Analysis
-
max time kernel
144s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
10/10/2024, 10:47
General
-
Target
zapret-win-bundle-master/blockcheck/blockcheck.cmd
-
Size
199B
-
MD5
c8f6ce2373ae8cfcbe070e8347fec6b7
-
SHA1
6af61c6bacf9a43253071dbf2830022d73f19952
-
SHA256
c62021151e53f72de851086ce377b13ff7bce291d4d58bcc527cc2be5de6d697
-
SHA512
e5493c350519cd29c76cb5daef3136f346d6af4050284d582ef395dc2b0e1e037978e5aa05df666fd8eb6bbdaf8f5e746998ced42143891df32d3b8869d5c216
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates processes with tasklist 1 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 36 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\blockcheck.cmd"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\wscript.exewscript ..\tools\elevator.vbs ..\cygwin\bin\bash -i "'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'"2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'3⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"7⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\tasklist.exeC:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq winws.exe"7⤵
- Enumerates processes with tasklist
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\tasklist.exeC:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq goodbyedpi.exe"7⤵
- Enumerates processes with tasklist
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe w3.org7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\ping.exeC:\Windows\system32\ping.exe -4 -n 1 -w 1000 8.8.8.87⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe w3.org 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exeC:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=47⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe pornhub.com 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exeC:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=47⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe ntc.party 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exeC:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=47⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe rutracker.org 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exeC:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=47⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe www.torproject.org 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exeC:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=47⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe bbc.com 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sort.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sort.exe"8⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"8⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"8⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"7⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"8⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe"9⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe"7⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14B
MD533f60dd6ef06bce06340797778c148ae
SHA15a5c11a86f5ef0e603a15bc41ad146d583a60a63
SHA256f9d879ff5b7a606aaff0e6d8f44007b10decd918495ecc688d885d9fe27774af
SHA5125e3983736a186607fb6a672ce904f7a0184a596ee11bb14d7909f33954d4621e2ef184718a207da3426511ce595e93c392714319c89368a77db651eac6dfc69f
-
Filesize
28B
MD52bca117c7ca80d5951636483b6fe1a6b
SHA153311b733b86d547c4cd2808c1506b7d1c2e2280
SHA256a17d0f85df96c0dec8ca5934347045292cb2c3ff090fdb5e081f2a26b6a1d076
SHA512035be0f5c36235019e182c8c8cd05b5fbabd6b85e8931b579dd0ce65ba6aba35992cf61a603caa738ac8e55fe681fb6504332f8fae7f9be5a2e04d503056a21e
-
Filesize
72B
MD566cf45f1340ca0a942a4c6335068aa19
SHA146227a728c868ca240fcbbd9cd5524327dca6372
