hxxps://github[.]com/Shimoro-Rune/NitroPerks

Analysis

max time kernel
149s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Shimoro-Rune/NitroPerks

Score

6^/10

execution

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

Processes:

flow	ioc
3	camo.githubusercontent.com
14	camo.githubusercontent.com
15	camo.githubusercontent.com
16	camo.githubusercontent.com
17	camo.githubusercontent.com
18	camo.githubusercontent.com

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608848472837993"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings chrome.exe
NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\NitroPerks-main.zip:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2008 chrome.exe
2008 chrome.exe
4760 chrome.exe
4760 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\NitroPerks-main.zip:Zone.Identifier	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2008 wrote to memory of 1204	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1204	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1004	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 4768	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 4768	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 3184	2008	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Shimoro-Rune/NitroPerks
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffcbe2ab58,0x7fffcbe2ab68,0x7fffcbe2ab78
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:2
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4824 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3980 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4820 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5476 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:1
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4960 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2308 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5664 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:8
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4064 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5540 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4900 --field-trial-handle=1836,i,9775624775217675914,15186095482183708304,131072 /prefetch:1
  2⤵
  PID:3216

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5032

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5016

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_NitroPerks-main.zip\NitroPerks-main\NitroPerks.plugin.js"
1⤵
PID:3804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
326KB

MD5
d54475cb5cf6a0a33319e0bbac0a2a55

SHA1
c4c95c75327978bf238da457ea4f94c148f80a10

SHA256
8d66281af694ea9a783574f859fede1f48406d6772611bcfb455f9b2536c25c2

SHA512
aa8cffd5ea13f269b9c34ca80647b7b834f443af850ffb3421bd7e97da165028821916b189400676d7c3b08177fc6796df05a66e03ee3781a99415112c837cfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
133KB

MD5
ebbd0559827fc35fcdc352c037be33ab

SHA1
dc4a38ba69a39d7f58ec60f8c97161549471f52e

SHA256
e5d36a1ef41535c152e3f8032d9348ef20cf8f12d8e57c6295b40974f430d55d

SHA512
a0c8e78319660a0f0f79abc2399950a66b535d4d298d9c0bae848d2afc4cf72c1f52b3f297be5a7d032a09171247475f804ebc95f4f414291da51c56269a2656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
78KB

MD5
35ac8d746a0fa733d5220fcf225d4899

SHA1
d2d48b84ea39c80311ff9b00cb0105550779a89d

SHA256
daa55bf9763539ccf9cf13f2e8a538276132e732073b400173ad0b156392a505

SHA512
cdaacff597cb6e937545777aec059e8fbdd05b499ddd1613668485ff193c71e39d12c50cc1537450fc688915e55397605d954b3e6dce34a215cd691c43a1b222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
102KB

MD5
e68a73eb9b9d72c410b746b1da127795

SHA1
1274027ec32771a21a8f0d3b5b647649528506d4

SHA256
0ea37ee40f2182d015f34967a7b56dcda9d24f8b9d0baabc6dd439ab57f6078c

SHA512
b43ea9af9abe09456fcfba1c343cadfd7fa14e7ce6acb1f96aef0e30c1b750c293199a727edee85cc56ca0c2ff4a1aa59ff924d986d7facc704f3412a877df11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
26KB

MD5
97cd230e0afe79db8d241c18ec989998

SHA1
1f25b14c67bfdc6fb29fca2ab62b1beb1babcaaa

SHA256
86a81568116ef8c1216e0144c994d12ef1d75da0ce046fcfc989b840950ea138

SHA512
865f4ca14c773b6f3dae083e10daea57c1088e1d6c66a7da7b764fe050eb6861562393cb31652e9be4e6f8d6b67e16076ed2ef5e26d20ec1764fcd437e54ad7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
878be40112e68ed13161e0d339986745

SHA1
fdb752b5573ec0257a66779960e54dd8a98ccab8

SHA256
f63dc918125d0982f9fb7d4fd701d0008eb418905a7203f73176bf0449729c75

SHA512
f2397150f7e02e4e5d34d41f6666495bed1d3d530326db76ec2df58b01b82fcd462711a712dfe6e4c5e9d98c8026ab53c92dfa5a702f587df6f0d81de89a0a50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ae98e04719a8993184081136f2228cc2

