8a529cd02209d5677eab00abc9f0b89f6d5f32b25ed241811afc9e8ac030ea5e

Analysis

max time kernel
144s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
16/03/2025, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Custom.dll
Size

2.1MB
MD5

782156fe045e36aa35a1089ed5521b08
SHA1

fb8a0e981a63dcf82fa591ba752df78f71dabb04
SHA256

8a529cd02209d5677eab00abc9f0b89f6d5f32b25ed241811afc9e8ac030ea5e
SHA512

74f1c4eb692647fb5a633a9ad7b18940dc9832b41ed7d9b553769b066027da12026f0ad379868b65067cfb055a8b5070ef1d4e17272d1436d53e87d1176b12ec
SSDEEP

24576:juILGblwKgf70b6sAUmLuBUJ/KE/dFdy8goDSGIt6:jwlS0bBmQKRynqS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2324	REPO.exe

Loads dropped DLL 3 IoCs

pid	Process
2324	REPO.exe
2324	REPO.exe
2324	REPO.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	api.gofile.io
21	api.gofile.io

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133866240750052118"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\R.E.P.O.v0.1.2-OFME.rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5252	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 5500	4352	chrome.exe	81
PID 4352 wrote to memory of 5500	4352	chrome.exe	81
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 3116	4352	chrome.exe	82
PID 4352 wrote to memory of 5148	4352	chrome.exe	83
PID 4352 wrote to memory of 5148	4352	chrome.exe	83
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84
PID 4352 wrote to memory of 4800	4352	chrome.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Custom.dll,#1
1⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8228fdcf8,0x7ff8228fdd04,0x7ff8228fdd10
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1784,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2212,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2236 /prefetch:11
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2360 /prefetch:13
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4160,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4192 /prefetch:9
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4620,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5208,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5224 /prefetch:14
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5432,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5444 /prefetch:14
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5808,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5924 /prefetch:14
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5852,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5736 /prefetch:14
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5880,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5708 /prefetch:14
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4316,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4760,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3264,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5616,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5320,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3260 /prefetch:14
  2⤵
  - NTFS ADS
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4260,i,10384862919188082781,3128419022525505216,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5860 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5252

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5736

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22848:100:7zEvent26491
1⤵
PID:3272

C:\Users\Admin\Downloads\R.E.P.O\REPO.exe
"C:\Users\Admin\Downloads\R.E.P.O\REPO.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
69c4d2aa057cdff9b8df6c0a2d8a8703

SHA1
e1d7107e671dfa9e782e6000473fbd39e9363748

SHA256
6a7b34b36b2135d819d2fe3f6162ae030ea472c4fc76433b961b89b4973f7d9f

SHA512
807af5a99394425bef7f484f5ea5bf4b2a172b65665bbfcc9a1d0a32cd60418ca0a9b3da853a8077a02c587122fec5ebd1e18f738fa30d565b6236f8f3cdea1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
2b10e6bb211bea8ead7ab4d61d1725c1

SHA1
f9a710550ad0310233b923ba1ff82be78b4a5d21

SHA256
6246b85e6408960f576eefd65fbb04dbb1f12cb53bad7acc976c25ab0def97b5

SHA512
3b080a0472764670223c52e6be2c915d0ba18524c4d932fa5e6da3d1c81027221ebf93d0e89e5ca3930e1a449820a8095ea18c0a56037cba811754164a6d3eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
21e9d56cf0edf6d40498d409b66cbae6

SHA1
3d96bffd64ec6a1da41a0bc5e47c8d38ba80d7d8

SHA256
78303f615387a604f5bfe8fc15e8d236b00213e8339b0af488d4f9386eaec508

SHA512
ce0e169bde73cfd1c0e4185c9c84db5bd4f369ea4b98433175385fabe9a04331167b2c6dab1515eae6e7ef3d8bdaf22e5b5032e959b0b74bf27555a0a2b64b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
399894fab3f45a1eed458f5577b8b619

SHA1
d44d0bc7b2a460d3d66324ede28be66e0070dc1e

SHA256
d8da7a1276e2e8f055cd1b55408683ce267821354d30e2e07877fced4bb5784e

SHA512
f8fedb1085a70b38c9caec1eda5f147614fe06fb39c5e5c1245c8dee240c1ad02af86e4326a9e98f53a26ca0713bd0467d0d3093af002493d325c4162c8cbd92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c0af439c8e181b57f4eff8bb670d5c0b

SHA1
be1b044db9f6adc59b1a83e3c246755ae966dc7b

SHA256
bb6f2c9f437641aacfaa5b8260c1d45929e6df96992dba492b5bfee70a2b1564

SHA512
4d5546f135d84ddcf99a45bfa85766b1e3ad3f2c1a276f7e4b5f779344a656b9c880017094510ace199617adfaec1bae0aae7e82e8d2fd36d5bd923e32a71eda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bfabc8b0b6addefe472aa3bd7e3d0343

SHA1
f7dfc692ac0141504ccbf219ae61cee8944d2d7b

SHA256
e3872138a16910eb377b670b32293be7f126f756fa52b9f85cdf43340ee4d9f4

SHA512
3d6181c3877e34ce122017c0b35ec3dae8bb73097122f89551377fb370ce422104bf3a1380a35f1837e6e1b5393db4014e2c59938edcef2c8671a49c0361dec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e68bcad3ea2a0ee9b2e0c055f47f7afd

SHA1
26b065ff20dc850cca3e2ad83398e99953adae47

SHA256
229a5425b0629036427070d331418f3178f6bf92b0aa5a6d74ee5e3208d892a2

SHA512
142aa895e722e385cd78dece47da08637edeac1ad8ba9d4894e8d4d3755f87e541097cfcb784b34447e759b3b5b7a95cdf3db2885c2eda56082e559019a7e746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1829a70334ae9fad72c798a4d609f599

SHA1
113d3113de89bb14dbaf2dd93df62579665fcd5e

SHA256
ee90c5497a5eded9f14a4bf8eb3f22a75db117428d0e2035bfbe1e371ce9ec12

SHA512
446b4ab4e031b1072a6374c8cbd0949c407eba631030f9e47e48ec0ab73925367e34cc0e07ad451bccca70bb2aeae2e51fe4118975bdba7e1340e9193c2c3367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
10fbd1709144311628ba163e64e153fb

SHA1
a678c78fc33a8d159d7aaf19b61d2282ef950de3

SHA256
ae0be3dbf7c54a32f8c4d6064ebb6ed4716c14e32458c2f92da9c3bb0fb2eda0

SHA512
9aeb69e5ea46ccac2c9fe8ac2d440419f090f5e39916b780935303619976205a768c119af4c2b5c92339a6e02380e3410d86e135f30dfda5dc0158204e4c6fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32f3d680108bb5cb189ed0c49a8e4cc9

SHA1
b6905fbff8c58c97d8c9beec086138a7b1d398ec

SHA256
ba3f44c5c8ac00cc0713d050189cdc904f1074c3f669813bc44f7aedfa11da4f

SHA512
3abbdd8ccc3ea551c1928cafd2b328b84126a7cfb9f24b43caa5d51c46e0755e96a615e0618f18204fe6afbacd063a073b3e7be38f129bc1c5682c0c264b1a33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3b1e7ad8a1483475d5fe6b3ee2616848

SHA1
7805a79bc4bfc926628a4ba5b3865df9bf52bb6a

SHA256
b98a507a709ab2c2ec947e0b4100c50b6b24f1d660768b9a52c3a134934292ce

SHA512
eb93b450f671bc6b27696ad748e05e8fd1c68a91100207102471d40a9fe62622f863e4e848bcac66ab9f4339b213d67e0ad71200a80541dfc0462314825aa96f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
31bfaf7385bc38a87b9cccc8a2ef4b9c

SHA1
c9e9d3eddcc2c097de4b38d4fe816bd26f110ea3

SHA256
cf93e3362f1b1b106fa9a97b11c318a8fbf7ae64005c1b52f60069a212c67056

SHA512
bd4ae0fd48a063e16487fd805772234e73c94c48f01e0f2a281ed0725628203f7cdad38b4862f72ca55d5ad65e79864b35507b322e7c979a9372548f366ec159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c498.TMP

Filesize
48B

MD5
11f8677fb64110ec485f38dce884574b

SHA1
00377fef08c4363e0ee89cd242354d2b9759025d

SHA256
2df5b17dfd7e97b400da90b423ae6daee447fdbdf35078f35d5243ac94522ac5

SHA512
a485480ede32e0a9089ba1426c4f0e4637e1ad1fb8918fed094878342bb758b0debaa7a49fd587e50fab3d998d55f5461c3c4e5b8174ff675e19a595aab567ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
9fea7a58d51f8be39036e52f871b861b

SHA1
6d69ffef7b7466793e27da37c049e67823f2a725

SHA256
f46962f5f2de5a4dfd8d542f5a794ca188ce696b0ec23d930af0af5f0745972c

SHA512
4d46a96d8f5737a0f0430ce43f5ad801f900ee4c4ada70ec817526ec45f664eff4954046d22b033636bdea0e7d66af49ec38e3838a8369b76b60c61e9563608a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
a66f14dc0a400d8020797ebfded82156

SHA1
d060b492fbb733eff72f992c4f54fff77bc202ca

SHA256
1993cc347fa40e2e73503df3e780f451f07b97dd66f67aea1dd8462ed1944b3c

SHA512
19592c1d7895f2374d7221152e1e5a615384d0a5423aa21cd8a565eff3a4a1f429a0038a3286ea3dc0799feb72917faa8a6d5c1fc82a68a10293d00ea3e3fd62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
9441809a8b05070d3927d39942b47de9

SHA1
d4a89916d021d15e7fb61a616cd7e44abae037cc

SHA256
ed8027f79ab402c931ace2fa4a0fb9a0f32f543ff4f5bd185021108455d03d70

SHA512
225a09ea5ab7d2db29ae579d7adb6599a825022dea2615305ef769548829a066716fe12662a189725aeacee628910e8f581f937b84b8dd59cc3d1f2c8461b711

Download Submit
C:\Users\Admin\Downloads\R.E.P.O.v0.1.2-OFME.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\R.E.P.O\MonoBleedingEdge\etc\mono\4.5\Browsers\Compat.browser

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Users\Admin\Downloads\R.E.P.O\MonoBleedingEdge\etc\mono\4.5\DefaultWsdlHelpGenerator.aspx

Filesize
59KB

MD5
f7be9f1841ff92f9d4040aed832e0c79

SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae

SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

Download Submit
C:\Users\Admin\Downloads\R.E.P.O\REPO.exe

Filesize
651KB

MD5
37e2e7e012343ccef500133286fcbf27

SHA1
4b7e66039d04b14ddcfb580a6e6a395ea52222be

SHA256
1643ff9ed131adde7a22363f26d36308b4b4fb8f9ba61e5afce3b6803c5cb302

SHA512
418dcb69e506f42248c00459eb3fa5a576006fead83cb5372e5710a8e95265654c316bbb314e4b8afa69e393a7cdf01219b7e17095d1990ab418f0aed68c687e

Download Submit
C:\Users\Admin\Downloads\R.E.P.O\SteamOverlay64.dll

Filesize
114KB

MD5
0a5429b888c75f6525e1100e32dd2b69

SHA1
8ae224580aa0838a7b1570c79d4d8f27a1b46d19

SHA256
f784b4b85b627c7ea541bd2a90c9fc6e9736a0731707c31265aa86fe684dc2df

SHA512
5f77ac9619ccb5baebabb2e406ce265148ad18c6e1162c7d4c3a5656f38abedf90f756a829da856312689a738a3258382f37a279843bf7db0c14ac953c6992ef

Download Submit
C:\Users\Admin\Downloads\R.E.P.O\UnityPlayer.dll

Filesize
29.5MB

MD5
b33d91200048e718c7207367f49d60fe

SHA1
cc95b2632f33ec9a533852df3402c58ef3faf0c1

SHA256
4b34672318371b54be9d89c9482a91ab3d26ae5d209935b8ad5919e00ec4f1d9

SHA512
edc94d2deab48e3aa57566904ebafc7082d63f14901c36067783deb10538e74124cdbadc72d40ec3c9db09c9e1cd27b18bdfd1969545e2607d34d5d12ec1d220

Download Submit
C:\Users\Admin\Downloads\R.E.P.O\WINMM.dll

Filesize
512KB

MD5
e59aac558d9f9c5d1312ac24d09c51d5

SHA1
2f11c4b00f5f92d4466348f9501aa657c9bf6fa7

SHA256
ba37009eef6c041bc6d0a271c13679fb9e14a005bd7e038cee596cd4064cf8b3

SHA512
1c3b357074d62d5ca11c92d71ffdacb4a7e3d6fb17cbd4b489e5bea0032cea43650a6809388e98e4b98256b477c6b5dbd8fd2c7f4e3e08af00ef68e0ed4406d0

Download Submit
C:\Users\Admin\Downloads\R.E.P.O\dlllist.txt

Filesize
139B

MD5
7dd443df8404c42b7db22908ad5132b9

SHA1
302f827ca20c8b4c7d71a466907c2421661429e1

SHA256
4b93c54c0d588197645352d11ebc066f6f8150a2826ed04c1525ae865ce00153

SHA512
a5be18614385400aadc57c2bd09760ac58a367b3bd1643b2e4aaa2db5426e5fe806a5428568fadc896243f65f7391c12f71b83475ed6db9ad175de6c3ab9f530

Download Submit