93d7a877010b450bc56e3ed17f304debe0fc40fb86d89373e6f0f863a9261e2f

Analysis

max time kernel
143s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zapret-win-bundle-master/blockcheck/blockcheck.cmd
Size

199B
MD5

c8f6ce2373ae8cfcbe070e8347fec6b7
SHA1

6af61c6bacf9a43253071dbf2830022d73f19952
SHA256

c62021151e53f72de851086ce377b13ff7bce291d4d58bcc527cc2be5de6d697
SHA512

e5493c350519cd29c76cb5daef3136f346d6af4050284d582ef395dc2b0e1e037978e5aa05df666fd8eb6bbdaf8f5e746998ced42143891df32d3b8869d5c216

Score

5^/10

discovery

Malware Config

Signatures

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
2212	tasklist.exe
2916	tasklist.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1628	ping.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1628	ping.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2512	grep.exe
2512	grep.exe
2552	grep.exe
2552	grep.exe
2532	grep.exe
2532	grep.exe
2636	grep.exe
2636	grep.exe
2732	grep.exe
2732	grep.exe
2992	grep.exe
2992	grep.exe
2948	grep.exe
2948	grep.exe
2720	grep.exe
2720	grep.exe
2560	grep.exe
2560	grep.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2328	cygpath.exe
Token: SeBackupPrivilege	2328	cygpath.exe
Token: SeDebugPrivilege	2328	cygpath.exe
Token: SeRestorePrivilege	2544	bash.exe
Token: SeBackupPrivilege	2544	bash.exe
Token: SeDebugPrivilege	2544	bash.exe
Token: SeRestorePrivilege	2848	bash.exe
Token: SeBackupPrivilege	2848	bash.exe
Token: SeDebugPrivilege	2848	bash.exe
Token: SeRestorePrivilege	2848	bash.exe
Token: SeBackupPrivilege	2848	bash.exe
Token: SeDebugPrivilege	2848	bash.exe
Token: SeRestorePrivilege	2828	cygpath.exe
Token: SeBackupPrivilege	2828	cygpath.exe
Token: SeDebugPrivilege	2828	cygpath.exe
Token: SeRestorePrivilege	2896	bash.exe
Token: SeBackupPrivilege	2896	bash.exe
Token: SeDebugPrivilege	2896	bash.exe
Token: SeRestorePrivilege	2896	bash.exe
Token: SeBackupPrivilege	2896	bash.exe
Token: SeDebugPrivilege	2896	bash.exe
Token: SeRestorePrivilege	1320	cygpath.exe
Token: SeBackupPrivilege	1320	cygpath.exe
Token: SeDebugPrivilege	1320	cygpath.exe
Token: SeRestorePrivilege	2660	bash.exe
Token: SeBackupPrivilege	2660	bash.exe
Token: SeDebugPrivilege	2660	bash.exe
Token: SeRestorePrivilege	2660	bash.exe
Token: SeBackupPrivilege	2660	bash.exe
Token: SeDebugPrivilege	2660	bash.exe
Token: SeRestorePrivilege	928	dirname.exe
Token: SeBackupPrivilege	928	dirname.exe
Token: SeDebugPrivilege	928	dirname.exe
Token: SeRestorePrivilege	908	bash.exe
Token: SeBackupPrivilege	908	bash.exe
Token: SeDebugPrivilege	908	bash.exe
Token: SeRestorePrivilege	908	bash.exe
Token: SeBackupPrivilege	908	bash.exe
Token: SeDebugPrivilege	908	bash.exe