SHA1
f63af473308912c72daef47732df7208cf3835c7

SHA256
bca5c0b417f744c6c8f1a7055b581a1b663717414b417b1ff0cf52db4bbb9b2a

SHA512
99f0c60e18ca1b1be851fa131a61fb0924ce226b21ba6aa6ee97b5e81aac03909b456bc9851a87248e347a4625fd4df3f8910748f99b1257ff109d43ce4dcf94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
95f6c1330238b0091f5d0f997dc77d45

SHA1
925519b7c4a79f21841d9e2ebede2da2fae1372b

SHA256
b5873e81091ccf88d67bdb2dcd1b1ed310a3306e258b5ee4fc4ccfe32335fb40

SHA512
b1fb50797a5140fa6623ad60617fafb5715f3e6e2e9a16d2acc0aaa687dcbac09136cb6a62576ed89b43a73a0b001b556df73d62e7c5c38089f5140b53c4ff18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
d9f30a41ce40162faa22066df486e28c

SHA1
e74995100f225af5fd42c713916823e24d7a4d58

SHA256
b374ae4e4a5cfc7b584ca87aa9fc1c0869bcdc1653afe4ac91b61f60afc9eb22

SHA512
e43c0b879ca18f90f5571be642f9d2ed2e2d2d6499e5de998b52663dabd1a12520cd8946aa9a3968cb976f84328501b59edfc64d441c7cddb738ccc3e3ee25b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1517231278559dcf926006b7cfdb3c3e

SHA1
0944c7685df89eb30fed3fe313e1e0c6f93d96ef

SHA256
21c5d52442976a20d0d8d73b0cc6ac0cf68cdaf70d5d5f611762bcc2f1743e85

SHA512
c00f04fe6480671298341a1ece76dc1d68bb2141665b5264da1c30ba1b0188b42e70929c182261059f28c2043961c088f04fe2cbc124b99dc36da83a38a23d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c8470219c8cb91a8f1a027f47ec3450f

SHA1
5470966266d82103884a780026f354d76799fd90

SHA256
3cc793ac91780a56993280b1a6ba3b215e47b0eff4a1e226796c36032f57d271

SHA512
e9914293fbfeb775f32d4b23a62dcbb569866fb3508d9751030ab42b00f0acc64855f9f424cfd46d81797acbf9ed41a9c32d12e850fa9b71617093d3baa4812a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9341a7487df0a3a419d7d7ccf5345fd7

SHA1
691a8b9153fc39bbe6cc99c4a355907e25863d8d

SHA256
41cf4074f8f66855dd0979fd95f001c5dcaedd19ed71d54150f233210656ff56

SHA512
b42c39b4799a06ac6c188c423647d0bffc5378a2151bd63df3c2175fa49592a76413111241f363124564ed2e9ddbd1c7560c62b1f3671581800804db41451389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
048d418cd1915ff34284a0c1253ad87d

SHA1
f161696030a49ba1350898dea8ea6510804dd6cd

SHA256
487277a73c7c80184be1686659e15030e2a2db5024341c1cb95464b7a9d2ecac

SHA512
b70c9ab5e1b05c6a6216211ceb806a78419b8a109faf6cf648dc63c552afd7c54b15e09c536e649943da1f6e65bd6292b842ec474e2d6ddd66a699c9c232ec3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f363cabdf6a379db4431e8d6021dec64

SHA1
f17aac90b58e8226d4432c5e5945ee43bc60d075

SHA256
d4741f70e13395310ff540573cd10bba9a1dae7c0a55fb63a6aec88899b20dd5

SHA512
facec86367360a03ef3cb93db864f79354b125590d122660995eb0e5f7c8d12c87d947dbd0f64178eb9518ff2e028b859d97dd61a7e9172718fbdca43d0911f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9e54cccf38c8ef47115358e3efee93cf

SHA1
aac2750bc430cc52ac0673195552988c6b97683d

SHA256
a4315e49276c846639c3575b2e585b38ab3f171982e1611dc2f8e3490bf62b14

SHA512
797c84c6d30fcf61fc8104b51c9bf7ff1e1b1ac4faf5a91fd6e66c861f141e9ed415aa58ac97a551ce1dc365bf89f6518766ea85e061e6a94cd086ba7e9d19ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
14331f9bbca32954342eab73064f28a0

SHA1
36ea68d12c9da519fb5e5382977f51da6676df31

SHA256
5176d5ddef648599ae45f282e39ad81749c506db3578e13e577850566f73cbf7

SHA512
11e66fbfd47b82cd11f60345f0c5273c6f7f3c2814f39b05b184ffa40311d6d2d2302190b43eddce4327e7682356f7d4f8a2642b756b630efeeadcec79da5a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2541424edbe91cb0b5dc7b9d36d9d7c2

SHA1
cd65182338dd90e001a4901012506a03e8f74cf1

SHA256
8dec031b936f495a4c9396a8451a65132186f3b2186ff445b53eca9ae77a1271

SHA512
c9d18e849642882000a9702d29c0a95aafc73f11538a3e0cc856e87cb9b4141a00410a5dddc68cce2429c59f979d0f0cc16f35da29cdab04bd0d9456162d2921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c28e7be52e8e281353f471748c6ee132

SHA1
f35590911feb49ec549e1ce8e9f46a0f62bd676d

SHA256
f834ed05ed96a2db18f2a532faca6803ab485cdea8143c50eab7685829d5f8ae

SHA512
6a83501a9f72ebd9ef96dc7de8ef93db03f2c1d8fae9a5bed5c3e22d4d02e3801bc94a3637ec6655d720e47c608362601734f399e7ae38b1dae86b31315b46c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
473b5cfe1fa0c2ce47c3d334ca620ede

SHA1
d6d56fce4c72035bac7531f443fd6d56de04c8dd

SHA256
2de92d73546efef9e498117b7a4fa50970688fc0183c77d1a8b30898fc703dba

SHA512
02a13120deaa9f713d0ffe8f5a0707a93f804b34812532a80bbb9bf06ca017d65429df347b6b13eaadf602bcb464a78873d29eb274cc0fa499c054060b87ae1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
500bcf96c82becf0fe967bd8e8d3043d

SHA1
14b6a743e624a3d112ee38dc2e884b2a4492b344

SHA256
fc3b658f9f3b72ab4b79a534fdca299bd499f1bb576e3d91e164a2189d45d8bc

SHA512
212a797347e66a056128d262cefd467848ad38d50a1db0b55e851674690904119c734927b4612c37c1f483ca232ddff22ed4fc7984a4784b8ff9fcef678ce2db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
310f8ac4c644212693f038aedb5a8a3a

SHA1
a0063b5c9eb7251b5445d01b4af4b7a7e95bc082

SHA256
7a9328baef6714d099a8c96014be075e5332bd685c727052b248520e36f05654

SHA512
47fac27dba390cbd032cf3269e026969380789abea3532e4208f25d1f0720c8100ff4e7f03b0e786ca2855887042ab497a7556f096384df82f7c16cecd4d4f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4ab4e11ee52e33333d7e6dde15564923

SHA1
ff65caed85db71dc22a5d43152968258b9ecdc9c

SHA256
811bfc3c772a17ce5ed6c556646f449c323eae6f0a72d1fe4432684afb45155a

SHA512
6768fe7c7e49d97ce617ec82e0ae720132765fcd2c64654df43dba1c252db5d7c67703ea3b61d52bd2fa8d213712d4af03aa3099461b40db6333dd00b02f7986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
07c1cb77ad08cb4a44e2655080655396

SHA1
a1eba77560c463a7092ecce546eaabb8eeef7068

SHA256
9ad237859920a48f9c66c15b52fc44451474ba39dc49a07f9aa0d8a1572b05c4

SHA512
99e91872378da4d9c926c42c8074ebd0d279d3f3c837e399e0bfad4fb4f96ba5223f08d93347ef6c39337a30b9b408a287427cea85c43bb200e5f93ae952b919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
52799063c50408e64a2e8c27bbe494d2

