3a17d7cddfec31925a652e917984c278cb8a1ee68554248ded467696c427e041

Analysis

max time kernel
143s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 10:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

zapret-win-bundle-master/blockcheck/blockcheck.cmd
Size

199B
MD5

c8f6ce2373ae8cfcbe070e8347fec6b7
SHA1

6af61c6bacf9a43253071dbf2830022d73f19952
SHA256

c62021151e53f72de851086ce377b13ff7bce291d4d58bcc527cc2be5de6d697
SHA512

e5493c350519cd29c76cb5daef3136f346d6af4050284d582ef395dc2b0e1e037978e5aa05df666fd8eb6bbdaf8f5e746998ced42143891df32d3b8869d5c216

Score

5^/10

discovery

Malware Config

Signatures

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
2284	tasklist.exe
3004	tasklist.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2920	ping.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2920	ping.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
836	grep.exe
836	grep.exe
2556	grep.exe
2556	grep.exe
1680	grep.exe
1680	grep.exe
2728	grep.exe
2728	grep.exe
884	grep.exe
884	grep.exe
1904	grep.exe
1904	grep.exe
2052	grep.exe
2052	grep.exe
2532	grep.exe
2532	grep.exe
1908	grep.exe
1908	grep.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	696	cygpath.exe
Token: SeBackupPrivilege	696	cygpath.exe
Token: SeDebugPrivilege	696	cygpath.exe
Token: SeRestorePrivilege	2132	bash.exe
Token: SeBackupPrivilege	2132	bash.exe
Token: SeDebugPrivilege	2132	bash.exe
Token: SeRestorePrivilege	2860	bash.exe
Token: SeBackupPrivilege	2860	bash.exe
Token: SeDebugPrivilege	2860	bash.exe
Token: SeRestorePrivilege	2860	bash.exe
Token: SeBackupPrivilege	2860	bash.exe
Token: SeDebugPrivilege	2860	bash.exe
Token: SeRestorePrivilege	2848	cygpath.exe
Token: SeBackupPrivilege	2848	cygpath.exe
Token: SeDebugPrivilege	2848	cygpath.exe
Token: SeRestorePrivilege	2832	bash.exe
Token: SeBackupPrivilege	2832	bash.exe
Token: SeDebugPrivilege	2832	bash.exe
Token: SeRestorePrivilege	2832	bash.exe
Token: SeBackupPrivilege	2832	bash.exe
Token: SeDebugPrivilege	2832	bash.exe
Token: SeRestorePrivilege	2616	cygpath.exe
Token: SeBackupPrivilege	2616	cygpath.exe
Token: SeDebugPrivilege	2616	cygpath.exe
Token: SeRestorePrivilege	2664	bash.exe
Token: SeBackupPrivilege	2664	bash.exe
Token: SeDebugPrivilege	2664	bash.exe
Token: SeRestorePrivilege	2664	bash.exe
Token: SeBackupPrivilege	2664	bash.exe
Token: SeDebugPrivilege	2664	bash.exe
Token: SeRestorePrivilege	1104	dirname.exe
Token: SeBackupPrivilege	1104	dirname.exe
Token: SeDebugPrivilege	1104	dirname.exe
Token: SeRestorePrivilege	1248	bash.exe
Token: SeBackupPrivilege	1248	bash.exe
Token: SeDebugPrivilege	1248	bash.exe
Token: SeRestorePrivilege	1248	bash.exe
Token: SeBackupPrivilege	1248	bash.exe
Token: SeDebugPrivilege	1248	bash.exe
Token: SeRestorePrivilege	2904	bash.exe
Token: SeBackupPrivilege	2904	bash.exe
Token: SeDebugPrivilege	2904	bash.exe
Token: SeRestorePrivilege	2904	bash.exe
Token: SeBackupPrivilege	2904	bash.exe
Token: SeDebugPrivilege	2904	bash.exe
Token: SeRestorePrivilege	1668	bash.exe
Token: SeBackupPrivilege	1668	bash.exe
Token: SeDebugPrivilege	1668	bash.exe
Token: SeRestorePrivilege	1668	bash.exe
Token: SeBackupPrivilege	1668	bash.exe
Token: SeDebugPrivilege	1668	bash.exe
Token: SeRestorePrivilege	1976	sh.exe
Token: SeBackupPrivilege	1976	sh.exe
Token: SeDebugPrivilege	1976	sh.exe
Token: SeRestorePrivilege	2984	sh.exe
Token: SeBackupPrivilege	2984	sh.exe
Token: SeDebugPrivilege	2984	sh.exe
Token: SeRestorePrivilege	2984	sh.exe
Token: SeBackupPrivilege	2984	sh.exe
Token: SeDebugPrivilege	2984	sh.exe
Token: SeRestorePrivilege	1440	tee.exe
Token: SeBackupPrivilege	1440	tee.exe
Token: SeDebugPrivilege	1440	tee.exe
Token: SeRestorePrivilege	2924	dirname.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 320	2396	cmd.exe	31
PID 2396 wrote to memory of 320	2396	cmd.exe	31
PID 2396 wrote to memory of 320	2396	cmd.exe	31
PID 320 wrote to memory of 696	320	cmd.exe	32
PID 320 wrote to memory of 696	320	cmd.exe	32
PID 320 wrote to memory of 696	320	cmd.exe	32
PID 2396 wrote to memory of 952	2396	cmd.exe	33
PID 2396 wrote to memory of 952	2396	cmd.exe	33
PID 2396 wrote to memory of 952	2396	cmd.exe	33
PID 952 wrote to memory of 2132	952	wscript.exe	34
PID 952 wrote to memory of 2132	952	wscript.exe	34
PID 952 wrote to memory of 2132	952	wscript.exe	34
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2132 wrote to memory of 2860	2132	bash.exe	36
PID 2860 wrote to memory of 2848	2860	bash.exe	37
PID 2860 wrote to memory of 2848	2860	bash.exe	37
PID 2860 wrote to memory of 2848	2860	bash.exe	37
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2132 wrote to memory of 2832	2132	bash.exe	38
PID 2832 wrote to memory of 2616	2832	bash.exe	39
PID 2832 wrote to memory of 2616	2832	bash.exe	39
PID 2832 wrote to memory of 2616	2832	bash.exe	39
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2132 wrote to memory of 2664	2132	bash.exe	40
PID 2664 wrote to memory of 1104	2664	bash.exe	41
PID 2664 wrote to memory of 1104	2664	bash.exe	41
PID 2664 wrote to memory of 1104	2664	bash.exe	41
PID 2132 wrote to memory of 1248	2132	bash.exe	42
PID 2132 wrote to memory of 1248	2132	bash.exe	42
PID 2132 wrote to memory of 1248	2132	bash.exe	42
PID 2132 wrote to memory of 1248	2132	bash.exe	42
PID 2132 wrote to memory of 1248	2132	bash.exe	42
PID 2132 wrote to memory of 1248	2132	bash.exe	42
PID 2132 wrote to memory of 1248	2132	bash.exe	42

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\blockcheck.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:320
- - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
    ..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:696
- C:\Windows\system32\wscript.exe
  wscript ..\tools\elevator.vbs ..\cygwin\bin\bash -i "'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:952
- - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
    "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe"
        7⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"
        7⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1528
        
        C:\Windows\system32\tasklist.exe
        
        C:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq winws.exe"
        7⤵
        Enumerates processes with tasklist
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2620
        
        C:\Windows\system32\tasklist.exe
        
        C:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq goodbyedpi.exe"
        7⤵
        Enumerates processes with tasklist
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:768
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe w3.org
        7⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1900
        
        C:\Windows\system32\ping.exe
        
        C:\Windows\system32\ping.exe -4 -n 1 -w 1000 8.8.8.8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1732
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe w3.org 8.8.8.8
        7⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1484
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe pornhub.com 8.8.8.8
        7⤵
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2932
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe ntc.party 8.8.8.8
        7⤵
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2780
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe rutracker.org 8.8.8.8
        7⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:328
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:800
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:236
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe www.torproject.org 8.8.8.8
        7⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2940
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe bbc.com 8.8.8.8
        7⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"
        7⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sort.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sort.exe"
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"
        8⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe"
        7⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe"
        9⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe"
        7⤵
        
        PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
57B

MD5
6e618602b13e2c874fdc2730ce1ffa75

SHA1
3dc11826e266541fbaf50810d8000ed5984f88d8

SHA256
453d65259a1c92a46ba6a359ef1bf3c4dcdfdb67e49e548feb94c662738bdd02

SHA512
1cc56b3bf90972e87e3dac6cf7ec734885fbf5f9b404d26b56a6f99e13e2e7d8ac48bbdf49f0460188446517243e1265e8ba57aa08e90c643a079738c3a4ba50

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
14B

MD5
33f60dd6ef06bce06340797778c148ae

SHA1
5a5c11a86f5ef0e603a15bc41ad146d583a60a63

SHA256
f9d879ff5b7a606aaff0e6d8f44007b10decd918495ecc688d885d9fe27774af

SHA512
5e3983736a186607fb6a672ce904f7a0184a596ee11bb14d7909f33954d4621e2ef184718a207da3426511ce595e93c392714319c89368a77db651eac6dfc69f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
29B

MD5
451515decf5943337e80b31564731d14

SHA1
8ffe53b5afaad1e3da608ad6b5fb72e1f0d3d989

SHA256
b4a38d5e7d7b616c5c79dff39b5160e02c3d38b7117d93b51abd66a64093ce5f

SHA512
653a0acea319c7d70e5dea5999bfaf33238cb79de11e2de28975cb80f632612952750dc950b92a5e908ee9d65c0a50d27b3d8c247e7122654cf03b74f19e8d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
28B

MD5
2bca117c7ca80d5951636483b6fe1a6b

SHA1
53311b733b86d547c4cd2808c1506b7d1c2e2280

SHA256
a17d0f85df96c0dec8ca5934347045292cb2c3ff090fdb5e081f2a26b6a1d076

SHA512
035be0f5c36235019e182c8c8cd05b5fbabd6b85e8931b579dd0ce65ba6aba35992cf61a603caa738ac8e55fe681fb6504332f8fae7f9be5a2e04d503056a21e

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
72B

MD5
cdd8e2b607c27667ee7eea67a3bc6981

SHA1
55ca837efe1de18de04d0722c9e03a210160ca70

SHA256
049aebe202b734779cb6d58b7677d0f4d0da30d26772da9006a6770c4221f456

SHA512
3afc8a0b2024ba7fc9f19f93f0f9fe6dd4eeae8fdb28ff08bd18c3415e287417bba0dccc3882ed0ab87e31a4648160c444d133ce9c822a9b21467105cc2dbeeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
57B

MD5
ebde8629ceb171cf6f07bb5634e615e2

SHA1
0fa52a303c29eb0f4c11db22b691101ba4ca90dd

SHA256
a4a00f45a69e45786239bd380e579a8ac2e20ba8f5893f2aa416c73b435517f0

SHA512
95af2dc8a4ccea3e34d188517d0b4585b28fc34dbe23dec8ee92af3f89e456ced536245f28a10391774c7eaaa5bafc91bd7ec7536e6489d6e28f8d159b9c9483

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
29B

MD5
6bb230a33b3962fec74592233ced1899

SHA1
2fa1c41c9db86de26a0dd0abaf2275dec9e28aff

SHA256
d8736778f410a02684514a71d1d578039a4d8ac91cb8e75e7509a78ff6ab277f

SHA512
cf860d12fbca9c8194652ce1f3deddfcf91ff0eb216057805d2f15f266067e28c1215225403d7d01b76a7295d1f7adfecfd6455dc545a09a90dad83f080c4277

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
28B

MD5
4e7f727a3da88bb76adac3bebbb155c9

SHA1
bb1ede39224444cbbf7a1f95a752ca54957f56c4

SHA256
311446186a80bb610cafbb6fb5226cfacd1ac39cd3a84aa548df015e4ec7a79b

SHA512
a8ea00beff8d1adffefd41ebb8a777cc238e7376f112ec154a85a309beffd42688767496c5f3cc541030dddd17c421ac2c9dbe128be07163028f2b7f8cdd872f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
72B

MD5
9390c1997b4b5403c1309a952636376b

SHA1
846852e61175851356053bdafc4d8d2b5e18f988

SHA256
bfc12a33c293db48c268b442fe9ada0d33048f87da972d5c7168398912d34d7b

SHA512
5c8a0937f8d75f3c55773309504570f88c759a76a23506507a871493129b86ba0822537d16fe63dddad05afeacd4310ccfe5a550dbce7d8e75fe7b84e51d7bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
143B

MD5
ca04cb483af7af5cf9fc5bd5f8d373c0

SHA1
b772b676cfe07b3d1ecb14dcb7e827ecb25d6101

SHA256
63890ec41de69998ab1c9ec915b8fd64cb38be9f6b73273d14016ffaeafeef2b

SHA512
c11f8eab630b31a508abc03904b8249af106be815189f05adbfd166feb9e639103e8727eed7b894dedf3f550af76ce882d13cef95ff818c436b6d7b83cbc0fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
200B

MD5
f6c6436ff19d321655030f237b1f17d1

SHA1
6e6b0a4f874676380ba697259c090b69ccf84c05

SHA256
b95f7084100592386b8492a58c6c29579ead1f31cd67b739c1ec6358341eb63e

SHA512
64039194f5597db9f9eb01700159a29b3bf33addfd37ddd041d246b4873109489e8c30ba0f4d99581aa354c18aabaa522a184d975b4e246e1dfaf5b0a5d48a46

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
43B

MD5
ee33e68ebd328cdb782fced6d07d4141

SHA1
0ddd5195640607f989eab3c56ba77343621ff1c7

SHA256
317daff8f205727612be75db33d01f6ff10ac1e0ea7515f9895d81366c4a046a

SHA512
b71fcdf2422ea44998c24e55ab320af9ced4778639721a62e1ebf8966ccf1251493668b184665ee0132649da58854fa67792e5c5031b11cb2b9329257d43cda2

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
71B

MD5
25cd68deb7ad1e03d009030f24f43db2

SHA1
6b74528de267892a192067c53daeff4f412fef50

SHA256
3b41d486669dba0300215bb9be42f57e4dc5412ff45b2f55c173d62f9a442c17

SHA512
d561461ff58f54b45746dd35e5d2a2af8ebb1d54a461203b7f3d48ac7c33554129d1c3a5b85da8ff8c7e547eccd4b6aaf140030805ded18cba309077da9130ed

Download Submit
memory/236-223-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/236-218-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/276-182-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/696-0-0x000007FEF6630000-0x000007FEF6932000-memory.dmp

Filesize
3.0MB

Download
memory/696-3-0x000007FEF6630000-0x000007FEF6932000-memory.dmp

Filesize
3.0MB

Download
memory/696-1-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/768-320-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/768-323-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/836-194-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/836-203-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1104-82-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1104-80-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/1104-78-0x0000000100400000-0x0000000100412000-memory.dmp

Filesize
72KB

Download
memory/1104-76-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1248-102-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1248-96-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/1248-93-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1432-244-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1432-251-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1440-142-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1472-212-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1528-278-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1528-259-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1568-242-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1568-238-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1668-119-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1668-140-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1680-273-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1680-284-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1976-129-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/1976-217-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2132-7-0x00000003FF430000-0x00000003FF48C000-memory.dmp

Filesize
368KB

Download
memory/2132-9-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2132-4-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2132-127-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2132-5-0x00000003FF670000-0x00000003FF782000-memory.dmp

Filesize
1.1MB

Download
memory/2132-10-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2132-6-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/2132-8-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/2204-272-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2264-187-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2264-193-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2556-226-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2556-234-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2592-163-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2616-54-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2616-55-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2616-53-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/2616-160-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2620-311-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2620-288-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2664-69-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2664-64-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2664-77-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2664-73-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/2728-299-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2728-308-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2748-298-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2748-291-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2796-176-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2832-43-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2832-45-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2832-51-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2848-26-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2848-30-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/2848-32-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2860-20-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2860-22-0x00000003FF670000-0x00000003FF782000-memory.dmp

Filesize
1.1MB

Download
memory/2860-11-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2860-19-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2860-12-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2860-24-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/2860-25-0x00000003FF430000-0x00000003FF48C000-memory.dmp

Filesize
368KB

Download
memory/2860-27-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2860-23-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/2904-128-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2904-110-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2924-152-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2984-153-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/2984-141-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/3036-166-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download
memory/3036-170-0x000007FEF6320000-0x000007FEF6622000-memory.dmp

Filesize
3.0MB

Download