Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
897s -
max time network
895s -
platform
windows11-21h2_x64 -
resource
win11-20250207-uk -
resource tags
arch:x64arch:x86image:win11-20250207-uklocale:uk-uaos:windows11-21h2-x64systemwindows -
submitted
08/02/2025, 11:42
Behavioral task
behavioral1
Sample
nkth.exe
Resource
win10ltsc2021-20250207-uk
Behavioral task
behavioral2
Sample
nkth.exe
Resource
win10v2004-20250129-uk
Behavioral task
behavioral3
Sample
nkth.exe
Resource
win10ltsc2021-20250207-uk
General
-
Target
nkth.exe
-
Size
55KB
-
MD5
33644523cb6a6c01bbf2dd5c3a97aafc
-
SHA1
7fd0d35a09a32693d30ffdb49ecd69c1229d2a20
-
SHA256
e451ebc803766d533d92baf458485284fb64cc3e8d4491cf410ea7fb2d5ded45
-
SHA512
43bddd6e1cd6acf040fec6d2b51afd86daa0f5f8ef7990b7dab2e9a42bdcdec5fede30d0510e6fdfd1cb08a4028e5057061f7c4e91a8b5a300ae1af9505cef2b
-
SSDEEP
1536:5EOADn6cpNPmSpVcDGiwsNMDdXExI3pmsm:bADn6cPzLcDGiwsNMDdXExI3pm
Malware Config
Signatures
-
Njrat family
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nkth.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wermgr.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 5740 MicrosoftEdgeUpdate.exe 1892 MicrosoftEdgeUpdate.exe 3268 MicrosoftEdgeUpdate.exe -
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision wermgr.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier wermgr.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU wermgr.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2128 MicrosoftEdgeUpdate.exe 2128 MicrosoftEdgeUpdate.exe 2128 MicrosoftEdgeUpdate.exe 2128 MicrosoftEdgeUpdate.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4204 nkth.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: SeDebugPrivilege 2128 MicrosoftEdgeUpdate.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe Token: 33 4204 nkth.exe Token: SeIncBasePriorityPrivilege 4204 nkth.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\nkth.exe"C:\Users\Admin\AppData\Local\Temp\nkth.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=uk --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3704,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:141⤵PID:5628
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjBDRkI5QzYtNkE5NS00N0ZGLUEzMUUtRTdCQzY1RjIxRDkzfSIgdXNlcmlkPSJ7NjdGMUNENkEtMjk1OS00QzNBLUI4MEItNTI3MTZENzM2MDlBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QTVDRjE3MzEtNUFFQi00OEE5LTlGRjQtNzRERjY4QkEyMTIwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczODk1NTM0NSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNDI3OTQzMzU2MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU1ODg3MDgyODAiLz48L2FwcD48L3JlcXVlc3Q-1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5740
-
C:\Windows\SysWOW64\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "0" "920" "1284" "1192" "1288" "0" "0" "0" "0" "0" "0" "0" "0"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
PID:3168
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjBDRkI5QzYtNkE5NS00N0ZGLUEzMUUtRTdCQzY1RjIxRDkzfSIgdXNlcmlkPSJ7NjdGMUNENkEtMjk1OS00QzNBLUI4MEItNTI3MTZENzM2MDlBfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCMTIyMDg0QS1BRjE1LTQwRTYtODhCQi1BMUQ1RkE5MkE0MTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczODk1NDg2MCI-PGV2ZW50IGV2ZW50dHlwZT0iMzIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjQiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU1OTU4OTU5MzkiLz48L2FwcD48L3JlcXVlc3Q-1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1892
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjBDRkI5QzYtNkE5NS00N0ZGLUEzMUUtRTdCQzY1RjIxRDkzfSIgdXNlcmlkPSJ7NjdGMUNENkEtMjk1OS00QzNBLUI4MEItNTI3MTZENzM2MDlBfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3MENBNzZENi1CQTBCLTQ2NkUtOUE5OC05QjUxNjQwRkY4NER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC45NCI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIxIiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9Ins3MUVFRkRENy0zNTlBLTREOEQtQkNGNC04RkRCMDAzREZCREF9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuODgiIG9vYmVfaW5zdGFsbF90aW1lPSIxODQ0Njc0NDA3MzcwOTU1MTYwNiIgdXBkYXRlX2NvdW50PSIxIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODM0Mzg1MjIzOTIxMjMwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iMSIgcj0iMSIgYWQ9IjY2MTIiIHJkPSI2NjEyIiBwaW5nX2ZyZXNobmVzcz0iezk2RkY3RjA4LTIwQTQtNDM3NS04MzNDLUIyMDBFQURERUNGNn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMyLjAuMjk1Ny4xNDAiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjUzIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iMSIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7MkI1Qjg0NDktMDIxQS00QTc3LTlDNEUtNzMzNDNDM0Q3QjI1fSIvPjwvYXBwPjwvcmVxdWVzdD41⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3268
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=5332,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:141⤵PID:5344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=uk --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=5424,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:141⤵PID:5712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4340,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=4540 /prefetch:141⤵PID:420
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4252,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:141⤵PID:5720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=5428,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:141⤵PID:4468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4148,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:141⤵PID:3724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4532,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=4576 /prefetch:141⤵PID:2232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=5264,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:141⤵PID:4464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4912,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:141⤵PID:2664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=5256,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:141⤵PID:5692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4364,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:141⤵PID:2684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4256,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:141⤵PID:5440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=5448,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:141⤵PID:3268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=5128,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:141⤵PID:5156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=5180,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=4900 /prefetch:141⤵PID:196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4556,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:141⤵PID:896
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=uk --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=5080,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:141⤵PID:968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4128,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:141⤵PID:5996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=uk --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4276,i,127395260945924701,10311264522798841209,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:141⤵PID:3524
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
400KB
MD572ecb02d5d217fb2dc7fa5218658054e
SHA1c27318f37faf38cf8a1476fc46f0ae241591042b
SHA25604e4e08674baa66fa82c29d874ce15ba39a4398d5640bf96ec9902762f50bba1
SHA512d10ffeceb9a8898ac3b91c9cab85c2d99e0af7cb0214487629c430f6298a44b4351173ff441c0e38dcd056d05d6a9491b7375af260569a5dff0f698e9ccc2a3c
-
Filesize
424KB
MD50a15f52a784ad7fb08ada3e212542b3b
SHA1e3106c7e1707588c874246654ef876bea4351cc1
SHA25697f815750f06c2689d45a43cdec4b97e25e3527470b4d6e72e3461e30db66f50
SHA51204c11f74230000f2b10cc66447af579f41e9a0786fc59972f64a90673cbd41373ccd22266dad144a4d8bc75d66bfcfcf64845a3837211a8ca47a44c7da541fef
-
Filesize
439KB
MD5ca211f8f650957d62df10106532e74f6
SHA10431381a1f53a1bf365c3f0072ad46622297f011
SHA256fb1cd0bc197704ad99633553cceb3ccc81926b5065359b8928f8c87d596104f4
SHA512f4d58d44e744e19076c422e0050254f866ddf05f19ef762d6be0e21d484f89170d55b8234dacf414a783942aaddaf5efcd1266b393881209b5c36af6abf1f4fe