File name:

Stardock_Fences.exe

Full analysis: https://app.any.run/tasks/935a1db1-6a39-4dd5-9c5c-2a7c08498fe6
Verdict: Malicious activity
Analysis date: September 14, 2024, 16:30:24
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

83459F4CAA5D31D377073406C52F4C76

SHA1:

185DEE20391BE05CE9E76107B65AF82F2D0F96E8

SHA256:

15885C960EB9AA456888CD7A54C717D04FDC4EBD391525FBA1105C1D2AB38FC4

SSDEEP:

98304:p4+bUeo1UxSz3lLMG/SiPDkNqLmdcm1xmy258+riIR6lT6wo4aRVDLNUwTyYqr/n:8zfM4EolN+lHbC+NLSEHSLrv2Tx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Adds path to the Windows Defender exclusion list

      • Stardock_Fences.tmp (PID: 5152)
      • cmd.exe (PID: 6596)

    • Changes the autorun value in the registry

      • Stardock_Fences.tmp (PID: 5152)
      • Fences.exe (PID: 6308)

    • Registers / Runs the DLL via REGSVR32.EXE

      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Stardock_Fences.tmp (PID: 5700)
      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 4056)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 488)
      • Fences.exe (PID: 6156)
      • Fences.exe (PID: 2876)

    • Executable content was dropped or overwritten

      • Stardock_Fences.exe (PID: 508)
      • Stardock_Fences.exe (PID: 252)
      • Stardock_Fences.tmp (PID: 5152)
      • mscorsvw.exe (PID: 6316)
      • mscorsvw.exe (PID: 6004)
      • mscorsvw.exe (PID: 6644)
      • mscorsvw.exe (PID: 5692)
      • mscorsvw.exe (PID: 4672)
      • mscorsvw.exe (PID: 5172)
      • mscorsvw.exe (PID: 2660)
      • mscorsvw.exe (PID: 1688)
      • mscorsvw.exe (PID: 6592)
      • mscorsvw.exe (PID: 1764)
      • mscorsvw.exe (PID: 5072)
      • mscorsvw.exe (PID: 3328)
      • mscorsvw.exe (PID: 2056)
      • mscorsvw.exe (PID: 5064)
      • mscorsvw.exe (PID: 1404)
      • mscorsvw.exe (PID: 736)
      • mscorsvw.exe (PID: 2480)
      • mscorsvw.exe (PID: 4132)
      • mscorsvw.exe (PID: 6204)
      • mscorsvw.exe (PID: 6480)
      • mscorsvw.exe (PID: 6284)
      • mscorsvw.exe (PID: 6692)
      • mscorsvw.exe (PID: 1688)
      • mscorsvw.exe (PID: 3308)
      • mscorsvw.exe (PID: 6172)
      • mscorsvw.exe (PID: 1044)
      • mscorsvw.exe (PID: 788)
      • mscorsvw.exe (PID: 6996)
      • mscorsvw.exe (PID: 4132)
      • mscorsvw.exe (PID: 6692)
      • mscorsvw.exe (PID: 2724)
      • mscorsvw.exe (PID: 6292)
      • mscorsvw.exe (PID: 1224)
      • mscorsvw.exe (PID: 4880)
      • mscorsvw.exe (PID: 6628)
      • mscorsvw.exe (PID: 1640)
      • mscorsvw.exe (PID: 4688)
      • mscorsvw.exe (PID: 4132)
      • mscorsvw.exe (PID: 6964)
      • mscorsvw.exe (PID: 7156)
      • mscorsvw.exe (PID: 5944)
      • mscorsvw.exe (PID: 6968)
      • mscorsvw.exe (PID: 4084)
      • mscorsvw.exe (PID: 2056)
      • mscorsvw.exe (PID: 6672)
      • mscorsvw.exe (PID: 6692)
      • mscorsvw.exe (PID: 5940)
      • mscorsvw.exe (PID: 6148)
      • mscorsvw.exe (PID: 4688)
      • mscorsvw.exe (PID: 3268)

    • Searches for installed software

      • Stardock_Fences.tmp (PID: 5152)
      • reg.exe (PID: 936)

    • Starts CMD.EXE for commands execution

      • Stardock_Fences.tmp (PID: 5152)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 6596)

    • The process hide an interactive prompt from the user

      • cmd.exe (PID: 6596)

