11\Stardock.ApplicationServices.dll
| MD5 | 147df3d63306ab94964c8498b6135015 |
| SHA1 | 43165dc6cde38aea8e505eb070702053c7eca222 |
| SHA256 | 420284bfbf6be8ef006d33f9e96bf5415ca17f011ebd381855fce20f466e9607 |
| SHA512 | 23bdb905ac87eedaab84ec06135d984387d6c98d7bbf287700648def79a8693fbd1a5b9ef147b0f73812db17718928d6e65f021b10a7b322f6eced95012a9029 |
memory/4080-2245-0x0000000000FD0000-0x0000000000FE4000-memory.dmp
memory/4080-2283-0x0000000006160000-0x0000000006704000-memory.dmp
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\View configured update policies.lnk
| MD5 | 9cf93947d4e44b556d0b88147a2a9831 |
| SHA1 | 1bf46519c89ee49263aa7e04caede08baad51385 |
| SHA256 | f8d5d49d8614aa4244a83912764099343773ef9e02dc237d77cfb7d66018e544 |
| SHA512 | f20e9df5be5d5b08b9369fb142c6b92abeeadc45cdbf228731dc05299fa0f5d96b2d9e05f56ca7c712cb5644333136150b891580de88ea4d701235c00020059b |
C:\Users\Admin\AppData\Local\Stardock\Start11\SasLog.txt
| MD5 | 2dee5f96ae98b030048835d6319d2d74 |
| SHA1 | 98db43a2c9197a73ce53af041ffcec9e993b32f4 |
| SHA256 | ffacd7c089b882101e591af239633d49c9989f905a9bdb1ce61ec0698f0a0840 |
| SHA512 | dc9399201fac888bdfaa25dafb29c5dd41dd734063988122b3507b730eea14ba95e8b90e3c096a165bb4aec404e04d264c81a663ef623448a270dcdcaf8810d0 |
memory/4080-2338-0x0000000005F30000-0x0000000005FC2000-memory.dmp
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Browse for an account picture.lnk
| MD5 | 10fc16cd6ae8625817e02d00e3b8c550 |
| SHA1 | cbdc9fc0baa71a31b2d96e7c4908537ec436910e |
| SHA256 | 2fe1f8ea6d998d3b3942bf8c17832178489026bcfadcb76d0f751ef081001d55 |
| SHA512 | 06f00fa5a71cd19720be89f1ffc111c459567cbccfefcebe090ad2c1391943997905dc166aa39c479dbf2e9bce111208500117d61d9b4194bda75ab5e7e526bb |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn on light mode systemwide.lnk
| MD5 | 5a59ae0e62448984efebd144d71d437d |
| SHA1 | 91cd1d92de061f7e72164c07d59f1a236cec351b |
| SHA256 | 3b35843502593a482afa674bd954e5fb0352865a6b9811dfaaf49be47e4c8939 |
| SHA512 | 377415e8bdaeec4d28827f229970015d3737f2d20b451c2e5bb297070e7b39154a6ddb6edc41019a67d9cf39e1c1b8da058c66b424de143325ed7c3e61b50e33 |
memory/4080-2372-0x0000000005FD0000-0x0000000005FDA000-memory.dmp
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose an app to display detailed status.lnk
| MD5 | 53747d82c1f03cb936ab30fced4f93a7 |
| SHA1 | 1975a49a154fb0ae99be74241f9b4584f7be5320 |
| SHA256 | 18b4b95fcc292763451b15f2a72da3db81cba8124d28aeffb3b3850f6e961a5f |
| SHA512 | bc9b4e89d6f75b730b7354fec60d011acbc967d1f689299a081e6e26189124b5e7249590aefa1b7f641ea772b7c6e1b9489dbb86c215a7514723611b212bcd91 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Add a printer or scanner.lnk
| MD5 | 12bf1b4e8ec0463a76ab408c985fecd8 |
| SHA1 | f572d7ab412d2805a616d61abf3565c4b34df6c5 |
| SHA256 | 45f0a27c140a58ade1aaf5870f13fefed506114e4fe74b9080baee6c1cb10fa1 |
| SHA512 | 4e57866c51c7b6da19fb4d8c721341d998895f67bf9ffd1d66aca2dc1c5328e3ccd34597b8be8c734eda9433150fd284bd135ec2a582ba3ff814ced1e9917708 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Clear activity history.lnk
| MD5 | 0d5176f48dd5813063d9bbe114a71fd8 |
| SHA1 | 0de79e88157bb17753bd1d369ba3b4ea253cd286 |
| SHA256 | d24d2e32642122f2453f78060aa3f626f323696f172ed53a14ce6558efaabb41 |
| SHA512 | 9fdc671e24fb975624a2f1e9e6d76f64c1d2eb9b9ebf91204742b1e95638d203de858ace79434f824e88f65e4060ed43cdc92f097a54c677539d7780781d0ace |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off suggested content in the Settings app.lnk
| MD5 | fdd990c548e7d4a029dfc9ce5d20416e |
| SHA1 | 1c9a977791eb0804411dde27325094ae25427c43 |
| SHA256 | a633484cc74a4fa0287301a1543d837d6b8dc5488bfaa7dfd6739a2ec0503dd0 |
| SHA512 | 5815c806e1e0fcaa9531d46d62e5caaf0749dd8e8691dd215e55a62a1c6382b23c07830e8b53977f3bdb1faca6babc29348033972e704b8d1e7d759468905863 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Improve inking & typing recognition.lnk
| MD5 | 7954ab541d5a2bf90709c332f849ad27 |
| SHA1 | 3c81afc24c478beaf49ef861d5301d8f0bd258c2 |
| SHA256 | 707066b9be4eced17b2ffddb0f735d022fec20a8b82ebbcda360b111a4cd83a3 |
| SHA512 | bf1220d80de22a6e91afb8dd907051418e286e1e005ae6936ab24dbde8cb2cfce694459c44616b6920bf5ddcc66cf90654462d0dc6a4c53e04a34fb363d00b6f |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Set default location.lnk
| MD5 | d8181d26525f364b0da4f77be4cc8a4c |
| SHA1 | 1167ee60b9d865928ae8c2a0262f72b8c0536c56 |
| SHA256 | 84b5c52b16798a4e5a07fc981f65bf9844201cba52809ceb76922060552457ca |
| SHA512 | 488b19876df940273d6656090109193589345eef86dca2cc255e0887568a64c5793e24d7f2a2df13f900979b4275f5082fd666ee49e9e46b5ebb1df069fc8715 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Require authentication to access the proxy.lnk
| MD5 | 1bcd2f0032a24b5e1f0869026480639e |
| SHA1 | 17ea1b536bc38429f4d82ccab7d228ac7b764dad |
| SHA256 | 41529bfeb1ab800692054778e488eba80174560e4b806d63a944021591a8eb9d |
| SHA512 | a3bfdf0ff611aca1a4b98ca68bf05ec44c8996b1523a75302a4f0f013f4e5ff6d8b8e9d4c8915f61b7754cdc8e956efc9b68eff1d7a87d479f312a02fd21184c |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Turn off typing history.lnk
| MD5 | 166a28149111b7662029162678a35dda |
| SHA1 | 8d1ee3ea22c984eaacf05cb6fc8320d706f087b3 |
| SHA256 | 8e8808899deed64daebd9fa01a3837d1553620d39e4c100af0f5fdcc88fe8aa0 |
| SHA512 | e63310a3f1a3cf6a09ee1dd90788ada6e87c96daf9df55f9a1b582ce3be98135211cfe2045c79e3b713f987a76e5acd577494002f6520f3dbfda9b1f801cca55 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose which apps can run in the background.lnk
| MD5 | 8d18860d830bff9cd35d0a2d3cae2357 |
| SHA1 | 63fc228046b0cc010afff865da188b51f1744c6f |
| SHA256 | 36f41a8a42b0022a2da50b18fef87c7774d12279175329998df68bc1575d0b8d |
| SHA512 | 6fbb05b8841c4414fb05b4a7f5e34e8f9a602985859a7075d87c6fef76a214e0a4c113ec169488e51447c5d7032b3caeffc1ccdbffe0bf8d7dc6df42b22e6af6 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Select users that can remotely access this PC.lnk
| MD5 | 57f0c45ecda31caa14e5d9ab08188930 |
| SHA1 | 825ccccb919a81983dd6b29a6830c4f6ac4b72a9 |
| SHA256 | a87faa1f539bc95c0eec8a8c927e8e51aaa8fe5adcb6ff5b9764105d94f3e67d |
| SHA512 | 3363254803f17db1546cf4f8c462843ee3af51ece4035fdf7ae2b27b263df0c007f9d0fc4b759ce48bee6730b660c84d5c49c5d4c58016da84f9f286ca05aa9d |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Set regional format.lnk
| MD5 | de141092b0ddcd227fc6f8b2d35e9232 |
| SHA1 | 73d8179a363fa52bfb38e97e0c5e877ede0a06bf |
| SHA256 | 63f48cca8a52e6fd09e93133914584530703a813dcf0130cbb5e2ab1fc48c1f8 |
| SHA512 | eaa3636eecc91fba14d1741e9889c5e4cf2880ca89bc6833cf7e0419d7183a89f51cded11935ee693fdef0ceaff4736fd0d358e07d67f909dec4627820a2e7bb |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Show me a summary of what I missed while focus assist was on.lnk
| MD5 | 0c4f9717006df0858728e262efec701b |
| SHA1 | 37bb51977036e53a0a5dc0afa0d3e9796ef7fc79 |
| SHA256 | 509a1fab59eca5c703b7fb65f7e9c3829691872da4ea8191c883b751f74fa2d4 |
| SHA512 | 10c7cd0c306350a826771982e05fc59896ed8875803369b2d9c49b4addb83fdb1b6a0685bc0acdc12a8d9850739db188e754d2dc94c40bc8ed6d022b4f9989bf |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Show more tiles on Start.lnk
| MD5 | fcab013f6bdd5e3f8a22eda1e334bbe4 |
| SHA1 | 53bee0a64891b74c4d5ee54bb908ca71f142738e |
| SHA256 | bb98950a8db7620b6893ff47d8abb3383e6bff5f7b864030b5be523ee0d6e749 |
| SHA512 | 894e86c4c42c72421848794a11ff22e8e3da78b00a2f93759b8b6f42a8d19fc1120e337c50443c755ae6d6fdcb543ad257edd8a421fc4a3c4bcffd43fda95a02 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Add an optional feature.lnk
| MD5 | 46d99691f9a8cf2d9aab3f6247a92f89 |
| SHA1 | 3e0620c185cbc1b744252084a8846728dcc46d12 |
| SHA256 | 8825e46a2aa72c0721b7f0cb900dace4ad54fd0a6ae228718be82998d19e6625 |
| SHA512 | 1bd1f23ebf15ad6660494b8f35198a40685c534675e361c6ac370c1733acf5a3d3a87c9ccc93280356f99dabb9f70c8568a98cfa2ab2ba1f3b0fbdc9457399a3 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change how Storage Sense frees up space.lnk
| MD5 | 4ac23194e163c28de544269ee26b0f81 |
| SHA1 | 114e948101eb5eac8a36d95d04c20499ef323d4d |
| SHA256 | ad6ae40342a1c2ee2a54ebb97c66572a203fd7b567e40258211640d89211a401 |
| SHA512 | 7d2dd49714a8e7c0370ff2c1e958746e2661666e1b94d112a507af80c56d89ba3f969fc4cbc3ccf185ef62fda39ab73c6b4c8d60118354a6fc59760e8d8218d2 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose if settings are synced on this PC.lnk
| MD5 | 349fd4f91ed3a3467efa121b49ded61a |
| SHA1 | db183d357c430a0e479d979e02149c89be0f0068 |
| SHA256 | 40edabd5bbc7f9dfe21ad820ee0b279961ea1c2af1829f8a045e009c0d19d185 |
| SHA512 | ba19ce6581a8fa9b3fa472208b430d92ba46c8244346409a06da03a3eac23b9416eeb52653f07c26fcbc228d45acbea7feae077b6f4bd906b358e2bb19ea86cd |
memory/4080-2616-0x0000000009360000-0x0000000009B06000-memory.dmp
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Available Recommended troubleshooting.lnk
| MD5 | c0e5637d335b5266762d88456696330c |
| SHA1 | a84a55274902aa08a2dea92fb7c7ead742459dd4 |
| SHA256 | 162ff2d7a3e97fc2aa22a3b57ba846484e11beb377efef186e5f5434b73b2ee0 |
