78fca73624584a0654fd0f5ffec1a221c2e1ce422c6de8595e7bf5822000073a

Resubmissions

03-08-2024 21:51

240803-1qs1fawfjk 10

Analysis

max time kernel
134s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
Size

1.2MB
MD5

0255b7d6d031f790d7337688e6dd2030
SHA1

3257160d46ad68cee9e50c4e642220425414f199
SHA256

78fca73624584a0654fd0f5ffec1a221c2e1ce422c6de8595e7bf5822000073a
SHA512

fe7d66c5b0fe8081b3a89198ecfcb9c38123800b60d6d1b1c0c6c958c6deb549dfd2f19038d05013bd1f0ef8d8e3a080013c959866bc50aab33f538850150c24
SSDEEP

24576:vIrD450Q09Pmt8KYfKeskLpzbBSo3sYDSR95bJ7:+c0nPIrNKV9m5V7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133671955616985462"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1488	Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 1896	2060	chrome.exe	103
PID 2060 wrote to memory of 1896	2060	chrome.exe	103
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 5032	2060	chrome.exe	104
PID 2060 wrote to memory of 1028	2060	chrome.exe	105
PID 2060 wrote to memory of 1028	2060	chrome.exe	105
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106
PID 2060 wrote to memory of 4364	2060	chrome.exe	106

C:\Users\Admin\AppData\Local\Temp\Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4344,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:8
1⤵
PID:1244

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff85753cc40,0x7ff85753cc4c,0x7ff85753cc58
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3360,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5136,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5292,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3252,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3268,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3536,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5564,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5744,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6032,i,5830793595693338505,13304370008358030161,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:3536

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x2f8
1⤵
PID:2200

C:\Users\Admin\Desktop\Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe
"C:\Users\Admin\Desktop\Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
8c22ea3bea7a02b927b1ed442bdc4acb

SHA1
bb85c752a2ca69d465164271a9fd2f14baa35d34

SHA256
03935feb904350fe35853527f818ea7eb3caeac13b07e7756f9f2591dd6b185d

SHA512
4c722cd623fc36e2985220c082dee0215df94293f548f9b3e7d698a2221155e517c187c1ff58ce610ffb454bc435b8a5e4fc9f2aedc2eecc1c03520afe52bfa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
738562b9fec22fd14ad4266179b0b4d6

SHA1
bae99dd153b51543bb2271ab18165544fa76901a

SHA256
e864b541dd04007db7bf30c2bd5bad0565d80cc631212915aaffc4989c92f705

SHA512
f6f2810889e45af496327c72f90fbf01c3aa5abc4df559426b09795b490fee3d0bbf983f6530793a7c3c22b0420aedf28fb1ee34586ac38c945fbbecc0b7c188

Download Submit
C:\Users\Admin\AppData\Local\FLiNGTrainer\TrainerSettings.ini

Filesize
37B

MD5
a733986b23235e9df2ed8652044f4718

SHA1
a6b37ab6584096eee4e0bb79013773eb752bfe83

SHA256
e34c9e06cdd656e5b901c1eedd6d28aa595ceebd80e3c585218980fbd5a9c473

SHA512
635f58eed8f3af8e3b167b9b7825589e17f2aa638449961a11c4c54538c8d262fca7a35001dc3bd1a86aabe7030ddd03e66757aa6b3882ae7c8f99c8aa3389c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8c10e333fb49710597668e36abe25e7e

SHA1
a00c35444be1e9702f14f5024562017f45f4a9be

SHA256
724da03f426333b7e1b411bb874df99202190d80935dfe9b1a5f6aac26cddcb0

SHA512
c1adfad9c5318520a6f1732e86f92bc4262ae5b16fae3dce26a273edd18830d96098f499f605ccb22d4d4edc201c873d9751d0d3ac03c7929a38fd6263a71fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7512c26143df20b84ccf237643597364

SHA1
5a52bc9e5e5bc51efd694cff90c65df92c3b93fb

SHA256
dbf7551a217f44394ab1d1234bbe82ad89867ff9baf503d859948ac850bdd00e

SHA512
84d578afc39f9cb08186128847c14c5d537675848ca67bac2962a5619688469943dad4dd45ed2b09364c9202178486e9b4bf4631dcef168b75bfcf6dff06f040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
98e00a1122f7fff2a5a47f18ef72edb4

SHA1
9001b4e5e5f1bda3fbecb4a730a061cc2f75277b

SHA256
44c889a14e10bba33a9ec7f63d7dedfbeafc7798dd17c3151d4ed4a3ce625e04

SHA512
cc38617bf4bea0744890038e9ce8b32eff0686bf5159ba99dec91e6c8215636d979f3cc1afae37635b9fa14a1df2ff21bdf14b9cb92ee203e7b3a510a422b976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
bbf1f6c5d97c200cc33378eba78714b3

SHA1
120a7f3da047a6a5bac65cc25d15c7794e3fe907

SHA256
eca818220780ef618045de8f2a552758eb59b89fee7e734abb7a7800a2814ecb

SHA512
69886460def8365388acdb3d594f9c6c06f6c2dce712b0695ac70f83f72a866cc1abf58317c514e59c89abb6f44b1ebb05febfeeda29bb15b9d371237d94238d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
f1d4e95cb3562ff73b81241eebe65ead

SHA1
1a57120d39d76f03306917c25e896a35509cf904

SHA256
c6c3ac0b8cfe6ee04d0c6ce33e53a6fe2eed53202e82ea3869602832095345e8

SHA512
da9a502c02345033a9227f3ee645d578a5a7d9ec08eaae425194d4171687bab5fc535f7f14ff2ad57a39b13e9b1857ce235998676bc8959a28abd2a8d6a61bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ae311da9def9eebcf9abf77357950be4

SHA1
2f6fb4e69c5e44b98c62dc2a99b712746d47bd6f

SHA256
06a88f6c8451bc6fb5acd428cff37516154c9b2c50ddf8a8a8a8ecca7f03003e

SHA512
223f76f1520db9e6a6733fed4c2fd0c2742a97ea52e06e5252f74962aa640eaa43c3b2c2d6c7fdb63eec55a0147a2c189e769da8b66112e44aab9593778a0ad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
599c3621b75ae464a1ae0f029b96c30e

SHA1
65261ae4e7228f53e11b234b060ccbdcb1c97e8c

SHA256
533732631957a4dc6510b8b264470a341360faa15d9d3bf0bf91cb2d594e9ac7

SHA512
ae59de71e24d7f74e0da8ff02e982aaafe573baa38a26925c4087a26d799d7b3d219655fd58509115848978bdb93ebe4f1fc6ef9f635d665cb1fcdd595f4d68c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2e1cf62044b0dc50182f05e2e437ed82

SHA1
e763089eb66c83819d786d37207824d61b472cf8

SHA256
f96c0223eb23963af2ee03c5010c327291f231b372133aafde56db41220a7c89

SHA512
b8932beac4d6500473110955f3bc8a2b9262aeb37224a980726cad22bad315c7ba0c4cf4400aba0ef0950219f7e2d84b0110d3d74751d5b0d3de94c1c70d41b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b21ab992a0cc12e2b49c769d43b9316

SHA1
a375c093d9ebe76e62a6902ac888e12ca60a7331

SHA256
c127a6ce6ddc8c67de2ae7455ad2f511f68b70247d10c124a466356b67d1bbcf

SHA512
e9d26cdfdec62128b97a466dbe3344bd1704bbe2e6dfd8cf64a9b3f6b1f8d3435209e4639d58c14e59f513d5bfb2d8b6871e4cb4c534d50d707c0ff314345d20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
edf34ddc859d7060fc43f0b63b103344

SHA1
2349663a0046469ddcf46f56a433dbf26fcbd574

SHA256
e1dc360b6f0c606478b7dae91a633dedefe559e186d7572f98fbd570ba0e3356

SHA512
0430780a3bfd2877a0e5f734794dc4c46ba8202096c530aa72c32f072517b309d7de81890b32b0917229af1a444461b24ce7819327f9f9572496453e690ed2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
259ae1fee15c7b50c7f90cc10eba37c2

SHA1
ca1a9b6101a909d63d6a4726253e09b110499a46

SHA256
8f6b3a8128e4552782bd07e44960a66a0077e131f3e2487cd642f467dc2a6999

SHA512
05af497cc853820b93ea34f4e5271826d37f4e1142c7f90f4cc0c29bfb911e5e913769d5c18f1ce75a9a3746e4702d2391f0e61409aff2592e500e47dcd3080c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0575649a3c4c42ab7dc666e178342cdf

SHA1
f92c9966ba89890cce8d7679a84dec9f23160c84

SHA256
b9b819db73e491e4f137c9f8bde6be00475383b5946a1c6dfb4ea8c8620f1699

SHA512
056a8d2c3621828fdd4b36faa258c145878658fe7fb1874f4ad44ae604f3d9d111abac2c31ec57ac7ec5c028444d3f4c16e490f4524ead71439bc895f7f61d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b12b9fd37764ce7ebfe4e5342c520463

SHA1
0ad5f533692b94a04f06ca7d360530a0c295142a

SHA256
2ef477241c5f21b24e1afc345ecd689307e7238b2d7f41aacabeb2b56017207f

SHA512
db6291aaeb4da026534daa73554dc913dfcf3413e9713030706e0ff303797af90c1e839c7c7d18078f9df291cd2ed46cdb26ff2ef06ccc2265312cd1d907ffd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e3dc6acb3f15c0b3b2eb7869708ecb28

SHA1
8563d3c3d3777b163f5df023aa82c31c3d431ad8

SHA256
e92dc38e9710361f486457822dd783f0e280ed0c9c11506c8ba852f71cab429a

SHA512
60519c7986fa2e4a978e8722a3580fc473a81a0a4fd0db9717235511ce43e070f255042c90c0c35450627c9100cd941151f9ad86b0e2ab10e27b1b823f5c017f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f44134e5e22ce802b31eab30f00ca5aa

SHA1
37a66cb61d8c46c57aada9784568c6ac0fc2c9ca

SHA256
53bbe39b592cd9dd466aaa0522cc98891f4d4b564c9f886971a5293d897dba6f

SHA512
3e0d44a50d66bf06cd932a44657fb1735491d58246a4f04f15ecd735ce81b6cbefb2cc4d12d80f3d34b3d994487da37bea702cdff7e1971635c16475ac277dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
62d74e8596d572a761756877e17d2282

SHA1
39001972d396bc88cf0bb5fb52f8a72afdc1e941

SHA256
8e0a21d19dcbcb2dcad0bc7ff062caeb023beba270b695c81c6f740c2f6b2947

SHA512
a036b954e3450c03ba3470e889781215aa133af2e06d0343bb111d9fb42c2c221a526d06f4a91ac73f29419f74336cf257dd7c8df211ffc60c858b0abf21a071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
b2a9fcaee53d97e23ebb2933ebae7da1

SHA1
21b878c989dd7ad1836c1df639687e5a9c6d7acb

SHA256
6ddac7e1b1212a9560201e05393688f4bcf5ba4f93aa75d0930848cab5994593

SHA512
1903c8b90f9951b781f5a329d80f2edc4173c3fc366a6087c8e952ea519c6cd57000d5b673ca57d10c0a651da6274dd1b99b49512fd449a166d02722a907c8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Scarlet Nexus v1.02-v1.07 Plus 16 Trainer.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\Downloads\0c4c595f-6cee-466e-8222-30b41d67a5cd.tmp

Filesize
448KB

MD5
263f8c812617961e7115aed5fdef0553

SHA1
39e08104be84ee6de09598d3640f29bca763850a

SHA256
5e9b623490c709ef9ea59b276e99845b404cd5b969a51f86c9472306f3858785

SHA512
9845ee9ade453385ff2e34358687ed9ecb5b2ae6127594ef0e8510bfc93091a58e18e5f36f4d18334d0029d36c2c00f7e0ea1746dc075b6dd664e7bd9eb1286c

Download Submit
memory/488-28-0x00007FF857460000-0x00007FF857F21000-memory.dmp

Filesize
10.8MB

Download
memory/488-23-0x00007FF857460000-0x00007FF857F21000-memory.dmp

Filesize
10.8MB

Download
memory/488-24-0x00007FF857460000-0x00007FF857F21000-memory.dmp

Filesize
10.8MB

Download
memory/488-22-0x00007FF857460000-0x00007FF857F21000-memory.dmp

Filesize
10.8MB

Download
memory/488-21-0x00007FF857463000-0x00007FF857465000-memory.dmp

Filesize
8KB

Download
memory/488-1-0x000001C1159D0000-0x000001C115A0E000-memory.dmp

Filesize
248KB

Download
memory/488-20-0x00007FF857460000-0x00007FF857F21000-memory.dmp

Filesize
10.8MB

Download
memory/488-8-0x00007FF857460000-0x00007FF857F21000-memory.dmp

Filesize
10.8MB

Download
memory/488-6-0x00007FF857460000-0x00007FF857F21000-memory.dmp

Filesize
10.8MB

Download
memory/488-5-0x00007FF857460000-0x00007FF857F21000-memory.dmp

Filesize
10.8MB

Download
memory/488-2-0x00007FF857460000-0x00007FF857F21000-memory.dmp

Filesize
10.8MB

Download
memory/488-0-0x00007FF857463000-0x00007FF857465000-memory.dmp

Filesize
8KB

Download