7850068460fa81c35ba0c3ff44d27cb09608a02cba76a396bbb128cf22fb8800

Resubmissions

11/03/2024, 20:34

11/03/2024, 20:32

max time kernel
449s
max time network
451s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11/03/2024, 20:32

Target

ReShade_Setup_6.0.1_Addon.exe
Size

3.6MB
MD5

c22a0b21ff22af940d4f0b3121f65242
SHA1

03491a240db2866b068e1cdb998a3666182dee45
SHA256

7850068460fa81c35ba0c3ff44d27cb09608a02cba76a396bbb128cf22fb8800
SHA512

827d44a4d732602cc41fd9020be75cb07f95dcc3a58ffd4f52af955b6388d7098b46a18e47dfc255630307795b485735e272a077913fea83e7c736378a7b3d39
SSDEEP

98304:VsknlrflgCQzgUKadqVvBqohsFgI5+r7p1+:rnlbl1uzdqVvcdW4+Xn+

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2284	ReShade_Setup_6.0.1_Addon.exe

C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.0.1_Addon.exe
"C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.0.1_Addon.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2284

memory/2284-0-0x0000025DFA100000-0x0000025DFA13C000-memory.dmp

Filesize
240KB

Download
memory/2284-1-0x00007FF923120000-0x00007FF923BE2000-memory.dmp

Filesize
10.8MB

Download
memory/2284-2-0x0000025DFC110000-0x0000025DFC120000-memory.dmp

Filesize
64KB

Download
memory/2284-3-0x0000025DFA7C0000-0x0000025DFA7C8000-memory.dmp

Filesize
32KB

Download
memory/2284-4-0x0000025DFC0B0000-0x0000025DFC0E8000-memory.dmp

Filesize
224KB

Download
memory/2284-5-0x0000025DFC070000-0x0000025DFC07E000-memory.dmp

Filesize
56KB

Download
memory/2284-6-0x0000025DFC110000-0x0000025DFC120000-memory.dmp

Filesize
64KB

Download
memory/2284-7-0x00007FF923120000-0x00007FF923BE2000-memory.dmp

Filesize
10.8MB

Download
memory/2284-8-0x0000025DFC110000-0x0000025DFC120000-memory.dmp

Filesize
64KB

Download
memory/2284-9-0x0000025DFC110000-0x0000025DFC120000-memory.dmp

Filesize
64KB

Download