27b9c2bbe7d1d9a042707f2dffed11fec9f2bb9804a5255d02c68b5b975d071a

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/11/2024, 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ryzen DRAM Calculator 1.7.3/memtest.exe
Size

40KB
MD5

2da23869191b9b93106967d1924e6342
SHA1

ef072f822fa270026c7243e8ad4cf5fccccf2947
SHA256

637d81054008795d8ba5115682fe5979e26c3691d3a8ac7960bdf1a69436907e
SHA512

80a8560304f08e1ee7c77de19d100aab00e8932147507486d6f4558760459a57633f013e907b93263fc41c158ef0a4b061708d036165d9668ba90405de3ecf27
SSDEEP

384:YJDsy4wiAjbceYC87TfUjO1RMuQJL3LNQu/+Hqo71a1soaxFWHxujgHjKDuucNzT:YalvAjbceg7zlc9bGC+Hq+2/aGHF4M

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	memtest.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4916	msedge.exe
4916	msedge.exe
4580	msedge.exe
4580	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3916	memtest.exe
3916	memtest.exe
3916	memtest.exe
3916	memtest.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 4916	3916	memtest.exe	97
PID 3916 wrote to memory of 4916	3916	memtest.exe	97
PID 4916 wrote to memory of 4580	4916	msedge.exe	98
PID 4916 wrote to memory of 4580	4916	msedge.exe	98
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1564	4916	msedge.exe	99
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100
PID 4916 wrote to memory of 1704	4916	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\Ryzen DRAM Calculator 1.7.3\memtest.exe
"C:\Users\Admin\AppData\Local\Temp\Ryzen DRAM Calculator 1.7.3\memtest.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/copyError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13816668938269990382,15696424149488491454,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:1564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13816668938269990382,15696424149488491454,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2496 /prefetch:2
    3⤵
    PID:1704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13816668938269990382,15696424149488491454,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2704 /prefetch:2
    3⤵
    PID:3476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13816668938269990382,15696424149488491454,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2408 /prefetch:2
    3⤵
    PID:4252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,13816668938269990382,15696424149488491454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2464 /prefetch:8
    3⤵
    PID:2816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13816668938269990382,15696424149488491454,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
    3⤵
    PID:3092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13816668938269990382,15696424149488491454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:3
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13816668938269990382,15696424149488491454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 /prefetch:3
    3⤵
    PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/decayError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:3940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/copyError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:1972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/decayError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/copyError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/decayError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/copyError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/decayError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:1684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/copyError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:4020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/decayError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:4264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/copyError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:3820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/decayError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe8,0xec,0xf0,0xe4,0xf4,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    PID:544
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 704 -s 764
    3⤵
    PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/decayError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0xfc,0xd8,0x100,0x108,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hcidesign.com/memtest/copyError.html/ver:6.0%20flag:6%20xy:1
  2⤵
  PID:5012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd4,0x10c,0x7ff954a246f8,0x7ff954a24708,0x7ff954a24718
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

Filesize
150B

MD5
bd874b67fba4339620b2a14d26e1116d

SHA1
a989812ba02eccc40c920eaf5b08b6f5325a0fa0

SHA256
33672ab1603fb1648d9572c8201ffddbd5a6a57da60e413905d2a342365a0c74

SHA512
b7169e5322c5cb6de28a848d7f27877a6a72e20732c39f7843bd81bb32222058929b07596315e93c6326f85745ee8a9e46f70bb6e5f4f8713ee9f888fd74c68b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\876343e9-98d6-44e3-9323-47a7c5ee3fd8.dmp

Filesize
687KB

MD5
e149d2c57d002b79b7b9b8280ce54604

SHA1
e11106cb4375b4b3ba1eaa6ac40907c8cd98d532

SHA256
deae61044cd66068908f722afebfda6674d90140cab6f3dfb410daa18201d185

SHA512
3cfafda3e692b42ec33ad86882a63cab6f063ef7fa805e15ba61b06f44dbadbe9f5bfde3c391afa76f2913a9f83159f8a440b19e5778d5c5dd6fd35e3d85c0fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c9d2a336-69ba-46ab-8ad9-339718b1273c.dmp

Filesize
636KB

MD5
7a91bc32ad2c03bd09fc37b1639ca4fc

SHA1
358602c081282c2b76dbd0ffad89752580e21f5e

SHA256
5c3943acf6dc547a921dad349041193832aca47089fd7cba47719b8972996e80

SHA512
2ba0fc96d68f661b51b7dfcfa6ec243a91c1ccc65d81dfb0abee8767052c5ffee1c0b15b661a0615189065f9c634f2fe4f0c29b9cbbd4e6f2b122a2bdfb09d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b18ec3a161901f69021e905610415f46

SHA1
14070e1faf4da59fa8db9b14c20981957d643dbc

SHA256
bb2a4d039ae4a46a876ace00e289d7d4d5eb49c10c810be387c49d031d567b85

SHA512
189b4e572bbc3734e3cf3401a5ef52cd2d7c3bd5404982efc36dbb159cba5b5cb34f99202e981f075039fcfe536f03d9d0b2407c9786c147c524cee9fb5dada2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e19dface2ee6a24c879a6071b264292

SHA1
ae3ad7d3facc771377d46e585e885c45adc6a473

SHA256
072c5ee061d9ca805ab54b0a24a9cf197dabb1a498f1147682fcb7c73dbc2aab

SHA512
ac931677ab2f9509832594ae54cae4f429004c6f20333d4b6e5bcf4ccd637c0888df2668a04553f9f8827aaa851ab8821a01b4aa675676c4224834a86f11f90b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\edge_shutdown_crash.txt

Filesize
2B

MD5
06d49632c9dc9bcb62aeaef99612ba6b

SHA1
e91fe173f59b063d620a934ce1a010f2b114c1f3

SHA256
e79e418e48623569d75e2a7b09ae88ed9b77b126a445b9ff9dc6989a08efa079

SHA512
849b2f3f63322343fddc5a3c8da8f07e4034ee4d5eb210a5ad9db9e33b6aec18dea81836a87f9226a4636c6c77893b0bd3408f6d1fe225bb0907c556a8111355

Download Submit
memory/3916-13-0x0000000005C80000-0x0000000005C97000-memory.dmp

Filesize
92KB

Download
memory/3916-23-0x00000000070A0000-0x0000000007105000-memory.dmp

Filesize
404KB

Download
memory/3916-16-0x00000000069A0000-0x00000000069BB000-memory.dmp

Filesize
108KB

Download
memory/3916-15-0x0000000006900000-0x0000000006993000-memory.dmp

Filesize
588KB

Download
memory/3916-14-0x0000000005CA0000-0x0000000006041000-memory.dmp

Filesize
3.6MB

Download
memory/3916-21-0x0000000006E90000-0x0000000006EA8000-memory.dmp

Filesize
96KB

Download
memory/3916-20-0x0000000006A40000-0x0000000006E90000-memory.dmp

Filesize
4.3MB

Download
memory/3916-22-0x0000000007010000-0x0000000007093000-memory.dmp

Filesize
524KB

Download
memory/3916-24-0x0000000007110000-0x000000000714D000-memory.dmp

Filesize
244KB

Download
memory/3916-17-0x00000000069C0000-0x00000000069CA000-memory.dmp

Filesize
40KB

Download
memory/3916-18-0x00000000069D0000-0x00000000069F1000-memory.dmp

Filesize
132KB

Download
memory/3916-19-0x0000000006A00000-0x0000000006A34000-memory.dmp

Filesize
208KB

Download
memory/3916-10-0x0000000002390000-0x000000000239B000-memory.dmp

Filesize
44KB

Download
memory/3916-12-0x0000000005650000-0x000000000587B000-memory.dmp

Filesize
2.2MB

Download
memory/3916-64-0x0000000005650000-0x000000000587B000-memory.dmp

Filesize
2.2MB

Download
memory/3916-11-0x0000000005630000-0x000000000564D000-memory.dmp

Filesize
116KB

Download
memory/3916-9-0x0000000005480000-0x0000000005628000-memory.dmp

Filesize
1.7MB

Download
memory/3916-6-0x0000000004C60000-0x0000000005268000-memory.dmp

Filesize
6.0MB

Download
memory/3916-8-0x0000000005370000-0x0000000005432000-memory.dmp

Filesize
776KB

Download
memory/3916-7-0x0000000002A50000-0x0000000002A74000-memory.dmp

Filesize
144KB

Download