Malware Analysis Report

2025-04-03 13:26

Sample ID 241109-2l6leasqg1
Target ReShade_Setup_6.3.3.exe
SHA256 4ddbdc032a914b567dd8f8caa59a5b785c32b490c0ba3c5040f544824c980a6c
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

4ddbdc032a914b567dd8f8caa59a5b785c32b490c0ba3c5040f544824c980a6c

Threat Level: Likely benign

The file ReShade_Setup_6.3.3.exe was found to be: Likely benign.

Malicious Activity Summary

discovery

Browser Information Discovery

Enumerates physical storage devices

Enumerates system info in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 22:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 22:41

Reported

2024-11-09 22:43

Platform

win7-20240903-en

Max time kernel

51s

Max time network

89s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe"

Signatures

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 5600310000000000ee3a851a1000506572664c6f677300003e0008000400efbeee3a851aee3a851a2a0000003a00000000000100000000000000000000000000000050006500720066004c006f0067007300000018000000 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "1" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f433a5c000000000000000000000000000000000000000000 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = ffffffff C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\TV_FolderType = "{292108BE-88AB-4F33-9A26-7748E62E37AD}" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9} C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\TV_FolderType = "{631958A6-AD0F-4035-A745-28AC066DC6ED}" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\TV_TopViewVersion = "0" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{631958A6-AD0F-4035-A745-28AC066DC6ED} C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "96" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2696 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 1668 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe

"C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6839758,0x7fef6839768,0x7fef6839778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1212 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2196 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2212 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1296 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3776 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3728 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3788 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2232 --field-trial-handle=1268,i,5221134761420381197,5868166410799046498,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 142.250.179.228:443 www.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 www.pornhub.com udp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
GB 142.250.187.227:80 fonts.gstatic.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
GB 64.210.156.22:443 ei.phncdn.com tcp
GB 64.210.156.22:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
US 8.8.8.8:53 media.trafficjunky.net udp
GB 64.210.156.22:443 media.trafficjunky.net tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 64.210.156.17:443 media.trafficjunky.net tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 66.102.1.156:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
US 8.8.8.8:53 ss.phncdn.com udp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 64.210.156.21:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.22:443 ss.phncdn.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 64.210.156.22:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.22:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.22:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
BE 66.102.1.156:443 stats.g.doubleclick.net udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 64.210.156.17:443 ss.phncdn.com tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.21:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp
GB 64.210.156.17:443 ss.phncdn.com tcp

Files

memory/2364-0-0x000007FEF5813000-0x000007FEF5814000-memory.dmp

memory/2364-1-0x0000000000F20000-0x0000000000F4A000-memory.dmp

memory/2364-2-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

memory/2364-3-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

memory/2364-5-0x00000000003D0000-0x00000000003DA000-memory.dmp

memory/2364-4-0x00000000003D0000-0x00000000003DA000-memory.dmp

memory/2364-6-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

memory/2364-7-0x000007FEF5813000-0x000007FEF5814000-memory.dmp

memory/2364-8-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

memory/2364-9-0x00000000003D0000-0x00000000003DA000-memory.dmp

memory/2364-10-0x00000000003D0000-0x00000000003DA000-memory.dmp

memory/2364-11-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

memory/2364-12-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

memory/2364-13-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

memory/2364-14-0x000000001D6B0000-0x000000001D6C0000-memory.dmp

memory/2364-15-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

memory/2364-16-0x000007FEF5810000-0x000007FEF61FC000-memory.dmp

\??\pipe\crashpad_2696_NNRKBCADXJMGTHIW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Temp\Cab85C5.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar85E7.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e89fcd541975204da2cb6bf48f86ddf3
SHA1 6d86c6ea52a415660c76608f4596486e935eb5e7
SHA256 c4442f43ad45e4ce813b43616a44b761a4626337d5d186f411983be0f79257be
SHA512 f9658438ab27320ca7564b46fd361f98bdec21fbeb1dcc1a56e29ebed168a5ac92a30a0c2ddd736098fe38aeeb8d0debd47dffe0933ccf8579c3f37cf6ec6424

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf4ec4ddde1c352192bf91474755e45c
SHA1 24f5bccc1e742986f5988ba3305041e3fdf30d5e
SHA256 ad070f4f9f35fb944007f270383a4df6192c8b5ae748c6df469f8cce5e38d46e
SHA512 7b22ce11b7b3d7a9b906945469ab01840be3f2eef69a1f42e3c4994029194a4604784877c82cf683c98edce7584b531962f16ec0321dcc054c9a94770481af96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f26b9db492ce64450bb379e97495e44a
SHA1 507016cbed936be416f6bc5f6c5c98a20d41c6ec
SHA256 d96b2b5e74c346ac7a4f3548f68e796809d0c27c469f91b0c3b1f83ba171f8bf
SHA512 860aa0c0c6903f417c05634b7a4e7f69b600f7cde591f40ed4b6875324f0a133373ec5d862e0ff6e6bfc8a7b9835eb6c3b32876a47b45713f943652c9de423cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81712ddce6a6b0e4fec99cf23be0f5ab
SHA1 9a6a7e6ac0e8e4915a98360f51bc7364a7661f51
SHA256 f67580c0dd5173c6617b3df995be596651458eabaa093d6e23b9a396f088a63a
SHA512 9bdcd9f8b0332a12481dbbb91c2cc5db805bc98020a47e41b752222aebdb7df9079575de54aa453130229d5f0642fb54df9d616e3c28ad11ebe8849d7650f96b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ae7e0230b7a51bdd8d8b0de6c78279d
SHA1 31e83f471cdf6a0586916fc119a085c35731495f
SHA256 205a32a3cca51716c291ffe44bf95a2d6e897c25ebb4651286e481ad612572c9
SHA512 8f1633396e68bbbf8e6f7f2823b6e2c94ed319ba49d1491db1c49bd5dd9d09f1fed875126f74bf969b1f79ba6b3b97aa776b96f8a063576a304f0b73440a394c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cfb33c37c3ac4f958a49e1507b91988
SHA1 da312c05a68e7f7eb4989e9c54cab01e8c8009d5
SHA256 0037c5d2770b2741bffad8846d3f477fc9083abede3200c417cf11d32c6b9683
SHA512 87cad78627e48a4474ef4889eafcd1920be1012970897fad80828d97183d23f35a19059b99eaf1093ddb7f9b15b4c48f5db3d7553e680b1f1c0bd21a297abc8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4802807499f8ef929a10a591150f6f40
SHA1 d4129d378c0b51bf4ef3966568be4d9ba5a794d4
SHA256 380bb5c28828c3cd21f4215da21f2a521e4047e7e9ab6f9aa1a3211f1afd8a18
SHA512 ecbacfa4cd864c417195a6a02cb63073086ac69ce7b905ef3c29239af06025d38f9a46d5da946d680ddae60f4b03519f9687139444990cd49c5964bbd8f7bf2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7abaeede460971e8fd6a0df66de71e1a
SHA1 8ab1b01cd45961c0b84409fa3c3ea89c53bc2fcc
SHA256 7f7893a66b6280862e453057648ecd321b92e47c48cd98d0594342943d583f17
SHA512 cf9361ceae33d6694efefad9af8c500169633df7235b726c7a6baf8da10a855003055267d2ed7549b77a28387008684cd22b60f87fef9b867122fdf5f5d8b8c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03d7abbd5c4d67706aef2d65302bc6cc
SHA1 7d74f518a00cfc1f4c10225b1c7e3c716abae533
SHA256 4f247b3e0dff5984729d67eae1b1fca31e8d20ea02b273c9139d628b704c37e5
SHA512 8e99e913f8e02568a46666ad1160d300ceb6076d5a65a830fbcc1fd69b8f78b9f31476593ebcfa01acce83ecedb3482c81e2b4de99c6eb7b2d54414b2e3c57e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 38e758b4e5a65fc9cf74ac196a3eb590
SHA1 e856ff809e3a65d1d2d4c8808ac4551764a921a1
SHA256 72b722b5e0d67037ad21e670767fef72604d970c8c279478894d8e4fe685d481
SHA512 ae8fb684b0a47210856ae7a96b3df9a2e542582bfb94636ff17a1376cc307d4e567492e860ab104e5980dc8cf7b8d78af7c22ff545dcb88540cb54bb82f36934

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 37bb0fd716204267e51455873a69f85f
SHA1 6a3775b0190d00e0f5db226ecd7a0be56cb475bf
SHA256 613d406a2257f9503ef1003988a4d5ac0e9d58b76f0897087c7f821141530495
SHA512 9e4722a4fcee17d2f88b67b7074f446d1f1177e4961b4348219f6bf332dff4d8cc1fd382aa622590351a75b62fc173c8626a31539a421df2cf9e3f28eae52194

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFf77f7f6.TMP

MD5 a657b01abe8c1888ef7ff89f3fa31bec
SHA1 4b2880e72b69faa84df023875b1f6637fe5b5325
SHA256 1c2f78dfa0337dd742e17041a109aded8b51c1a78d0298ae0b12d047bfcb05ac
SHA512 e472d43d3d91e8b7c0f311e727c0daac2097d159b40876107330dc63280aee3a90af0c2318c6b63262cdb2e0689e55db108c48c31bc6d5cb3d3f4060b0b8391f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b0faa101-92b6-4269-bb3d-d78db552ed94.tmp

MD5 11cd1590bf7fca8b2f41c2949078631e
SHA1 28e430ffbfcf3021e9dc6dbe93c431060752e975
SHA256 5816f4e427542920ae17abc590ef7866b50ee9c03965a03c1c864330653160e1
SHA512 ba0923ee127dfe659848177c220e4faa2a5349d9b9b0e8d081c113797bc67b95f8712938a9985b168390b80e01b744669676e1664f18e89a7f386aedf7dfe14b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d65e021e67dd5b78eaee61713cf31c29
SHA1 5699b24a20fc5cdaf5b83d4d696728d923f4ce9b
SHA256 5fb07c42af7faaf0cde5d9387de8510b65953279bc4e4f14d5a8a12ac430ec42
SHA512 5c94a99cd24ea286930e3bdee59001f891ae0baf91abe5f794cc620d2d3724543cddc4c5d31aad3225d96c7950ba733114040bd2c5730d5b9f290ab4c621d9d4

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 22:41

Reported

2024-11-09 22:43

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe

"C:\Users\Admin\AppData\Local\Temp\ReShade_Setup_6.3.3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/1576-0-0x00007FFE2E223000-0x00007FFE2E225000-memory.dmp

memory/1576-1-0x000001F42AFB0000-0x000001F42AFDA000-memory.dmp

memory/1576-2-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

memory/1576-3-0x000001F42CBF0000-0x000001F42CBF8000-memory.dmp

memory/1576-5-0x000001F445460000-0x000001F44546E000-memory.dmp

memory/1576-4-0x000001F446EE0000-0x000001F446F18000-memory.dmp

memory/1576-6-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

memory/1576-7-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

memory/1576-8-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

memory/1576-9-0x00007FFE2E223000-0x00007FFE2E225000-memory.dmp

memory/1576-10-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp