File name:

Stardock_Fences.exe

Full analysis: https://app.any.run/tasks/935a1db1-6a39-4dd5-9c5c-2a7c08498fe6
Verdict: Malicious activity
Analysis date: September 14, 2024, 16:30:24
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

83459F4CAA5D31D377073406C52F4C76

SHA1:

185DEE20391BE05CE9E76107B65AF82F2D0F96E8

SHA256:

15885C960EB9AA456888CD7A54C717D04FDC4EBD391525FBA1105C1D2AB38FC4

SSDEEP:

98304:p4+bUeo1UxSz3lLMG/SiPDkNqLmdcm1xmy258+riIR6lT6wo4aRVDLNUwTyYqr/n:8zfM4EolN+lHbC+NLSEHSLrv2Tx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Adds path to the Windows Defender exclusion list

      • Stardock_Fences.tmp (PID: 5152)
      • cmd.exe (PID: 6596)

    • Changes the autorun value in the registry

      • Stardock_Fences.tmp (PID: 5152)
      • Fences.exe (PID: 6308)

    • Registers / Runs the DLL via REGSVR32.EXE

      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Stardock_Fences.tmp (PID: 5700)
      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 4056)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 488)
      • Fences.exe (PID: 6156)
      • Fences.exe (PID: 2876)

    • Executable content was dropped or overwritten

      • Stardock_Fences.exe (PID: 508)
      • Stardock_Fences.exe (PID: 252)
      • Stardock_Fences.tmp (PID: 5152)
      • mscorsvw.exe (PID: 5172)
      • mscorsvw.exe (PID: 6644)
      • mscorsvw.exe (PID: 6004)
      • mscorsvw.exe (PID: 4672)
      • mscorsvw.exe (PID: 1688)
      • mscorsvw.exe (PID: 5944)
      • mscorsvw.exe (PID: 4688)
      • mscorsvw.exe (PID: 6316)
      • mscorsvw.exe (PID: 6592)
      • mscorsvw.exe (PID: 1640)
      • mscorsvw.exe (PID: 2660)
      • mscorsvw.exe (PID: 4132)
      • mscorsvw.exe (PID: 6964)
      • mscorsvw.exe (PID: 6204)
      • mscorsvw.exe (PID: 5692)
      • mscorsvw.exe (PID: 1764)
      • mscorsvw.exe (PID: 7156)
      • mscorsvw.exe (PID: 5072)
      • mscorsvw.exe (PID: 2056)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 5064)
      • mscorsvw.exe (PID: 736)
      • mscorsvw.exe (PID: 1404)
      • mscorsvw.exe (PID: 1044)
      • mscorsvw.exe (PID: 4132)
      • mscorsvw.exe (PID: 2480)
      • mscorsvw.exe (PID: 6480)
      • mscorsvw.exe (PID: 6284)
      • mscorsvw.exe (PID: 6692)
      • mscorsvw.exe (PID: 1688)
      • mscorsvw.exe (PID: 6172)
      • mscorsvw.exe (PID: 3308)
      • mscorsvw.exe (PID: 6996)
      • mscorsvw.exe (PID: 788)
      • mscorsvw.exe (PID: 2056)
      • mscorsvw.exe (PID: 3328)
      • mscorsvw.exe (PID: 4084)
      • mscorsvw.exe (PID: 6292)
      • mscorsvw.exe (PID: 6148)
      • mscorsvw.exe (PID: 6672)
      • mscorsvw.exe (PID: 5940)
      • mscorsvw.exe (PID: 1224)
      • mscorsvw.exe (PID: 4880)
      • mscorsvw.exe (PID: 2724)
      • mscorsvw.exe (PID: 6692)
      • mscorsvw.exe (PID: 6628)
      • mscorsvw.exe (PID: 4688)
      • mscorsvw.exe (PID: 3268)
      • mscorsvw.exe (PID: 6692)
      • mscorsvw.exe (PID: 4132)

    • Searches for installed software

      • Stardock_Fences.tmp (PID: 5152)
      • reg.exe (PID: 936)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 6596)

    • Starts CMD.EXE for commands execution

      • Stardock_Fences.tmp (PID: 5152)

    • Script adds exclusion path to Windows Defender

      • cmd.exe (PID: 6596)

    • The process hide an interactive prompt from the user

      • cmd.exe (PID: 6596)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 3268)

    • Creates a software uninstall entry

      • reg.exe (PID: 936)

    • Reads the date of Windows installation

      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 2876)

    • Application launched itself

      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 6308)
      • rundll32.exe (PID: 6372)
      • rundll32.exe (PID: 3908)
      • Fences.exe (PID: 5940)
      • Fences.exe (PID: 4680)

    • Creates/Modifies COM task schedule object

      • Stardock_Fences.tmp (PID: 5152)
      • regsvr32.exe (PID: 1332)
      • regsvr32.exe (PID: 2128)

    • Uses ICACLS.EXE to modify access control lists

      • Fences.exe (PID: 4056)
      • Fences.exe (PID: 6216)

    • The process executes via Task Scheduler

      • rundll32.exe (PID: 3908)
      • rundll32.exe (PID: 6372)

    • Uses RUNDLL32.EXE to load library

      • rundll32.exe (PID: 6372)
      • Fences.exe (PID: 2876)
      • rundll32.exe (PID: 3908)

    • There is functionality for taking screenshot (YARA)

      • Fences.exe (PID: 488)

  • INFO

    • Process checks computer location settings

      • Stardock_Fences.tmp (PID: 5700)
      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 2876)

    • Reads the computer name

      • Stardock_Fences.tmp (PID: 5700)
      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 4056)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 488)
      • ngen.exe (PID: 6596)
      • Fences.exe (PID: 6156)
      • Fences.exe (PID: 2876)
      • mscorsvw.exe (PID: 4688)

    • Checks supported languages

      • Stardock_Fences.exe (PID: 508)
      • Stardock_Fences.tmp (PID: 5700)
      • Stardock_Fences.exe (PID: 252)
      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 4056)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 1164)
      • DeElevate64.exe (PID: 6516)
      • Fences.exe (PID: 488)
      • Fences.exe (PID: 6156)
      • Fences.exe (PID: 2876)
      • ngen.exe (PID: 6596)
      • mscorsvw.exe (PID: 4688)

    • Create files in a temporary directory

      • Stardock_Fences.exe (PID: 508)
      • Stardock_Fences.exe (PID: 252)
      • Stardock_Fences.tmp (PID: 5152)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 6168)

    • Creates a software uninstall entry

      • Stardock_Fences.tmp (PID: 5152)

    • Creates files or folders in the user directory

      • Fences.exe (PID: 4392)

    • Sends debugging messages

      • Fences.exe (PID: 4392)
      • regsvr32.exe (PID: 1332)
      • regsvr32.exe (PID: 736)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 4056)
      • regsvr32.exe (PID: 2128)
      • regsvr32.exe (PID: 6996)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 488)
      • Fences.exe (PID: 6156)
      • rundll32.exe (PID: 6732)

    • The process uses the downloaded file

      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 2876)

    • Creates files in the program directory

      • Stardock_Fences.tmp (PID: 5152)

    • Reads the machine GUID from the registry

      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)
      • mscorsvw.exe (PID: 4688)

    • Manual execution by a user

      • Fences.exe (PID: 5940)
      • Fences.exe (PID: 2480)
      • rundll32.exe (PID: 5276)
      • Fences.exe (PID: 4680)
      • Fences.exe (PID: 1640)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (81.5)
.exe | Win32 Executable Delphi generic (10.5)
.exe | Win32 Executable (generic) (3.3)
.exe | Win16/32 Executable Delphi generic (1.5)
.exe | Generic Win/DOS Executable (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:03:05 15:20:43+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 100352
InitializedDataSize: 118272
UninitializedDataSize: -
EntryPoint: 0x19974
OSVersion: 5.1
ImageVersion: 6
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 5.8.3.4
ProductVersionNumber: 5.8.3.4
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Stardock Software, Inc.
FileDescription: Stardock Fences Setup
FileVersion: 5.8.3.4.0
LegalCopyright:
OriginalFileName:
ProductName: Stardock Fences
ProductVersion: 5.8.3.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
223
Monitored processes
99
Malicious processes
6
Suspicious processes
4

Behavior graph

Click at the process to see the details
start stardock_fences.exe stardock_fences.tmp no specs stardock_fences.exe stardock_fences.tmp cmd.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs fences.exe fences.exe icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs regsvr32.exe regsvr32.exe fences.exe regsvr32.exe regsvr32.exe fences.exe deelevate64.exe no specs THREAT fences.exe fences.exe ngen.exe no specs rundll32.exe no specs fences.exe no specs rundll32.exe no specs conhost.exe no specs rundll32.exe no specs mscorsvw.exe no specs rundll32.exe rundll32.exe no specs rundll32.exe no specs fences.exe no specs fences.exe no specs fences.exe no specs fences.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs fences.exe no specs fences.exe no specs fences.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe fences.exe no specs mscorsvw.exe fences.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe fences.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe

Process information

PID
CMD
Path
Indicators
Parent process
252"C:\Users\admin\AppData\Local\Temp\Stardock_Fences.exe" /SPAWNWND=$12039E /NOTIFYWND=$150050 C:\Users\admin\AppData\Local\Temp\Stardock_Fences.exe
Stardock_Fences.tmp
User:
admin
Company:
Stardock Software, Inc.
Integrity Level:
HIGH
Description:
Stardock Fences Setup
Exit code:
0
Version:
5.8.3.4.0
Modules
Images
c:\users\admin\appdata\local\temp\stardock_fences.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
488"C:\Program Files (x86)\Stardock\Fences\Fences.exe" C:\Program Files (x86)\Stardock\Fences\Fences.exe
Fences.exe
User:
admin
Company:
Stardock Corporation
Integrity Level:
HIGH
Description:
Fences Settings
Version:
5.8.3.4
Modules
Images
c:\program files (x86)\stardock\fences\fences.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
508"C:\Users\admin\AppData\Local\Temp\Stardock_Fences.exe" C:\Users\admin\AppData\Local\Temp\Stardock_Fences.exe
explorer.exe
User:
admin
Company:
Stardock Software, Inc.
Integrity Level:
MEDIUM
Description:
Stardock Fences Setup
Exit code:
0
Version:
5.8.3.4.0
Modules
Images
c:\users\admin\appdata\local\temp\stardock_fences.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
736"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\Stardock\Fences\DesktopDock64.dll"C:\Windows\System32\regsvr32.exe
Fences.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
736C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 348 -Pipe 35c -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
788\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeicacls.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
788C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 308 -Pipe 3bc -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
936reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1" /v UninstallString /t REG_SZ /d "\"C:\WINDOWS\Installer\Stardock Fences\unins000.exe\"" /fC:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1044C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 0 -NGENProcess 340 -Pipe 3d8 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
1164"C:\Program Files (x86)\Stardock\Fences\Fences.exe" /FromDesktopC:\Program Files (x86)\Stardock\Fences\Fences.exe
Stardock_Fences.tmp
User:
admin
Company:
Stardock Corporation
Integrity Level:
HIGH
Description:
Fences Settings
Exit code:
0
Version:
5.8.3.4
Modules
Images
c:\program files (x86)\stardock\fences\fences.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
8 330
Read events
8 216
Write events
68
Delete events
46

Modification events

(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.0.5 (u)
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\Stardock\Fences
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Stardock\Fences\
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Stardock Fences
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:Inno Setup: Language
Value:
ENG
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:DisplayName
Value:
Stardock Fences 5.8.3.4
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\Stardock\Fences\Fences.exe
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:UninstallString
Value:
"C:\WINDOWS\Installer\Stardock Fences\unins000.exe"
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:QuietUninstallString
Value:
"C:\WINDOWS\Installer\Stardock Fences\unins000.exe" /SILENT
Executable files
177
Suspicious files
117
Text files
245
Unknown types
4

Dropped files

PID
Process
Filename
Type
5152Stardock_Fences.tmpC:\Users\admin\AppData\Local\Temp\is-27UKI.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
508Stardock_Fences.exeC:\Users\admin\AppData\Local\Temp\is-7MIGJ.tmp\Stardock_Fences.tmpexecutable
MD5:F120C94EE73B4A44303BF647B8A495E1
SHA256:1900DA659E13411F7F8BB68057FF454A80822745E1DAF71B809D8031A8FDAC21
5152Stardock_Fences.tmpC:\Users\admin\AppData\Local\Temp\is-27UKI.tmp\_isetup\_iscrypt.dllexecutable
MD5:A69559718AB506675E907FE49DEB71E9
SHA256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
5152Stardock_Fences.tmpC:\Windows\Installer\Stardock Fences\is-T07S6.tmpexecutable
MD5:63D47407B787EC49CDA9DF9B64ED36F1
SHA256:9710421E58672425C090E83770D97D4CD568AE5A1230B7B8DC6F387465A7C03F
5152Stardock_Fences.tmpC:\Users\admin\AppData\Local\Temp\is-27UKI.tmp\Icon_standart_portable.pngimage
MD5:D3CBB1D020E1AEA71D5277645C9DB56E
SHA256:C432E09D52DED75C57EDC8B3AC4ADC34219605384E0FE9DFDDD7550137D8E8AD
6168powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractivebinary
MD5:7D34B9C711BA044C06E25528E6D5F7D6
SHA256:477E5D2C817AB73F17F1C90BAD44945CF269589704ECD91EE37E169A82CE026D
5152Stardock_Fences.tmpC:\Users\admin\AppData\Local\Temp\is-27UKI.tmp\Icon_telegram.pngimage
MD5:F2E6B557DBED664214A523767A15F07F
SHA256:0370D9CA570FD28F8AE167B69821ABAF2A7EB13C3559E0EAFFE4B253C9D7020E
5152Stardock_Fences.tmpC:\Users\admin\AppData\Local\Temp\is-27UKI.tmp\Icon_msg.pngimage
MD5:6DE58BD6AF32D0F0D0F10FF5EDDFAD9F
SHA256:2040ED1F9FA694758A52EDB76C697AA1D4052E0D4B10638BE3D2D58CDC74FF05
6168powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_qp25izji.2b2.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
5152Stardock_Fences.tmpC:\Users\admin\AppData\Local\Temp\is-27UKI.tmp\botva2.dllexecutable
MD5:EF899FA243C07B7B82B3A45F6EC36771
SHA256:DA7D0368712EE419952EB2640A65A7F24E39FB7872442ED4D2EE847EC4CFDE77
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
20
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1944
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3324
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
3324
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAKSYfpIaxYQcTpMuex%2BbEI%3D
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3324
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
7128
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
3260
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1944
svchost.exe
40.126.32.138:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1944
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
7128
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.142
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 40.126.32.138
  • 40.126.32.72
  • 40.126.32.68
  • 40.126.32.133
  • 40.126.32.136
  • 20.190.160.17
  • 40.126.32.140
  • 20.190.160.14
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted

Threats

No threats detected
Process
Message
Fences.exe
Skip locking file License_SAS.txt
Fences.exe
Skip locking file eula.txt
Fences.exe
Skip locking file patch_register.cmd
Fences.exe
Skip locking file patch_unregister.cmd
Fences.exe
Skip locking file Readme.txt
Fences.exe
Skip locking file Readme.txt
Fences.exe
Skip locking file eula.txt
Fences.exe
Skip locking file License_SAS.txt
Fences.exe
Skip locking file patch_register.cmd
Fences.exe
Skip locking file patch_unregister.cmd
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Stardock_Fences.exe