SHA25625d99044b45d5b82c3c9b036f1a40b2a7dcb848676a083ff53284d64ad285717
SHA512aa2c4af0fe37a2fd6008f3d6f641a5b46f8c8290d044a4e7469eb0c82e1e590c284b0dc91e70bdd7e8111d389f625f2653291423aa0948dcf0b2b0dbafc7b68d
-
Filesize
57B
MD56cac2e7b99dbb1a1d56dbba546b3b23e
SHA10bbaa27de53da67b81a3a3304d557662846a8881
SHA25649092498ef25216532b8ac0d5b2b260619d7df4863fcd3566d548d46608a7225
SHA512e4a47887f6f9eafdd8bfd489eb6ffd8d8b7e89af5781693c2899bdac6f173fa1bd585b119c91299e0b1ac2f6d4193850b005291a2a5e709ea25e06be7033648c
-
Filesize
29B
MD5451515decf5943337e80b31564731d14
SHA18ffe53b5afaad1e3da608ad6b5fb72e1f0d3d989
SHA256b4a38d5e7d7b616c5c79dff39b5160e02c3d38b7117d93b51abd66a64093ce5f
SHA512653a0acea319c7d70e5dea5999bfaf33238cb79de11e2de28975cb80f632612952750dc950b92a5e908ee9d65c0a50d27b3d8c247e7122654cf03b74f19e8d52
-
Filesize
28B
MD54e7f727a3da88bb76adac3bebbb155c9
SHA1bb1ede39224444cbbf7a1f95a752ca54957f56c4
SHA256311446186a80bb610cafbb6fb5226cfacd1ac39cd3a84aa548df015e4ec7a79b
SHA512a8ea00beff8d1adffefd41ebb8a777cc238e7376f112ec154a85a309beffd42688767496c5f3cc541030dddd17c421ac2c9dbe128be07163028f2b7f8cdd872f
-
Filesize
72B
MD594ca67cedce4d36646354dbd90b750a0
SHA1a33f17cb4e5d45708bea75b51c516238117209e0
SHA2560283c368ba711edf04800dc675abeb5d8d8b94bfd4ed0a7f423f239f54a3de03
SHA512f76c3e1a479c6033be31fbcec37311d0095f0614a3b9913d0cb516a61f16ba84a8b48f82d4cf2ac16c60483e2a54aac99cafa451f89eb21f60b48e19040e623f
-
Filesize
57B
MD5b8a0cd44d8db08c20524efc6851da449
SHA10cc1c90c41b4c31449eac4b099c9011786e621bb
SHA256d19f30a3a16fd31c48b5084699f723df2371214dee12426bd7b71ce6a362ee5a
SHA5128ae95ddad48f9d2c319d9be86f2eef0f88d52ff70a073640195c9c79921103b31d6c1e10d4961f15b07f55068c5887e1b143b471e9712325fca0c4e8381184f5
-
Filesize
200B
MD53a32117095e0fdaaeb2475d8ba3c9d67
SHA17ac0da4efd418d563c5258c37633ebb05b230010
SHA256d718ba71a2621946270d05f1a501031e6ca4cb31f674c1d0bd63512d5ccd3f63
SHA512b1a60a212d2bb7a114f40a306a811490f1b23bad6816cf798aced4957ff89904de64aa9e193d92c989d4ed28d0236bfa47abdcdb4d2452b50c188941860b180f
-
Filesize
43B
MD5ee33e68ebd328cdb782fced6d07d4141
SHA10ddd5195640607f989eab3c56ba77343621ff1c7
SHA256317daff8f205727612be75db33d01f6ff10ac1e0ea7515f9895d81366c4a046a
SHA512b71fcdf2422ea44998c24e55ab320af9ced4778639721a62e1ebf8966ccf1251493668b184665ee0132649da58854fa67792e5c5031b11cb2b9329257d43cda2
-
Filesize
71B
MD525cd68deb7ad1e03d009030f24f43db2
SHA16b74528de267892a192067c53daeff4f412fef50
SHA2563b41d486669dba0300215bb9be42f57e4dc5412ff45b2f55c173d62f9a442c17
SHA512d561461ff58f54b45746dd35e5d2a2af8ebb1d54a461203b7f3d48ac7c33554129d1c3a5b85da8ff8c7e547eccd4b6aaf140030805ded18cba309077da9130ed
-
Filesize
143B
MD59983508ec8b95a5dca5d6b73984c815f
SHA120dbd0b19c9b6c591fbaff2c4dfd46faa36c6447
SHA256159596c56f739f41a54ae67be86efcf99830df9e31650ca7ecfb5da226723dd9
SHA51294e7130704c722b6508786d9d568fafbea0124c44b4940994b5e883945f77d7d4376af1a7ee9f4c639198d1e059a395c5d8246a21c2677d8ace53e6d38ccedfa
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
72KB
-
Filesize
140KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
60KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
140KB
-
Filesize
284KB
-
Filesize
368KB
-
Filesize
1.1MB
-
Filesize
908KB
-
Filesize
908KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
908KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
60KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
60KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
368KB
-
Filesize
284KB
-
Filesize
3.0MB
-
Filesize
1.1MB
-
Filesize
140KB
-
Filesize
3.0MB
-
Filesize
908KB
-
Filesize
908KB
-
Filesize
908KB
-
Filesize
3.0MB
-
Filesize
284KB
-
Filesize
908KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
284KB
-
Filesize
908KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB