File name:

Stardock Fences V.3.0.9.11 64 Bit.rar

Full analysis: https://app.any.run/tasks/f827505f-0fa7-458b-ba66-0b97ec402bea
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: June 17, 2019, 15:51:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

768412C5DF6D8B0BF07251F46EA95A8C

SHA1:

124954268FA94C2259CF7F8A3BF44DDE81208520

SHA256:

882144CFF3C9C5195E69EC0E443E9AAA085753E8B23FE9854200E1054B0A0341

SSDEEP:

196608:eH1kjL3nYNinZb125j8u0FnxzktElA3VX6NxGZp3pjZ5mMLgiY1y48X53sXKSl8L:eH1kjTYNiZElVtcA3VX6Yp5mvSdsXKEc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • irsetup.exe (PID: 3980)
      • irsetup.exe (PID: 3844)
      • irsetup.exe (PID: 3040)
      • Fences.exe (PID: 3236)
      • SasUpgrade.exe (PID: 2592)
      • Fences.exe (PID: 3028)
      • regsvr32.exe (PID: 3920)
      • regsvr32.exe (PID: 2368)
      • Fences.exe (PID: 2088)
      • regsvr32.exe (PID: 3488)
      • regsvr32.exe (PID: 2092)
      • Fences.exe (PID: 2212)
      • explorer.exe (PID: 252)
      • mscorsvw.exe (PID: 2704)
      • Fences.exe (PID: 2408)
      • rundll32.exe (PID: 3440)
      • Fences.exe (PID: 3112)
      • Fences.exe (PID: 3068)
      • Fences.exe (PID: 2876)
      • DllHost.exe (PID: 2440)
      • mscorsvw.exe (PID: 3512)
      • mscorsvw.exe (PID: 3568)
      • mscorsvw.exe (PID: 3552)
      • mscorsvw.exe (PID: 3576)
      • ctfmon.exe (PID: 2000)
      • Fences.exe (PID: 3276)
      • Fences.exe (PID: 2516)
      • SdDisplay.exe (PID: 2224)
      • Fences.exe (PID: 2588)
      • Fences.exe (PID: 3832)
      • Fences.exe (PID: 2796)
      • rundll32.exe (PID: 2660)
      • Fences.exe (PID: 3116)
      • Fences.exe (PID: 3108)
      • Fences.exe (PID: 2288)
      • SdDisplay.exe (PID: 1128)
      • stardock.fences.3.0.5.x64-patch.exe (PID: 3692)
      • stardock.fences.3.0.5.x64-patch.exe (PID: 3508)
      • Fences.exe (PID: 4072)
      • filezilla.exe (PID: 3096)
      • Fences.exe (PID: 3224)
      • SdDisplay.exe (PID: 3360)

    • Application was dropped or rewritten from another process

      • irsetup.exe (PID: 3980)
      • GetMachineSID.exe (PID: 3340)
      • irsetup.exe (PID: 3844)
      • GetMachineSID.exe (PID: 3544)
      • irsetup.exe (PID: 3040)
      • GetMachineSID.exe (PID: 4008)
      • Fences.exe (PID: 3236)
      • Fences.exe (PID: 3028)
      • SasUpgrade.exe (PID: 2592)
      • Fences.exe (PID: 2088)
      • Fences.exe (PID: 2212)
      • Fences.exe (PID: 2408)
      • Fences.exe (PID: 3112)
      • Fences.exe (PID: 3068)
      • Fences.exe (PID: 2876)
      • Fences.exe (PID: 3276)
      • Fences.exe (PID: 2588)
      • SdDisplay.exe (PID: 2224)
      • Fences.exe (PID: 3832)
      • Fences.exe (PID: 2516)
      • Fences.exe (PID: 3116)
      • Fences.exe (PID: 2796)
      • Fences.exe (PID: 2288)
      • Fences.exe (PID: 3108)
      • SdDisplay.exe (PID: 1128)
      • unngen.exe (PID: 3636)
      • movefile.exe (PID: 1628)
      • movefile.exe (PID: 2752)
      • movefile.exe (PID: 3348)
      • movefile.exe (PID: 2460)
      • movefile.exe (PID: 2600)
      • movefile.exe (PID: 3052)
      • movefile.exe (PID: 3304)
      • movefile.exe (PID: 3532)
      • movefile.exe (PID: 2432)
      • movefile.exe (PID: 1116)
      • movefile.exe (PID: 2420)
      • Fences.exe (PID: 3224)
      • SdDisplay.exe (PID: 3360)
      • Fences.exe (PID: 4072)
      • movefile.exe (PID: 1276)

    • Connects to CnC server

      • irsetup.exe (PID: 3980)
      • irsetup.exe (PID: 3040)
      • irsetup.exe (PID: 3844)

    • Changes settings of System certificates

      • irsetup.exe (PID: 3980)

    • Registers / Runs the DLL via REGSVR32.EXE

      • Fences.exe (PID: 3236)
      • Fences.exe (PID: 2088)

    • Changes the autorun value in the registry

      • Fences.exe (PID: 2088)
      • explorer.exe (PID: 252)

    • Loads the Task Scheduler COM API

      • Fences.exe (PID: 2088)

    • Application was injected by another process

      • explorer.exe (PID: 252)

    • Runs injected code in another process

      • Fences.exe (PID: 3236)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Fences3-sd-setup.exe (PID: 2860)
      • irsetup.exe (PID: 3980)
      • irsetup.exe (PID: 3844)
      • Fences3-sd-setup.exe (PID: 2964)
      • Fences3-sd-setup.exe (PID: 2840)
      • irsetup.exe (PID: 3040)
      • mscorsvw.exe (PID: 3512)
      • mscorsvw.exe (PID: 3568)
      • mscorsvw.exe (PID: 3552)
      • mscorsvw.exe (PID: 3576)
      • stardock.fences.3.0.5.x64-patch.exe (PID: 3692)
      • stardock.fences.3.0.5.x64-patch.exe (PID: 3508)
      • cmd.exe (PID: 1400)

    • Uses REG.EXE to modify Windows registry

      • irsetup.exe (PID: 3980)
      • irsetup.exe (PID: 3844)
      • irsetup.exe (PID: 3040)
      • cmd.exe (PID: 2332)

    • Reads Internet Cache Settings

      • explorer.exe (PID: 252)

    • Creates files in the user directory

      • explorer.exe (PID: 252)
      • irsetup.exe (PID: 3980)
      • irsetup.exe (PID: 3040)
      • Fences.exe (PID: 3236)
      • Fences.exe (PID: 2516)
      • Fences.exe (PID: 2796)
      • filezilla.exe (PID: 3096)

    • Reads internet explorer settings

      • irsetup.exe (PID: 3980)
      • irsetup.exe (PID: 3040)
      • SdDisplay.exe (PID: 2224)
      • SdDisplay.exe (PID: 1128)
      • SdDisplay.exe (PID: 3360)

    • Adds / modifies Windows certificates

      • irsetup.exe (PID: 3980)

    • Creates a software uninstall entry

      • irsetup.exe (PID: 3040)

    • Starts CMD.EXE for commands execution

      • irsetup.exe (PID: 3040)
      • stardock.fences.3.0.5.x64-patch.exe (PID: 3508)

    • Application launched itself

      • Fences.exe (PID: 3236)
      • Fences.exe (PID: 2088)
      • Fences.exe (PID: 3112)
      • Fences.exe (PID: 2796)

    • Uses ICACLS.EXE to modify access control list

      • Fences.exe (PID: 3028)
      • Fences.exe (PID: 2588)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 3920)
      • regsvr32.exe (PID: 3488)

    • Creates files in the program directory

      • irsetup.exe (PID: 3040)
      • stardock.fences.3.0.5.x64-patch.exe (PID: 3508)
      • cmd.exe (PID: 1400)

    • Creates files in the Windows directory

      • ngen.exe (PID: 3188)
      • mscorsvw.exe (PID: 3512)
      • mscorsvw.exe (PID: 3568)
      • mscorsvw.exe (PID: 3552)
      • mscorsvw.exe (PID: 3576)
      • ngen.exe (PID: 3208)
      • mscorsvw.exe (PID: 3452)
      • mscorsvw.exe (PID: 2864)
      • mscorsvw.exe (PID: 2968)
      • stardock.fences.3.0.5.x64-patch.exe (PID: 3508)
      • mscorsvw.exe (PID: 2216)

    • Reads Environment values

      • Fences.exe (PID: 2212)

    • Uses RUNDLL32.EXE to load library

      • explorer.exe (PID: 252)
      • Fences.exe (PID: 2408)

    • Removes files from Windows directory

      • mscorsvw.exe (PID: 3512)
      • mscorsvw.exe (PID: 3568)
      • mscorsvw.exe (PID: 3552)
      • mscorsvw.exe (PID: 3576)
      • mscorsvw.exe (PID: 3452)
      • mscorsvw.exe (PID: 2864)
      • mscorsvw.exe (PID: 2968)
      • mscorsvw.exe (PID: 2216)

    • Changes IE settings (feature browser emulation)

      • SdDisplay.exe (PID: 2224)
      • SdDisplay.exe (PID: 1128)
      • SdDisplay.exe (PID: 3360)

  • INFO

    • Manual execution by user

      • Fences3-sd-setup.exe (PID: 2284)
      • Fences3-sd-setup.exe (PID: 3724)
      • Fences3-sd-setup.exe (PID: 2860)
      • Fences3-sd-setup.exe (PID: 2964)
      • NOTEPAD.EXE (PID: 4068)
      • Fences3-sd-setup.exe (PID: 2372)
      • Fences3-sd-setup.exe (PID: 2840)

    • Reads settings of System Certificates

      • explorer.exe (PID: 252)
      • Fences.exe (PID: 3224)
      • Fences.exe (PID: 2288)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
153
Monitored processes
87
Malicious processes
41
Suspicious processes
8

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start winrar.exe no specs fences3-sd-setup.exe no specs fences3-sd-setup.exe irsetup.exe fences3-sd-setup.exe no specs getmachinesid.exe no specs fences3-sd-setup.exe reg.exe no specs irsetup.exe notepad.exe no specs getmachinesid.exe no specs reg.exe no specs fences3-sd-setup.exe no specs fences3-sd-setup.exe irsetup.exe getmachinesid.exe no specs reg.exe no specs cmd.exe no specs sasupgrade.exe no specs fences.exe reg.exe no specs reg.exe no specs reg.exe no specs fences.exe icacls.exe no specs icacls.exe no specs regsvr32.exe regsvr32.exe fences.exe regsvr32.exe regsvr32.exe fences.exe ngen.exe no specs explorer.exe fences.exe mscorsvw.exe no specs rundll32.exe fences.exe fences.exe fences.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe mscorsvw.exe Thumbnail Cache Out of Proc Server no specs fences.exe ctfmon.exe no specs fences.exe sddisplay.exe no specs fences.exe fences.exe fences.exe icacls.exe no specs fences.exe icacls.exe no specs rundll32.exe no specs fences.exe fences.exe sddisplay.exe no specs stardock.fences.3.0.5.x64-patch.exe stardock.fences.3.0.5.x64-patch.exe no specs stardock.fences.3.0.5.x64-patch.exe cmd.exe no specs unngen.exe no specs ngen.exe no specs cmd.exe cmd.exe no specs movefile.exe no specs movefile.exe no specs movefile.exe no specs movefile.exe no specs movefile.exe no specs movefile.exe no specs mscorsvw.exe no specs movefile.exe no specs movefile.exe no specs movefile.exe no specs mscorsvw.exe no specs movefile.exe no specs movefile.exe no specs mscorsvw.exe no specs movefile.exe no specs mscorsvw.exe no specs fences.exe filezilla.exe no specs fences.exe sddisplay.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
252C:\Windows\Explorer.EXEC:\Windows\explorer.exe
ctfmon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
880"C:\Windows\system32\icacls.exe" "C:\Users\admin\AppData\Roaming\Stardock\Fences" /C /T /grant *S-1-5-32-545:(OI)(CI)(F)C:\Windows\system32\icacls.exeFences.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
1116movefile /accepteula "DesktopDock64.dll.todo" "DesktopDock64.dll"C:\Program Files\Stardock\Fences\movefile.execmd.exe
User:
admin
Company:
Sysinternals - www.sysinternals.com
Integrity Level:
HIGH
Description:
Sysinternals Movefile
Exit code:
0
Version:
1.01
Modules
Images
c:\program files\stardock\fences\movefile.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1128"C:\Program Files\Stardock\Fences\SdDisplay.exe" -prodId=2628 -ProdName="Fences3" -company="Stardock" -forceUi="Welcome" -parentPid=2288 -prodVer="3.0.9.11" -ResponsePipe=1996 C:\Program Files\Stardock\Fences\SdDisplay.exeFences.exe
User:
admin
Company:
Stardock Corporation
Integrity Level:
MEDIUM
Description:
SdDisplay
Exit code:
0
Version:
1.8.0.1511
Modules
Images
c:\program files\stardock\fences\sddisplay.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1276movefile /accepteula "DesktopDock.dll" ""C:\Program Files\Stardock\Fences\movefile.execmd.exe
User:
admin
Company:
Sysinternals - www.sysinternals.com
Integrity Level:
HIGH
Description:
Sysinternals Movefile
Exit code:
0
Version:
1.01
Modules
Images
c:\program files\stardock\fences\movefile.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1400cmd /c "C:\Program Files\Stardock\Fences\pre.bat" C:\Windows\system32\cmd.exe
stardock.fences.3.0.5.x64-patch.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1628movefile /accepteula "SdAppServices.dll" ""C:\Program Files\Stardock\Fences\movefile.execmd.exe
User:
admin
Company:
Sysinternals - www.sysinternals.com
Integrity Level:
HIGH
Description:
Sysinternals Movefile
Exit code:
0
Version:
1.01
Modules
Images
c:\program files\stardock\fences\movefile.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
1740C:\Windows\system32\reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fences Pro" /fC:\Windows\system32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2000C:\Windows\System32\ctfmon.exe C:\Windows\System32\ctfmon.exetaskeng.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
CTF Loader
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctfmonitor.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
2088"C:\Program Files\Stardock\Fences\Fences.exe" /register2C:\Program Files\Stardock\Fences\Fences.exe
Fences.exe
User:
admin
Company:
Stardock Corporation
Integrity Level:
HIGH
Description:
Fences Settings
Exit code:
0
Version:
3.0.9.11
Modules
Images
c:\program files\stardock\fences\fences.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
12 107
Read events
10 470
Write events
1 598
Delete events
39

Modification events

(PID) Process:(3216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3216) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Stardock Fences V.3.0.9.11 64 Bit.rar
(PID) Process:(3216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3216) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(252) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList
Operation:writeName:a
Value:
WinRAR.exe
(PID) Process:(252) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList
Operation:writeName:MRUList
Value:
a
Executable files
71
Suspicious files
2
Text files
256
Unknown types
16

Dropped files

PID
Process
Filename
Type
3216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3216.21001\Stardock Fences V.3.0.9.11 64 Bit\Fences3-sd-setup.exe
MD5:
SHA256:
3216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3216.21001\Stardock Fences V.3.0.9.11 64 Bit\install.txt
MD5:
SHA256:
3216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3216.21001\Stardock Fences V.3.0.9.11 64 Bit\Patch\install.txt
MD5:
SHA256:
3216WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3216.21001\Stardock Fences V.3.0.9.11 64 Bit\Patch\stardock.fences.3.0.5.x64-patch.exe
MD5:
SHA256:
252explorer.exeC:\Users\admin\Desktop\Stardock Fences V.3.0.9.11 64 Bit
MD5:
SHA256:
3980irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat
MD5:
SHA256:
2996reg.exeC:\Users\admin\AppData\Local\Temp\REG7096.tmp
MD5:
SHA256:
3844irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat
MD5:
SHA256:
3980irsetup.exeC:\Users\admin\AppData\Local\Temp\Stardock Fences 3 Setup Log.txttext
MD5:
SHA256:
2860Fences3-sd-setup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dllexecutable
MD5:05CEB6D2E88A896D6ADA0AB3F0DC40AA
SHA256:B574D89422AFCAAE5446D8FD88D3B7CB48D608CF5411DB761916B35C9999B41A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
16
DNS requests
6
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3040
irsetup.exe
GET
304
205.234.175.175:80
http://stardock.cachefly.net/installer_crosssell_images/bg_v1.png
US
whitelisted
3980
irsetup.exe
GET
200
205.234.175.175:80
http://stardock.cachefly.net/installer_crosssell_images/bg_v1.png
US
image
973 b
whitelisted
3040
irsetup.exe
GET
200
205.234.175.175:80
http://stardock.cachefly.net/installer_crosssell_images/groupy_v1.jpg
US
image
62.4 Kb
whitelisted
3844
irsetup.exe
POST
200
66.79.209.82:80
http://install.api.stardock.net/installer/Initialize/?format=xml
US
text
735 b
whitelisted
3040
irsetup.exe
GET
200
66.79.209.93:80
http://installers.stardock.com/crosssell/groupy-1/
US
html
885 b
whitelisted
3040
irsetup.exe
POST
200
66.79.209.82:80
http://install.api.stardock.net/installer/Initialize/?format=xml
US
text
735 b
whitelisted
3980
irsetup.exe
GET
200
66.79.209.93:80
http://installers.stardock.com/crosssell/groupy-2/
US
html
888 b
whitelisted
3980
irsetup.exe
GET
200
205.234.175.175:80
http://stardock.cachefly.net/installer_crosssell_images/groupy_v2.jpg
US
image
66.2 Kb
whitelisted
3980
irsetup.exe
GET
200
66.79.209.93:80
http://installers.stardock.com/crosssell/groupy-2/
US
html
888 b
whitelisted
3844
irsetup.exe
POST
200
66.79.209.82:80
http://install.api.stardock.net/installer/SaveInstallStats/?format=xml
US
text
219 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3980
irsetup.exe
66.79.209.82:80
install.api.stardock.net
Telnet Worldwide, Inc.
US
malicious
3844
irsetup.exe
66.79.209.82:80
install.api.stardock.net
Telnet Worldwide, Inc.
US
malicious
3040
irsetup.exe
66.79.209.82:80
install.api.stardock.net
Telnet Worldwide, Inc.
US
malicious
3040
irsetup.exe
205.234.175.175:80
stardock.cachefly.net
CacheNetworks, Inc.
US
suspicious
3040
irsetup.exe
216.58.207.46:443
www.google-analytics.com
Google Inc.
US
whitelisted
3980
irsetup.exe
66.79.209.93:80
installers.stardock.com
Telnet Worldwide, Inc.
US
unknown
2212
Fences.exe
162.125.66.6:443
dl.dropbox.com
Dropbox, Inc.
DE
shared
3040
irsetup.exe
66.79.209.93:80
installers.stardock.com
Telnet Worldwide, Inc.
US
unknown
3980
irsetup.exe
216.58.207.46:443
www.google-analytics.com
Google Inc.
US
whitelisted
3980
irsetup.exe
205.234.175.175:80
stardock.cachefly.net
CacheNetworks, Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
install.api.stardock.net
  • 66.79.209.82
whitelisted
installers.stardock.com
  • 66.79.209.93
unknown
www.google-analytics.com
  • 216.58.207.46
whitelisted
stardock.cachefly.net
  • 205.234.175.175
whitelisted
dl.dropbox.com
  • 162.125.66.6
shared
dl.dropboxusercontent.com
  • 162.125.66.6
shared

Threats

PID
Process
Class
Message
3980
irsetup.exe
Misc activity
ADWARE [PTsecurity] Setup Factory Installer Checkin
3844
irsetup.exe
Misc activity
ADWARE [PTsecurity] Setup Factory Installer Checkin
3040
irsetup.exe
Misc activity
ADWARE [PTsecurity] Setup Factory Installer Checkin
5 ETPRO signatures available at the full report
Process
Message
Fences.exe
Skip locking file uninstall.exe
Fences.exe
Skip locking file uninstall.exe
Fences.exe
Skip locking file uninstall.exe
Fences.exe
Skip locking file uninstall.exe
Fences.exe
C:\Windows\system32\regsvr32.exe
Fences.exe
/s "C:\Program Files\Stardock\Fences\DesktopDock.dll"
Fences.exe
UninstaLL
Fences.exe
C:\Windows\system32\regsvr32.exe
Fences.exe
/s "C:\Program Files\Stardock\Fences\FencesMenu.dll"
Fences.exe
UninstaLL
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Stardock Fences V.3.0.9.11 64 Bit.rar