| SHA512 | 0b028e8d629ddc9ed07e0077a07afb83650f1f07bc70632c6578ccd6311f893a8981413c7d51408f87460c80a9b7df12c4e187d47a8dcbc3b605f1178dd2bc7f |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Ask me when PCs try to connect to my mobile device using USB.lnk
| MD5 | b94a556d5065aeb5c7057f7d78a2dd3e |
| SHA1 | d221a7e5d9c4012913e7d1562aea74433e54b09c |
| SHA256 | 93a8717f8ef823ed85479b8d6d5a40ea20648cce102c6c0b19d92be29b34f25c |
| SHA512 | 6d5070c6411f8c8b1fa245144609b635bca1e31562a7678acee709d7ef53895b922e4f9dca7545f47ab6f806cfc984345d779ede04a2cd40882c5bd3758683f7 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Choose an account for assigned access.lnk
| MD5 | 930cf8ac9eef9fc946d1a3ed5ec8afca |
| SHA1 | 21c45c955c9c50d15024fbde392aef468cc68a3c |
| SHA256 | d817e91ff51b9145c068fc4e7dd956b4bcc274df00493f452746f6ace5217fd7 |
| SHA512 | 7dd0a4466f0f92643579d9006d99586ef852ded4c25f4d03676b11316d7b60606386979fe13ed183b37e278d4e6991716cf8c2b035d86af835f3c46c6614341b |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Change the sign-in requirements.lnk
| MD5 | c0b13045167ec82a13121f26192adc0b |
| SHA1 | 099af31565cebe8f302d2c20b65dfbbb75f7b075 |
| SHA256 | d3d18767b644f459d5c47ea3afdaa49ff1f3c5552107314ece09f15c1fedeb69 |
| SHA512 | bac1bed21250c5f37ce26350f69dc9b03069d95c88ece7ff99e8ba82f18702b35c216766b8797fc5f721b387a32850a6ed4de5b3b31f9798e1e703c2a909988c |
memory/4080-2655-0x0000000009B10000-0x000000000A03C000-memory.dmp
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Play streaming video at a lower resolution.lnk
| MD5 | a162ac77c4825eac5f7ca1f91a4be16f |
| SHA1 | f00efacaf494e5cde0df1db0539590c4d379aa73 |
| SHA256 | cb9ef162b1cad3b35aac2c8d354181b0339589b7fd6c1410760cf2d15679d75f |
| SHA512 | 39869d2914916379381673f812991ebba183b5067a6fc0ba2f5e280b699cafba9e8b819adc2f0e966020f9c259c4ab3cf85c2ac44bed24aa08771125e46256fd |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Add a VPN connection.lnk
| MD5 | bee64eccd3288a549f77a6ffb8bca78a |
| SHA1 | b11fe2fbfb4e0714b7e10013b6d5c199bdd8b797 |
| SHA256 | a653dbad94805c252bf45be97dbb3505f61de1881e79e5e8ed549860ba793d6a |
| SHA512 | 271b2a4715f413a250b6d02fdbb52213190004289d523eaa84e4ed353ca44a0b1ae1a14c40d49f7431ba42dfefdae9b0477df87513afe33ab224724037c9b6e3 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Allow your organization to manage your PC.lnk
| MD5 | 495deb11a42c2e90842c2b5f027c4c93 |
| SHA1 | 7ff1f2e036fcaa403736dbb18e36cf7edf5545f8 |
| SHA256 | 5ec4b3c5fe6fa57cd3f4817bf852cf42a0feed3d18909c4e5c378676510d87b1 |
| SHA512 | 39d97baab22f4256fa0a71a5092c9a53b52501d09b3888f23806ea4b162e6ead7f3be7a665e60c61ba55c19208b5ece4fe8a044d3322adc343b09a3734f71435 |
C:\Users\Admin\AppData\Local\Stardock\Start10Ctrlpnl\Set up an account for taking tests.lnk
| MD5 | 16cb3d8f84d58ac8cac52715b9ec70dd |
| SHA1 | cddb11b8a87ae3251f4ac9dc9375d81a914f111c |
| SHA256 | 9bbf57193ccd65479e848c4ba96240bdfde3eef1c062b96e389b2f076b1dd9ea |
| SHA512 | 3f624c5a52ccd1018b8568aff9a3734efcc910dc0acf90758b40aef9bdfba9fbb83a3e29e7d441ae80f4bf9d1900dd564f432aa38f857b9e3cc8b4283df64137 |
memory/2424-2709-0x0000000000990000-0x0000000000D78000-memory.dmp