Token: SeRestorePrivilege	1852	bash.exe
Token: SeBackupPrivilege	1852	bash.exe
Token: SeDebugPrivilege	1852	bash.exe
Token: SeRestorePrivilege	1852	bash.exe
Token: SeBackupPrivilege	1852	bash.exe
Token: SeDebugPrivilege	1852	bash.exe
Token: SeRestorePrivilege	2708	bash.exe
Token: SeBackupPrivilege	2708	bash.exe
Token: SeDebugPrivilege	2708	bash.exe
Token: SeRestorePrivilege	2708	bash.exe
Token: SeBackupPrivilege	2708	bash.exe
Token: SeDebugPrivilege	2708	bash.exe
Token: SeRestorePrivilege	2860	sh.exe
Token: SeBackupPrivilege	2860	sh.exe
Token: SeDebugPrivilege	2860	sh.exe
Token: SeRestorePrivilege	1648	tee.exe
Token: SeBackupPrivilege	1648	tee.exe
Token: SeDebugPrivilege	1648	tee.exe
Token: SeRestorePrivilege	2796	sh.exe
Token: SeBackupPrivilege	2796	sh.exe
Token: SeDebugPrivilege	2796	sh.exe
Token: SeRestorePrivilege	2796	sh.exe
Token: SeBackupPrivilege	2796	sh.exe
Token: SeDebugPrivilege	2796	sh.exe
Token: SeRestorePrivilege	2704	dirname.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2212	1736	cmd.exe	31
PID 1736 wrote to memory of 2212	1736	cmd.exe	31
PID 1736 wrote to memory of 2212	1736	cmd.exe	31
PID 2212 wrote to memory of 2328	2212	cmd.exe	32
PID 2212 wrote to memory of 2328	2212	cmd.exe	32
PID 2212 wrote to memory of 2328	2212	cmd.exe	32
PID 1736 wrote to memory of 2388	1736	cmd.exe	33
PID 1736 wrote to memory of 2388	1736	cmd.exe	33
PID 1736 wrote to memory of 2388	1736	cmd.exe	33
PID 2388 wrote to memory of 2544	2388	wscript.exe	34
PID 2388 wrote to memory of 2544	2388	wscript.exe	34
PID 2388 wrote to memory of 2544	2388	wscript.exe	34
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2544 wrote to memory of 2848	2544	bash.exe	36
PID 2848 wrote to memory of 2828	2848	bash.exe	37
PID 2848 wrote to memory of 2828	2848	bash.exe	37
PID 2848 wrote to memory of 2828	2848	bash.exe	37
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2544 wrote to memory of 2896	2544	bash.exe	38
PID 2896 wrote to memory of 1320	2896	bash.exe	39
PID 2896 wrote to memory of 1320	2896	bash.exe	39
PID 2896 wrote to memory of 1320	2896	bash.exe	39
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2544 wrote to memory of 2660	2544	bash.exe	40
PID 2660 wrote to memory of 928	2660	bash.exe	41
PID 2660 wrote to memory of 928	2660	bash.exe	41
PID 2660 wrote to memory of 928	2660	bash.exe	41
PID 2544 wrote to memory of 908	2544	bash.exe	42
PID 2544 wrote to memory of 908	2544	bash.exe	42
PID 2544 wrote to memory of 908	2544	bash.exe	42
PID 2544 wrote to memory of 908	2544	bash.exe	42
PID 2544 wrote to memory of 908	2544	bash.exe	42
PID 2544 wrote to memory of 908	2544	bash.exe	42
PID 2544 wrote to memory of 908	2544	bash.exe	42