SHA1
92ae6df193b78d8d3493decafa3b671e30674b66

SHA256
95d53d9baa6c5bf2f8bc3056b8ac99e8c96a3b386815bd93934e760a943b84cc

SHA512
a0656d477e143451def313236838e2413825fb34061ed6d4233a203be299957416c4544b0943cf2b731753831e66d222c13f8f9402ac1325728a3571d30e83dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
3623883bb7f08a3add32c508b4d7eba7

SHA1
f23e79a8df136c845782c4ad61d8c39f3429b7c5

SHA256
94dec56372dda4427050ca5dfc710e87eec5b3ca983ba297e7d7b61268c75e8d

SHA512
d0a4957fd1e40775856d286b16a666a2dd12dab3ddc92265422df4d077844cb0293158864a6d0ee32d6ce86d2f5d8574f5260e5c83c810f8fb4e101a301ab574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
f576bd3d680d65ec8c661e5dbf78acf9

SHA1
255349c6503d9e9f387c0010452ab0a276c44fae

SHA256
92d20ba4be1059a0254f3535f0c8a57dd96745f79de062b0a5ad5863d5e7805e

SHA512
8563b15c2d251a76048dcdd0a79a2df3fad07c1b129c243b32bc874dc5d7afb59c46e367e8bc03787d260aae573520ac1eae0d9db8a914fe608eee775ab0dd00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
ff7af5c75427e2e8e6a3fab2954260ff

SHA1
f3923189c7e049687685efc380577ccb156a1e14

SHA256
aeef7c41da4e7365a8cd44949b4036d3666e5092d60bd5c9444d0dcae57de0e6

SHA512
26ccf420109d1b60701610daaa3774a7ae0d3e04d257342ff7b5095658751f99e53ae99ce82b2b903a0595dd61f37bd3efb6c72cfdc86b5507d0b726f02b7184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
56d622ea0039d4c3cdb1eada75e55f79

SHA1
8937694a15c3fc6d61b8748d5b09239fff8bbeaa

SHA256
723a2ad74aadc8eaf75df5ba9f9a35599b4c54a4e872d7f59c0c3309c0347150

SHA512
ca3c68c53fe8549524718bde12f6fa0a7cf9034f9d0e568001595c78a4aa4098cb50f39f56ab29169983de0111d0b1db965985f6529f3ae678efff28ecc7a708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c592.TMP

Filesize
88KB

MD5
68ccac2cb0c8aa0274bc4113b3f914c5

SHA1
48be21beb5e1d2c84c11f5b2d6e32608f40e378a

SHA256
a427bd45d4fd432acabe5d514d598d8331f6129eddb53bda983e3439b7782389

SHA512
2d12ea600973ac4bf2e5ffdaaf87ec814ef9efac28761f6f0ed78250a19b7fb10ed06ac49b60c8935202ebb60a93dcf7922bf60b075d209c19fc80867bfbcd4f

Download Submit
C:\Users\Admin\Downloads\NitroPerks-main.zip

Filesize
5KB

MD5
7c6431d7acfebe58cdb40d3014f84826

SHA1
513d8781727d7c3ca052a8786a365e70015b7030

SHA256
0c370d798c6b0cdc2810b4950d7c6c7ab068c8df2033f8d757d84eddcd6e9e5c

SHA512
ebfa75259bf4744bb38104287c347f08981a84b6674a30c9b034a7675603b79ce2888932c979ff47524934e3f9651c5c7e5686c6d84f153266a82f46f25870d6

Download Submit
C:\Users\Admin\Downloads\NitroPerks-main.zip:Zone.Identifier

Filesize
163B

MD5
576e4061d576ccb2cd35bea0b0cb67ef

SHA1
22f9c0ae0aff36fe107d425ed82ccf1c46e6fe98

SHA256
2dd3197351639ba7f146d6071b4e3b3dd6cedf235796146f511b793cd9660c27

SHA512
ef25e40021e465d94ca9f2612d680dde5a19ab8aa00aea8758738f4d440916ed36dbb859fb8fd3d9182a040d3cef9dcc05dab78bd0497ebf5fd583d1d00578dc

Download Submit
\??\pipe\crashpad_2008_NTVBMXNOCXSGMYMK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit