Analysis Overview
SHA256
4ddbdc032a914b567dd8f8caa59a5b785c32b490c0ba3c5040f544824c980a6c
Threat Level: Likely benign
The file ReShade_Setup_6.3.3.exe was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 22:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 22:41
Reported
2024-11-09 22:43
Platform
win7-20240903-en
Max time kernel
51s
Max time network
89s
Command Line
Signatures
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 5600310000000000ee3a851a1000506572664c6f677300003e0008000400efbeee3a851aee3a851a2a0000003a00000000000100000000000000000000000000000050006500720066004c006f0067007300000018000000 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "1" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\TV_FolderType = "{292108BE-88AB-4F33-9A26-7748E62E37AD}" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9} | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\TV_FolderType = "{631958A6-AD0F-4035-A745-28AC066DC6ED}" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\TV_TopViewVersion = "0" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{631958A6-AD0F-4035-A745-28AC066DC6ED} | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "96" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe
"C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6839758,0x7fef6839768,0x7fef6839778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1212 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2196 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2212 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1296 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3776 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3728 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3788 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2232 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| GB | 64.210.156.22:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.22:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| GB | 64.210.156.22:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 66.102.1.156:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 64.210.156.21:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.22:443 | ss.phncdn.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 64.210.156.22:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.22:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.22:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| BE | 66.102.1.156:443 | stats.g.doubleclick.net | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ss.phncdn.com | tcp |
Files
memory/2364-0-0x000007FEF5813000-0x000007FEF5814000-memory.dmp
memory/2364-1-0x0000000000F20000-0x0000000000F4A000-memory.dmp
memory/2364-2-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp
memory/2364-3-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp
memory/2364-5-0x00000000003D0000-0x00000000003DA000-memory.dmp
memory/2364-4-0x00000000003D0000-0x00000000003DA000-memory.dmp
memory/2364-6-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp
memory/2364-7-0x000007FEF5813000-0x000007FEF5814000-memory.dmp
memory/2364-8-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp
memory/2364-9-0x00000000003D0000-0x00000000003DA000-memory.dmp
memory/2364-10-0x00000000003D0000-0x00000000003DA000-memory.dmp
memory/2364-11-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp
memory/2364-12-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp
memory/2364-13-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp
memory/2364-14-0x000000001D6B0000-0x000000001D6C0000-memory.dmp
memory/2364-15-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp
memory/2364-16-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp
\??\pipe\crashpad_2696_NNRKBCADXJMGTHIW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Temp\Cab85C5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar85E7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e89fcd541975204da2cb6bf48f86ddf3 |
| SHA1 | 6d86c6ea52a415660c76608f4596486e935eb5e7 |
| SHA256 | c4442f43ad45e4ce813b43616a44b761a4626337d5d186f411983be0f79257be |
| SHA512 | f9658438ab27320ca7564b46fd361f98bdec21fbeb1dcc1a56e29ebed168a5ac92a30a0c2ddd736098fe38aeeb8d0debd47dffe0933ccf8579c3f37cf6ec6424 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bf4ec4ddde1c352192bf91474755e45c |
| SHA1 | 24f5bccc1e742986f5988ba3305041e3fdf30d5e |
| SHA256 | ad070f4f9f35fb944007f270383a4df6192c8b5ae748c6df469f8cce5e38d46e |
| SHA512 | 7b22ce11b7b3d7a9b906945469ab01840be3f2eef69a1f42e3c4994029194a4604784877c82cf683c98edce7584b531962f16ec0321dcc054c9a94770481af96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f26b9db492ce64450bb379e97495e44a |
| SHA1 | 507016cbed936be416f6bc5f6c5c98a20d41c6ec |
| SHA256 | d96b2b5e74c346ac7a4f3548f68e796809d0c27c469f91b0c3b1f83ba171f8bf |
| SHA512 | 860aa0c0c6903f417c05634b7a4e7f69b600f7cde591f40ed4b6875324f0a133373ec5d862e0ff6e6bfc8a7b9835eb6c3b32876a47b45713f943652c9de423cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81712ddce6a6b0e4fec99cf23be0f5ab |
| SHA1 | 9a6a7e6ac0e8e4915a98360f51bc7364a7661f51 |
| SHA256 | f67580c0dd5173c6617b3df995be596651458eabaa093d6e23b9a396f088a63a |
| SHA512 | 9bdcd9f8b0332a12481dbbb91c2cc5db805bc98020a47e41b752222aebdb7df9079575de54aa453130229d5f0642fb54df9d616e3c28ad11ebe8849d7650f96b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ae7e0230b7a51bdd8d8b0de6c78279d |
| SHA1 | 31e83f471cdf6a0586916fc119a085c35731495f |
| SHA256 | 205a32a3cca51716c291ffe44bf95a2d6e897c25ebb4651286e481ad612572c9 |
| SHA512 | 8f1633396e68bbbf8e6f7f2823b6e2c94ed319ba49d1491db1c49bd5dd9d09f1fed875126f74bf969b1f79ba6b3b97aa776b96f8a063576a304f0b73440a394c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cfb33c37c3ac4f958a49e1507b91988 |
| SHA1 | da312c05a68e7f7eb4989e9c54cab01e8c8009d5 |
| SHA256 | 0037c5d2770b2741bffad8846d3f477fc9083abede3200c417cf11d32c6b9683 |
| SHA512 | 87cad78627e48a4474ef4889eafcd1920be1012970897fad80828d97183d23f35a19059b99eaf1093ddb7f9b15b4c48f5db3d7553e680b1f1c0bd21a297abc8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4802807499f8ef929a10a591150f6f40 |
| SHA1 | d4129d378c0b51bf4ef3966568be4d9ba5a794d4 |
| SHA256 | 380bb5c28828c3cd21f4215da21f2a521e4047e7e9ab6f9aa1a3211f1afd8a18 |
| SHA512 | ecbacfa4cd864c417195a6a02cb63073086ac69ce7b905ef3c29239af06025d38f9a46d5da946d680ddae60f4b03519f9687139444990cd49c5964bbd8f7bf2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7abaeede460971e8fd6a0df66de71e1a |
| SHA1 | 8ab1b01cd45961c0b84409fa3c3ea89c53bc2fcc |
| SHA256 | 7f7893a66b6280862e453057648ecd321b92e47c48cd98d0594342943d583f17 |
| SHA512 | cf9361ceae33d6694efefad9af8c500169633df7235b726c7a6baf8da10a855003055267d2ed7549b77a28387008684cd22b60f87fef9b867122fdf5f5d8b8c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03d7abbd5c4d67706aef2d65302bc6cc |
| SHA1 | 7d74f518a00cfc1f4c10225b1c7e3c716abae533 |
| SHA256 | 4f247b3e0dff5984729d67eae1b1fca31e8d20ea02b273c9139d628b704c37e5 |
| SHA512 | 8e99e913f8e02568a46666ad1160d300ceb6076d5a65a830fbcc1fd69b8f78b9f31476593ebcfa01acce83ecedb3482c81e2b4de99c6eb7b2d54414b2e3c57e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 38e758b4e5a65fc9cf74ac196a3eb590 |
| SHA1 | e856ff809e3a65d1d2d4c8808ac4551764a921a1 |
| SHA256 | 72b722b5e0d67037ad21e670767fef72604d970c8c279478894d8e4fe685d481 |
| SHA512 | ae8fb684b0a47210856ae7a96b3df9a2e542582bfb94636ff17a1376cc307d4e567492e860ab104e5980dc8cf7b8d78af7c22ff545dcb88540cb54bb82f36934 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 37bb0fd716204267e51455873a69f85f |
| SHA1 | 6a3775b0190d00e0f5db226ecd7a0be56cb475bf |
| SHA256 | 613d406a2257f9503ef1003988a4d5ac0e9d58b76f0897087c7f821141530495 |
| SHA512 | 9e4722a4fcee17d2f88b67b7074f446d1f1177e4961b4348219f6bf332dff4d8cc1fd382aa622590351a75b62fc173c8626a31539a421df2cf9e3f28eae52194 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFf77f7f6.TMP
| MD5 | a657b01abe8c1888ef7ff89f3fa31bec |
| SHA1 | 4b2880e72b69faa84df023875b1f6637fe5b5325 |
| SHA256 | 1c2f78dfa0337dd742e17041a109aded8b51c1a78d0298ae0b12d047bfcb05ac |
| SHA512 | e472d43d3d91e8b7c0f311e727c0daac2097d159b40876107330dc63280aee3a90af0c2318c6b63262cdb2e0689e55db108c48c31bc6d5cb3d3f4060b0b8391f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b0faa101-92b6-4269-bb3d-d78db552ed94.tmp
| MD5 | 11cd1590bf7fca8b2f41c2949078631e |
| SHA1 | 28e430ffbfcf3021e9dc6dbe93c431060752e975 |
| SHA256 | 5816f4e427542920ae17abc590ef7866b50ee9c03965a03c1c864330653160e1 |
| SHA512 | ba0923ee127dfe659848177c220e4faa2a5349d9b9b0e8d081c113797bc67b95f8712938a9985b168390b80e01b744669676e1664f18e89a7f386aedf7dfe14b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d65e021e67dd5b78eaee61713cf31c29 |
| SHA1 | 5699b24a20fc5cdaf5b83d4d696728d923f4ce9b |
| SHA256 | 5fb07c42af7faaf0cde5d9387de8510b65953279bc4e4f14d5a8a12ac430ec42 |
| SHA512 | 5c94a99cd24ea286930e3bdee59001f891ae0baf91abe5f794cc620d2d3724543cddc4c5d31aad3225d96c7950ba733114040bd2c5730d5b9f290ab4c621d9d4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 22:41
Reported
2024-11-09 22:43
Platform
win10v2004-20241007-en
Max time kernel
95s
Max time network
143s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe
"C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
memory/1576-0-0x00007FFE2E223000-0x00007FFE2E225000-memory.dmp
memory/1576-1-0x000001F42AFB0000-0x000001F42AFDA000-memory.dmp
memory/1576-2-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp
memory/1576-3-0x000001F42CBF0000-0x000001F42CBF8000-memory.dmp
memory/1576-5-0x000001F445460000-0x000001F44546E000-memory.dmp
memory/1576-4-0x000001F446EE0000-0x000001F446F18000-memory.dmp
memory/1576-6-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp
memory/1576-7-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp
memory/1576-8-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp
memory/1576-9-0x00007FFE2E223000-0x00007FFE2E225000-memory.dmp
memory/1576-10-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp