hxxps://drive[.]google[.]com/file/d/1ZzspVKIRPzcvTNKMlktTOBzJs1H0pJ_0/view?usp=sharing

Analysis

max time kernel
350s
max time network
347s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ZzspVKIRPzcvTNKMlktTOBzJs1H0pJ_0/view?usp=sharing

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3256	Flowframes Video Interpolator.exe
1556	Flowframes.exe

Loads dropped DLL 2 IoCs

pid	Process
3256	Flowframes Video Interpolator.exe
3256	Flowframes Video Interpolator.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
12	drive.google.com
154	raw.githubusercontent.com
155	raw.githubusercontent.com
156	raw.githubusercontent.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Flowframes Video Interpolator.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1372	msedge.exe
1372	msedge.exe
4504	msedge.exe
4504	msedge.exe
4000	identity_helper.exe
4000	identity_helper.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
5936	msedge.exe
5936	msedge.exe
3256	Flowframes Video Interpolator.exe
3256	Flowframes Video Interpolator.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1556	Flowframes.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	3648	7zG.exe
Token: 35	3648	7zG.exe
Token: SeSecurityPrivilege	3648	7zG.exe
Token: SeSecurityPrivilege	3648	7zG.exe
Token: SeDebugPrivilege	1556	Flowframes.exe
Token: 35	1556	Flowframes.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
6052	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 1472	4504	msedge.exe	84
PID 4504 wrote to memory of 1472	4504	msedge.exe	84
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 2408	4504	msedge.exe	85
PID 4504 wrote to memory of 1372	4504	msedge.exe	86
PID 4504 wrote to memory of 1372	4504	msedge.exe	86
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87
PID 4504 wrote to memory of 664	4504	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1ZzspVKIRPzcvTNKMlktTOBzJs1H0pJ_0/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8ec646f8,0x7ffd8ec64708,0x7ffd8ec64718
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6460 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,14748367965092805951,5378780252242986962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4192

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap1531:92:7zEvent20689
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3648

C:\Users\Admin\Downloads\Flowframes 1.40.0\Flowframes Video Interpolator.exe
"C:\Users\Admin\Downloads\Flowframes 1.40.0\Flowframes Video Interpolator.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3256
- C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\Flowframes.exe
  "C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\Flowframes.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:1556
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe" /C python -V
    3⤵
    PID:1184
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe" "/C" -c "import torch; print(torch.__version__)"
    3⤵
    PID:4380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
a5b9da0a093993bea14e3f961f8c081e

SHA1
b1e70d1251908665e7f1cbc9405ec297250b4d92

SHA256
b085f2d39693df20a2e2f9f51c20f4c6b10e578e93fe0cf6cfbafdb486f49d56

SHA512
60614d17a51f26fb5d62712da8e226fe092ac06f40175dcc6482f60775ae795d1e601742212c136ad3dc7441506c3e32fe64724c973ccee7fe00898bf8cbf555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
29bb26dff6b60419ac04e19ecdd3a948

SHA1
9f0e2f053318fb0a043788a2c412ae75248fb47b

SHA256
3dc2f7acdbaa37ee460c262be52a1d495795b818c37b6d224ba197cd665f7332

SHA512
9b464c1a18ef95db5a6dd203e3b95617de287c7db60cacab7c424d0bb5b01918abb928b9825426185ca8f2ebb60d2d819034a9b0fd1946d44c43180c05c27e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f1e520fbd12518582ad74c3d17defa55

SHA1
3070c85b33662e0761849e0602421a639c7890f8

SHA256
a219e694ba5185aa9d3eb9751ad0b5b5743a957fe96e1ce2634c0fb1db8e651d

SHA512
331ac57771af725a5d8cb810861e5c3a8e1bcf0f7d63d531445aad678e29f93814c63d28fef37a4109b185a277bea18f83f91ec41bbe8754f49ee223fead678a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
220c9357c820f512f99c04482cd9d0f2

SHA1
cf96f0ff9a6de786338cafc6fd278960e53e1a61

SHA256
73d6e48ef6528b244e693a654e33999b30f59bc092792196724ffc9c72255c73

SHA512
dd7d669b3570d94dd646a0c093d12dae876444e93858aa3b6aa10d141baf2bbfcefa36ba725bb0399fa7f9de7785f8f7837bdca2a642b45f402af7063a012470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1d646924d00407695bfc38594d44ee49

SHA1
20b10feddb870249c5ba1ffa55c7e1b9a2a75314

SHA256
1dc3369f3bf94b55b88848d4f950ce3dc953d0808f4d9f32607f1c97bb56c4c2

SHA512
e9fd239f4cd1cd1145adad09be7b3835ab1396a09edb7107a7a30176c197f3f8f2363a1d3efbf76de04978994bce64da06119695cfa8a2d048a692d8dee34c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71c5f1c701841e6391a97f0b59d70c13

SHA1
6396ae1654c406df0341882aa92e9873d21e8fa4

SHA256
2eba01d05eaa282ccb7813da75665ecbec4e8970567f9b73e3e01863a876089d

SHA512
5648befe1a7aadf85a61c89076ca0e71de58f76742688f96bd47cc1c02216cbe39e5f7b3cbbda01ae85c2a16119852e9167fbe88e0e6e3471dcf81d1f23dce1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
37a5d85447a89e41c061c802dd6964ae

SHA1
1805a4be1ce0d2e6fa0cec1dc10ade05fa8863ba

SHA256
40fa750880db98bca7ff4abc72d53ddc98d070aeb8fa452ade34e7d6b960d09c

SHA512
5102fbbb49578dc4014ca9a57c77a974d51367fd8e45fab8a2951778ecbb1c224e3ce9c65c8aaadd9e8eb57480c3878d5efd7d422cb8ca6011569985ce741ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a225e2eef2904a8dbfa4892412a2d1bd

SHA1
f446b5eb14af18d53b1b2caa2f06087b36ba6ff5

SHA256
7800464ab078bc66cdf6d3d6658bd368cb4cf3ee9b0043d97b20bd2a3ff27a87

SHA512
c216e8d6f23c1313d85d5a2fef3c6a1299592dfb7f595413826592f06b7ce2e8e63f0a8a507e39d99497a3f3c06d94f6e1cf5626fada97bead4034321980bf9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8b3638d335e64ac927700535e454b76b

SHA1
b8afda1558da31bb502761d10c186822d4f9f5a5

SHA256
a6b7d95e671d967c7631dfd00d9fa6fa5f0b8413f5cce37c3c5e8229fe4a7c7e

SHA512
e9dbb2dbc2ed314fe58e84d119b06db3fbf228a87158035923c1cc0cf0dfec2c7fe5ed7c6f027dae42035500ed7607cbb8e266ac8beee1ccb0ee2ea81c536193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
27c09055a8d24b716fe9a3f23d0cd8b6

SHA1
a67e87bc74747b6cc1540cdd7dd38f3af0210893

SHA256
0ed63aca8465b382757bac397379c0577366e154b434386da508195bf2ea977f

SHA512
23acc4cede923cee02b96cbb4f8823b817ac47880296af93cec9e5aa24f4c8c438f79c23cfc8448abdf4b9535824c83797a38914a59bba28fedd27b4af602d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD1C1.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjD1C1.tmp\newadvsplash.dll

Filesize
8KB

MD5
55a723e125afbc9b3a41d46f41749068

SHA1
01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

SHA256
0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

SHA512
559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\AppInfo\Launcher\Flowframes Video Interpolator.ini

Filesize
116B

MD5
0e42bb80722237e8a42b110612d135e8

SHA1
5cbe6bee6a7c1ba8140ab128f0f3d5a09e893dc1

SHA256
c9b267431b4b800cf99089a7ca2dbc308f50534decf8a1f70fba45f16d63f766

SHA512
b14dfa6a2eb53b23c3257c7a85f21480139e6c980374bf721855df2bcbd0ea34ab4117d2b828b24b215e67c936537c76fcb2bf3dbfad7308cf8fcdae9dae2f89

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\AppInfo\appinfo.ini

Filesize
147B

MD5
a0762b033103ba8fcdab472942a3d0cd

SHA1
74a7124ca4aae8e2c2744170445833d7150ad008

SHA256
445856a349054175fbc311b5884260d48598920a59eaf930735fb9c1c7ced396

SHA512
87b1bfbd28084ec0c64d20dd83d07ff2657091ed71333d82aeda4673271efbfce0e525a0115a1d29c7eeb64cba72640bea1136f41d902f8a0b2c2f79ad7692b7

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\Flowframes.exe

Filesize
18.2MB

MD5
ff6f19ec19f34048f5450cffe07bb1f7

SHA1
0722c01c3798c63c13bd6c5594024cd82d322b55

SHA256
eedb568d0cfdf8162252ab98f36421354f1cc2f4c108a525cf693b15719b2914

SHA512
05121519bb30fe1a5fdbcb176fbff57a7d14132c275273954ce8e546c12a4fb5774a07c0fda6282f486f47978a082788acfa88f218340b44d5a940c4287fb70f

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\config.json

Filesize
209B

MD5
aeb9a2d4e9f16cb6a3f864c0da72be3f

SHA1
54d6173e94d666f47baa885af8be00de2ae0ed34

SHA256
27657f8b4c59bacc3a5f0a357ee0f0ff5ae42d39c39cbae3b059ded170d8334d

SHA512
6b3af2eb313c815cc6b196614917e4a4a47a2b4f54924679c53d12922b8d06868a7bba00229d31e694534f25d6ec7b4ccb7c88e3e195460a62327d820a18c8e9

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\logs\2023-5-9-15-28-46-379\sessionlog.txt

Filesize
195KB

MD5
5d0874c6ba8bb3135122e26aa39e877c

SHA1
f2ba285bddd74b5e9f8c8955cd4ab47d6e118f92

SHA256
2c99979684a4c3650e22dbb3d74ab11c136e3b5277e1e20ba734ead5f766596f

SHA512
a5bd0b676c78bcacbb974c9c2c8a49a4c7a16f639cb4b22ad418fbd557305825acff4bf543df761db3d464fd35f97f77a0497b7d393fdcb3234a5e1df5ea3e3c

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\pkgs\licenses\rife-ncnn-vulkan.txt

Filesize
1KB

MD5
4cf57f6e8b4f9eddcc6a6e17d211bc14

SHA1
1d9f57489b774bc429b26f007d4327add1e350da

SHA256
05d1efd74427fcca5455814d0bbc89c2b76d35ec12cacd5f8ec1ef2bc377ebca

SHA512
479f939e5558e9f15bd17b8d5edfc033569a31319e69cf50240c533d4b76ba97c746dad73077a34327f6e52e378a17afba6c0995da5bc0dd7d1d906a78b3d248

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\pkgs\rife-cuda\RIFE31\arch\loss.py

Filesize
4KB

MD5
194e47a5e8aa0616dc46d4f149bfd8dc

SHA1
8d78fde6bbc18fd1162f85afe4aa7d578ce026ad

SHA256
68f5d50e298bab60668133889b9fa602e7c9bf5598214d73c33869aab1061949

SHA512
1f1aa2aeaa4178eb232667851cc99d3c1913a5a8e0b1df9391129b138dd3c583d9a982183da01a3d1d6b8db35238d57716d9264e1604ac5e91b0a59b1a0119c5

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\pkgs\rife-cuda\RIFE31\arch\warplayer.py

Filesize
1KB

MD5
714d76516cb386ab04de74377e358d0a

SHA1
99ef85eacbb61ea226aaccd23669085549ad850b

SHA256
27a7155b686cfaf4a88bc946891fa9555af221ba7087bfa66009fa7c62842634

SHA512
3a244b3b413657685ab5c2e1640e7e23cf2bd5779261cfa4d6079a7824464bf25e09964326bded9257a7cde92c816128ea825e823c134766cf38219d3940d2b2

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\pkgs\rife-cuda\RIFE43\arch\RIFE_HDv3.py

Filesize
3KB

MD5
0c094610df388180cd1e09b24845f1f3

SHA1
24b296542fe5b6af217670fec0e6019526cc53da

SHA256
ad0cff41c528b2dcdd57c061482546d2e1b03eeb355d96e705f1ef5e3b0c2876

SHA512
51a12161806bd6e90487364bf3d19eedb48693c14cb68d9517b54bdc281f6014ab935f945c0f3dbb62be015ef01c2d193ac4f0099f3cd0c290398d40bd4938b6

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\pkgs\rife-cuda\RIFE46\arch\refine.py

Filesize
3KB

MD5
81cb9f0283882fd9a5abc21442c7e8a0

SHA1
d900b4f4c7963cea0a0726884d94ad852456eca9

SHA256
0c5698b4a05b9f6ab551740575c1c35e248e5b1829bab6445186081ebe15f032

SHA512
bc56afce4312520b7f55daaab9cd9ebfade01b54171b01fce27f7c712686969413d5b7f79a6c8ee4c7fa7f8ab3e333a18151c962a175047f7b68fec3deb6be11

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\pkgs\rife-ncnn-vs\Lib\site-packages\pip-21.3.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\pkgs\rife-ncnn-vs\Lib\site-packages\wheel\vendored\packaging\_typing.py

Filesize
1KB

MD5
b0dac8ef6953fb835c7d633e6a427ba7

SHA1
f521b39e0501e178412d557ac85d625626b85326

SHA256
c79f44850e7b4cc4fe9134722d9576e4766f6061b06ee713a3a88a87f3b4b4cc

SHA512
de5d2189075a26dc2e9ba41c1bbf2d4ccd3d5fb475802a0d7a70e311a301c4c4cb619d9f15c6263a420583b4f8bf87fcd589d6f96fe7b1edc367b875d54cfdda

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\pkgs\rife-ncnn-vs\Scripts\pip.exe

Filesize
103KB

MD5
4a90a876e450f97a453e7552efcd09a6

SHA1
541bbef1d17f013fb35cae0c63264079ed8235bc

SHA256
d22a2fdf429ea26251b447fb0c793095f59f586ce11d12ee6be46204a34439ec

SHA512
b18f0b41f34f208f3be9052c6e3b9715278b7400bc1d297668f6b367799d76ccef2ac5e95ce626ba4210803eeef575b85d9592f576721cdf83805f60eb7cb73d

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\pkgs\rife-ncnn-vs\models.json

Filesize
562B

MD5
b0de2bb78fc044487001fa0f2e7c4a4e

SHA1
2975458fdb3c4dd7123e0dfd86152e9a19b96fae

SHA256
eac38c8a4a055164783b81f3feecf4a97872b5bd9e0e5b32dc2f35d4318a1cca

SHA512
05448c927b3199a8b61e3a8a9f53e79acb08a33cfed4c3334e0ba5830edf73b818d2a7b3b6f0841e663a9010e8912eff26b01a179c7d0ab8b125fc9fa4745228

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\App\Flowframes\FlowframesData\ver.ini

Filesize
9B

MD5
2d27025a55efd87efa7471624c7a83f9

SHA1
9895891de1d56e66d3f130e43bd0861b9a94cd4e

SHA256
964252e6c6d2bcf7af93ba2e5bfd8a3d7401b4b0ac042ffce935560ecefe1f8a

SHA512
1f70d2232218909bcefd4392a7b5f3e8331b8eddfda4c1a60151ea5eab2e9c4153f7faf995051bc72304ff41a8ee90a657ede8d25caabec90b1c646a1f589936

Download Submit
C:\Users\Admin\Downloads\Flowframes 1.40.0\Flowframes Video Interpolator.exe

Filesize
324KB

MD5
8c4c0dadae0fdeb1b4a375e2ebea64bb

SHA1
4ce34b8be519f236506a3b25e7a6fd946a6b93ee

SHA256
c671f506e2935d2d46ba9d804b5a2c71f008cadff46e595a080040823739aadc

SHA512
07fb71c105f2d13133cbd379e9c12a5e0ede281f8f4169b3e9fe82652cc6bf1038f963b367eddcfe300c9e8d40ecdd5ee6a40f6bd4931e0b852addcb0f95572d

Download Submit
memory/1556-2088-0x000001D9C30A0000-0x000001D9C320C000-memory.dmp

Filesize
1.4MB

Download
memory/1556-2086-0x000001D9A8D70000-0x000001D9A8D7A000-memory.dmp

Filesize
40KB

Download
memory/1556-2087-0x000001D9C2E80000-0x000001D9C2E90000-memory.dmp

Filesize
64KB

Download
memory/1556-2077-0x000001D9C2D00000-0x000001D9C2DB0000-memory.dmp

Filesize
704KB

Download
memory/1556-2089-0x000001D9C51E0000-0x000001D9C52B4000-memory.dmp

Filesize
848KB

Download
memory/1556-2090-0x000001D9C3270000-0x000001D9C328A000-memory.dmp

Filesize
104KB

Download
memory/1556-2091-0x000001D9C7770000-0x000001D9C777E000-memory.dmp

Filesize
56KB

Download
memory/1556-2092-0x000001D9C3D70000-0x000001D9C3DE8000-memory.dmp

Filesize
480KB

Download
memory/1556-2079-0x000001D9A8CF0000-0x000001D9A8D12000-memory.dmp

Filesize
136KB

Download
memory/1556-2104-0x000001D9C78C0000-0x000001D9C7936000-memory.dmp

Filesize
472KB

Download
memory/1556-2076-0x000001D9A7660000-0x000001D9A8892000-memory.dmp

Filesize
18.2MB

Download
memory/1556-2108-0x000001D9C3E30000-0x000001D9C3E4E000-memory.dmp

Filesize
120KB

Download