    • Script adds exclusion path to Windows Defender

      • cmd.exe (PID: 6596)

    • Creates/Modifies COM task schedule object

      • Stardock_Fences.tmp (PID: 5152)
      • regsvr32.exe (PID: 1332)
      • regsvr32.exe (PID: 2128)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 3268)

    • Creates a software uninstall entry

      • reg.exe (PID: 936)

    • Application launched itself

      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 6308)
      • rundll32.exe (PID: 6372)
      • rundll32.exe (PID: 3908)
      • Fences.exe (PID: 5940)
      • Fences.exe (PID: 4680)

    • Reads the date of Windows installation

      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 2876)

    • Uses ICACLS.EXE to modify access control lists

      • Fences.exe (PID: 4056)
      • Fences.exe (PID: 6216)

    • The process executes via Task Scheduler

      • rundll32.exe (PID: 3908)
      • rundll32.exe (PID: 6372)

    • Uses RUNDLL32.EXE to load library

      • Fences.exe (PID: 2876)
      • rundll32.exe (PID: 6372)
      • rundll32.exe (PID: 3908)

    • There is functionality for taking screenshot (YARA)

      • Fences.exe (PID: 488)

  • INFO

    • Checks supported languages

      • Stardock_Fences.exe (PID: 252)
      • Stardock_Fences.exe (PID: 508)
      • Stardock_Fences.tmp (PID: 5700)
      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 4056)
      • Fences.exe (PID: 6308)
      • DeElevate64.exe (PID: 6516)
      • Fences.exe (PID: 488)
      • Fences.exe (PID: 6156)
      • Fences.exe (PID: 1164)
      • ngen.exe (PID: 6596)
      • mscorsvw.exe (PID: 4688)
      • Fences.exe (PID: 2876)

    • Process checks computer location settings

      • Stardock_Fences.tmp (PID: 5700)
      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 2876)

    • Reads the computer name

      • Stardock_Fences.tmp (PID: 5700)
      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 4056)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 488)
      • Fences.exe (PID: 6156)
      • Fences.exe (PID: 2876)
      • ngen.exe (PID: 6596)
      • mscorsvw.exe (PID: 4688)

    • Create files in a temporary directory

      • Stardock_Fences.exe (PID: 508)
      • Stardock_Fences.exe (PID: 252)
      • Stardock_Fences.tmp (PID: 5152)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 6168)

    • Sends debugging messages

      • Fences.exe (PID: 4056)
      • Fences.exe (PID: 4392)
      • regsvr32.exe (PID: 1332)
      • regsvr32.exe (PID: 736)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 488)
      • regsvr32.exe (PID: 2128)
      • regsvr32.exe (PID: 6996)
      • Fences.exe (PID: 6156)
      • rundll32.exe (PID: 6732)

    • Creates files or folders in the user directory

      • Fences.exe (PID: 4392)

    • The process uses the downloaded file

      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)
      • Fences.exe (PID: 1164)
      • Fences.exe (PID: 2876)

    • Creates files in the program directory

      • Stardock_Fences.tmp (PID: 5152)

    • Creates a software uninstall entry

      • Stardock_Fences.tmp (PID: 5152)

    • Reads the machine GUID from the registry

      • Fences.exe (PID: 4392)
      • Fences.exe (PID: 6308)
      • mscorsvw.exe (PID: 4688)

    • Manual execution by a user

      • rundll32.exe (PID: 5276)
      • Fences.exe (PID: 5940)
      • Fences.exe (PID: 2480)
      • Fences.exe (PID: 4680)
      • Fences.exe (PID: 1640)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (81.5)
.exe | Win32 Executable Delphi generic (10.5)
.exe | Win32 Executable (generic) (3.3)
.exe | Win16/32 Executable Delphi generic (1.5)
.exe | Generic Win/DOS Executable (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:03:05 15:20:43+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 100352
InitializedDataSize: 118272
UninitializedDataSize: -
EntryPoint: 0x19974
OSVersion: 5.1
ImageVersion: 6
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 5.8.3.4
ProductVersionNumber: 5.8.3.4
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Stardock Software, Inc.
FileDescription: Stardock Fences Setup
FileVersion: 5.8.3.4.0
LegalCopyright:
OriginalFileName:
ProductName: Stardock Fences
ProductVersion: 5.8.3.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
223
Monitored processes
99
Malicious processes
6
Suspicious processes
4

Behavior graph

Click at the process to see the details
start stardock_fences.exe stardock_fences.tmp no specs stardock_fences.exe stardock_fences.tmp cmd.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs fences.exe fences.exe icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs regsvr32.exe regsvr32.exe fences.exe regsvr32.exe regsvr32.exe fences.exe deelevate64.exe no specs THREAT fences.exe fences.exe ngen.exe no specs rundll32.exe no specs fences.exe no specs rundll32.exe no specs conhost.exe no specs rundll32.exe no specs mscorsvw.exe no specs rundll32.exe rundll32.exe no specs rundll32.exe no specs fences.exe no specs fences.exe no specs fences.exe no specs fences.exe no specs icacls.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs fences.exe no specs fences.exe no specs fences.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe fences.exe no specs mscorsvw.exe fences.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe fences.exe no specs mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe

Process information

PID
CMD
Path
Indicators
Parent process
252"C:\Users\admin\AppData\Local\Temp\Stardock_Fences.exe" /SPAWNWND=$12039E /NOTIFYWND=$150050 C:\Users\admin\AppData\Local\Temp\Stardock_Fences.exe
Stardock_Fences.tmp
User:
admin
Company:
Stardock Software, Inc.
Integrity Level:
HIGH
Description:
Stardock Fences Setup
Exit code:
0
Version:
5.8.3.4.0
Modules
Images
c:\users\admin\appdata\local\temp\stardock_fences.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
488"C:\Program Files (x86)\Stardock\Fences\Fences.exe" C:\Program Files (x86)\Stardock\Fences\Fences.exe
Fences.exe
User:
admin
Company:
Stardock Corporation
Integrity Level:
HIGH
Description:
Fences Settings
Version:
5.8.3.4
Modules
Images
c:\program files (x86)\stardock\fences\fences.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
508"C:\Users\admin\AppData\Local\Temp\Stardock_Fences.exe" C:\Users\admin\AppData\Local\Temp\Stardock_Fences.exe
explorer.exe
User:
admin
Company:
Stardock Software, Inc.
Integrity Level:
MEDIUM
Description:
Stardock Fences Setup
Exit code:
0
Version:
5.8.3.4.0
Modules
Images
c:\users\admin\appdata\local\temp\stardock_fences.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
736"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\Stardock\Fences\DesktopDock64.dll"C:\Windows\System32\regsvr32.exe
Fences.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
736C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 348 -Pipe 35c -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
788\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeicacls.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
788C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 308 -Pipe 3bc -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
936reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1" /v UninstallString /t REG_SZ /d "\"C:\WINDOWS\Installer\Stardock Fences\unins000.exe\"" /fC:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1044C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 0 -NGENProcess 340 -Pipe 3d8 -Comment "NGen Worker Process"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
ngen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Runtime Optimization Service
Exit code:
0
Version:
4.8.9093.0 built by: NET481REL1LAST_C
1164"C:\Program Files (x86)\Stardock\Fences\Fences.exe" /FromDesktopC:\Program Files (x86)\Stardock\Fences\Fences.exe
Stardock_Fences.tmp
User:
admin
Company:
Stardock Corporation
Integrity Level:
HIGH
Description:
Fences Settings
Exit code:
0
Version:
5.8.3.4
Modules
Images
c:\program files (x86)\stardock\fences\fences.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
8 330
Read events
8 216
Write events
68
Delete events
46

Modification events

(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.0.5 (u)
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\Stardock\Fences
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Stardock\Fences\
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Stardock Fences
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:Inno Setup: Language
Value:
ENG
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:DisplayName
Value:
Stardock Fences 5.8.3.4
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\Stardock\Fences\Fences.exe
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:UninstallString
Value:
"C:\WINDOWS\Installer\Stardock Fences\unins000.exe"
(PID) Process:(5152) Stardock_Fences.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardock Fences_is1
Operation:writeName:QuietUninstallString
Value:
"C:\WINDOWS\Installer\Stardock Fences\unins000.exe" /SILENT
Executable files
177
Suspicious files
117
Text files
245
Unknown types
4

Dropped files

PID
Process
Filename
Type
508Stardock_Fences.exeC:\Users\admin\AppData\Local\Temp\is-7MIGJ.tmp\Stardock_Fences.tmpexecutable
MD5:F120C94EE73B4A44303BF647B8A495E1
SHA256:1900DA659E13411F7F8BB68057FF454A80822745E1DAF71B809D8031A8FDAC21
5152Stardock_Fences.tmpC:\Users\admin\AppData\Local\Temp\is-27UKI.tmp\botva2.dllexecutable
MD5:EF899FA243C07B7B82B3A45F6EC36771
SHA256:DA7D0368712EE419952EB2640A65A7F24E39FB7872442ED4D2EE847EC4CFDE77
252Stardock_Fences.exeC:\Users\admin\AppData\Local\Temp\is-ISQ80.tmp\Stardock_Fences.tmpexecutable
MD5:F120C94EE73B4A44303BF647B8A495E1
SHA256:1900DA659E13411F7F8BB68057FF454A80822745E1DAF71B809D8031A8FDAC21
5152Stardock_Fences.tmpC:\Users\admin\AppData\Local\Temp\is-27UKI.tmp\Icon_telegram.pngimage
MD5:F2E6B557DBED664214A523767A15F07F
SHA256:0370D9CA570FD28F8AE167B69821ABAF2A7EB13C3559E0EAFFE4B253C9D7020E
5152Stardock_Fences.tmpC:\Users\admin\AppData\Local\Temp\is-27UKI.tmp\Icon_msg.pngimage
MD5:6DE58BD6AF32D0F0D0F10FF5EDDFAD9F
SHA256:2040ED1F9FA694758A52EDB76C697AA1D4052E0D4B10638BE3D2D58CDC74FF05
5152Stardock_Fences.tmpC:\Program Files (x86)\Stardock\Fences\is-VH9EB.tmpexecutable
MD5:8F13E968A9E1FF08184BEC4B526DED37
SHA256:93D867B3C6D0D9EA80F3B3EDEE0923C5ED285C514AB2F1EC018D839ECFE56704
5152Stardock_Fences.tmpC:\Program Files (x86)\Stardock\Fences\is-7150M.tmpexecutable
MD5:61E97D61E4CFF7411E2FA036506F45D2
SHA256:592688A470F6FBEEAF87C22D53A5246B9C09DEA1B539DF93219A1F64EBD8778F
5152Stardock_Fences.tmpC:\Windows\Installer\Stardock Fences\unins000.exeexecutable
MD5:63D47407B787EC49CDA9DF9B64ED36F1
SHA256:9710421E58672425C090E83770D97D4CD568AE5A1230B7B8DC6F387465A7C03F
5152Stardock_Fences.tmpC:\Windows\Installer\Stardock Fences\is-T07S6.tmpexecutable
MD5:63D47407B787EC49CDA9DF9B64ED36F1
SHA256:9710421E58672425C090E83770D97D4CD568AE5A1230B7B8DC6F387465A7C03F
5152Stardock_Fences.tmpC:\Program Files (x86)\Stardock\Fences\is-NR56U.tmpexecutable
MD5:A1BBC166C4E150D29A87FCFEE46AA1D3
SHA256:E7202D3696C765D30A7125571B522B0FA9C891B820A87DA2A1E5907BEF93B4EF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
20
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1944
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3324
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
3324
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
3324
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAKSYfpIaxYQcTpMuex%2BbEI%3D
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
7128
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
3260
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1944
svchost.exe
40.126.32.138:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1944
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
7128
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.142
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 40.126.32.138
  • 40.126.32.72
  • 40.126.32.68
  • 40.126.32.133
  • 40.126.32.136
  • 20.190.160.17
  • 40.126.32.140
  • 20.190.160.14
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted

Threats

No threats detected
Process
Message
Fences.exe
Skip locking file License_SAS.txt
Fences.exe
Skip locking file eula.txt
Fences.exe
Skip locking file patch_register.cmd
Fences.exe
Skip locking file patch_unregister.cmd
Fences.exe
Skip locking file Readme.txt
Fences.exe
Skip locking file Readme.txt
Fences.exe
Skip locking file eula.txt
Fences.exe
Skip locking file License_SAS.txt
Fences.exe
Skip locking file patch_register.cmd
Fences.exe
Skip locking file patch_unregister.cmd
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Stardock_Fences.exe