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\blockcheck.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2212
- - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
    ..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2328
- C:\Windows\system32\wscript.exe
  wscript ..\tools\elevator.vbs ..\cygwin\bin\bash -i "'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
    "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:928
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:908
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe"
        7⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"
        7⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1600
        
        C:\Windows\system32\tasklist.exe
        
        C:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq winws.exe"
        7⤵
        Enumerates processes with tasklist
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2172
        
        C:\Windows\system32\tasklist.exe
        
        C:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq goodbyedpi.exe"
        7⤵
        Enumerates processes with tasklist
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1512
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe w3.org
        7⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2656
        
        C:\Windows\system32\ping.exe
        
        C:\Windows\system32\ping.exe -4 -n 1 -w 1000 8.8.8.8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1976
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe w3.org 8.8.8.8
        7⤵
        
        PID:356
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2316
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe pornhub.com 8.8.8.8
        7⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:356
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2304
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe ntc.party 8.8.8.8
        7⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:536
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe rutracker.org 8.8.8.8
        7⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2032
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe www.torproject.org 8.8.8.8
        7⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2512
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe bbc.com 8.8.8.8
        7⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe"
        7⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe"
        9⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe"
        7⤵
        
        PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
57B

MD5
ebe872ecd3c83f0f2fef6025f045d1e4

SHA1
756cbc6339478da90000bc5a59c9f37475148106

SHA256
25a558856649f8d2310c3b5f0dd8a8764b66fc2316cb9022f59f0247c72d1250

SHA512
dad469b998a087895cc9e992d6cd29cff94ad90354c2bf5e38f51852992c56ec13a57daf9ee271675d1a6ce3f1c7705d53320005de84ded0b61f0aeec2b443d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
14B

MD5
33f60dd6ef06bce06340797778c148ae

SHA1
5a5c11a86f5ef0e603a15bc41ad146d583a60a63

SHA256
f9d879ff5b7a606aaff0e6d8f44007b10decd918495ecc688d885d9fe27774af

SHA512
5e3983736a186607fb6a672ce904f7a0184a596ee11bb14d7909f33954d4621e2ef184718a207da3426511ce595e93c392714319c89368a77db651eac6dfc69f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
14B

MD5
84233515f8c3dfb3d3c8104583d3d22a

SHA1
e9049ef4bac7a3bf8847d418784356e6d1b09f02

SHA256
b361db25fd46ea38eca0669ec2326b298a30fed89947303b96d734eb02e08343

SHA512
6174b8aa3a0c314eaee8b20a9483a0462c1f0b74d004f122be4ca52b171c59397713e1d2720947314c52d49f89f72088e60999ed8addd56252c3ab342def29b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
28B

MD5
4e7f727a3da88bb76adac3bebbb155c9

SHA1
bb1ede39224444cbbf7a1f95a752ca54957f56c4

SHA256
311446186a80bb610cafbb6fb5226cfacd1ac39cd3a84aa548df015e4ec7a79b

SHA512
a8ea00beff8d1adffefd41ebb8a777cc238e7376f112ec154a85a309beffd42688767496c5f3cc541030dddd17c421ac2c9dbe128be07163028f2b7f8cdd872f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
72B

MD5
a40a4ec07d9bda3e46224f3e9f3d2a05

SHA1
44beada97fd87b1cf4ba88497e02bfb7ff080a58

SHA256
c8db447c49ed18020617e18f2dfa8cf3ff4d2b4ae1c54f786ef7e8c1e2c38939

SHA512
98fe861d84860881c2cb1a7882dd643e25ecbecc432f48a9e1d3c958abab4413f6a1b8b2547df973f5bb779b6ecc7276c979e316623accd6eb150e3c8ea44ef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
8B

MD5
38a0ddaad60365a349c255b9ad6e2ac2

SHA1
c4c36a91b52b495ff25b50a041908b2fddb8f89e

SHA256
fcad3ca3c931e062c73989fa3b7ba2f5f02c581ab9e991ae32cb5f4547ade025

SHA512
48a0f255d1e8b189782d829a6a7881e06874f72a54c0305cdd527a8436ca11c8e57a85fd91bbbed4e19c852ccd524921c74ffb87a704d4506a0ece66bb95c70b

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
22B

MD5
362d334a21616fc8762b7dbac70af421

SHA1
f2d6ab953aa97ce67e4c0029df3b7b692c640fc3

SHA256
59f471487297933b4e69be3ad171935fded4f7dc088f9c39adeeee388197a8a2

SHA512
8d3b78943869295c10ab802d4868e5e213aced8dd3ab6e0c1f607c1ebdcadc440c92b6da9e27937b524672e9ccf3f9c349961f4061b27c863e352111c8a37533

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
80B

MD5
1d370eaf03652289db8cb21b42a32551

SHA1
5d552f4a48331fe89fd409e0cf1b10d073a31766

SHA256
965ba214d41524c966fea4b8f0b19a09e8c2c5c1e0ec41dcbd2925d951dc21ad

SHA512
ce9f79d39552656e6fd416cffddf5f3facf65da977e8e3ff10065ff3ede7482294372b3a76c0c429d4360a676922b8e1947d8d8e1a8d136227386af702571f26

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
128B

MD5
d4e5b14efec2f9ae86d748439460031a

SHA1
b2b98e392ff5adb25022697f348f812e34cfb564

SHA256
28fedcb4c7c47b7ae7f0ed894e7566fbac00de9ed0d7cdb2edafb719dba6fc2d

SHA512
ccbfaf317ea6e6de8b98b5e03d3614e7a4487c2e4d197a69f3517c6a48cb372633750f66903df8d76b3ea3c50b83a8af4df9e7550905e2c6cc18609e4888cb53

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
28B

MD5
34728dcc159b2b3157d88bda83f39f7e

SHA1
39c35b23a489137fac8022572581e5b8dba8aa9e

SHA256
42a50a19f3d726050777cb2f4d684b1c08774873348b035254d628d8a01c1be6

SHA512
f73a8677edbae31e12d991ced857c4968b9ec5ebffda46f0bd9a3e3fe6487971830104001660a8686148a8a0857bc3537893cff38219442daf45e94a68f5b6cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
56B

MD5
3714dc97b6bc0ab69e1d07c03392b2c8

SHA1
72993288c893974553c781a08aa05fa79835d555

SHA256
fef49336ffacf95942592122d3595f0ea015e21d1a9cf30e0584cbcc801e7578

SHA512
7618843cd9e5688790c2e0325ba22e6d02a197def5ff908a1f463794796d07438375e4677956de135bb77f298bdea9fa9ac7274c2ef00ef9fb2c79b2c74b61f0

Download Submit
memory/880-240-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/880-1046-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/880-163-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/908-95-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/908-89-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/908-86-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/928-64-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/928-75-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/928-62-0x0000000100400000-0x0000000100412000-memory.dmp

Filesize
72KB

Download
memory/944-175-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/944-169-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1076-168-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1140-212-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1140-310-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1320-48-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/1320-50-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1320-45-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1328-205-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1504-241-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1504-248-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1512-315-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1512-312-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1600-252-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1600-267-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1648-211-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1648-125-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1784-239-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1788-188-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1788-180-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1852-103-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/1852-132-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2072-282-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2072-289-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2172-279-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2172-301-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2324-156-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2324-150-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2328-263-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2328-255-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2328-1-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/2328-3-0x000007FEF62F0000-0x000007FEF65F2000-memory.dmp

Filesize
3.0MB

Download
memory/2328-0-0x000007FEF62F0000-0x000007FEF65F2000-memory.dmp

Filesize
3.0MB

Download
memory/2512-186-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2512-196-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2532-262-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2532-275-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2544-113-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2544-4-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2544-7-0x00000003FF430000-0x00000003FF48C000-memory.dmp

Filesize
368KB

Download
memory/2544-9-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2544-6-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/2544-10-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2544-8-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/2544-5-0x00000003FF670000-0x00000003FF782000-memory.dmp

Filesize
1.1MB

Download
memory/2552-219-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2552-227-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2636-291-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2636-302-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2660-67-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2660-58-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2660-74-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2660-72-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/2704-368-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2704-147-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2708-123-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2708-112-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2796-135-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2796-140-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2828-30-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2828-29-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/2848-26-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2848-20-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2848-11-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2848-19-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2848-12-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2848-24-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/2848-22-0x00000003FF670000-0x00000003FF782000-memory.dmp

Filesize
1.1MB

Download
memory/2848-23-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/2848-25-0x00000003FF430000-0x00000003FF48C000-memory.dmp

Filesize
368KB

Download
memory/2860-206-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2860-122-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2896-39-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2896-40-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download
memory/2896-38-0x000007FEF5FE0000-0x000007FEF62E2000-memory.dmp

Filesize
3.0MB

Download