c3f47c9ba60b84f174e6b1b4720743794253b2e7026efcca4c8eedaa0ae0ea3c

Analysis

max time kernel
144s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
03-12-2024 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zapret-win-bundle-master/blockcheck/blockcheck.cmd
Size

194B
MD5

5763cb58e6d9b26d626dc860edf2d964
SHA1

e7a90688360deae0e0f44c2541b0aa392f622766
SHA256

5a2de13b097b1ee482f02052c72c5ed29d1541e139464a98697388f4e90cd998
SHA512

339ef0a577f6f6529d36aead691afe9eede48789908cbf30036f516842d3a100599bb3992c66663b085601e5ef8a4b0179644ba7571e23936ba9f5055d308299

Score

5^/10

discovery

Malware Config

Signatures

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

Processes:

tasklist.exetasklist.exe

pid	Process
2372	tasklist.exe
2972	tasklist.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

Processes:

ping.exe

pid	Process
944	ping.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

Processes:

ping.exe

pid	Process
944	ping.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

grep.exegrep.exegrep.exegrep.exegrep.exegrep.exegrep.exegrep.exegrep.exe

pid	Process
1680	grep.exe
1680	grep.exe
1988	grep.exe
1988	grep.exe
2296	grep.exe
2296	grep.exe
2652	grep.exe
2652	grep.exe
1628	grep.exe
1628	grep.exe
988	grep.exe
988	grep.exe
2196	grep.exe
2196	grep.exe
2320	grep.exe
2320	grep.exe
2212	grep.exe
2212	grep.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

cygpath.exebash.exebash.execygpath.exebash.execygpath.exebash.exedirname.exebash.exebash.exebash.exesh.exesh.exetee.exedirname.exe

description	pid	Process
Token: SeRestorePrivilege	1724	cygpath.exe
Token: SeBackupPrivilege	1724	cygpath.exe
Token: SeDebugPrivilege	1724	cygpath.exe
Token: SeRestorePrivilege	2192	bash.exe
Token: SeBackupPrivilege	2192	bash.exe
Token: SeDebugPrivilege	2192	bash.exe
Token: SeRestorePrivilege	2760	bash.exe
Token: SeBackupPrivilege	2760	bash.exe
Token: SeDebugPrivilege	2760	bash.exe
Token: SeRestorePrivilege	2760	bash.exe
Token: SeBackupPrivilege	2760	bash.exe
Token: SeDebugPrivilege	2760	bash.exe
Token: SeRestorePrivilege	2768	cygpath.exe
Token: SeBackupPrivilege	2768	cygpath.exe
Token: SeDebugPrivilege	2768	cygpath.exe
Token: SeRestorePrivilege	2344	bash.exe
Token: SeBackupPrivilege	2344	bash.exe
Token: SeDebugPrivilege	2344	bash.exe
Token: SeRestorePrivilege	2344	bash.exe
Token: SeBackupPrivilege	2344	bash.exe
Token: SeDebugPrivilege	2344	bash.exe
Token: SeRestorePrivilege	2652	cygpath.exe
Token: SeBackupPrivilege	2652	cygpath.exe
Token: SeDebugPrivilege	2652	cygpath.exe
Token: SeRestorePrivilege	1948	bash.exe
Token: SeBackupPrivilege	1948	bash.exe
Token: SeDebugPrivilege	1948	bash.exe
Token: SeRestorePrivilege	1948	bash.exe
Token: SeBackupPrivilege	1948	bash.exe
Token: SeDebugPrivilege	1948	bash.exe
Token: SeRestorePrivilege	1108	dirname.exe
Token: SeBackupPrivilege	1108	dirname.exe
Token: SeDebugPrivilege	1108	dirname.exe
Token: SeRestorePrivilege	1944	bash.exe
Token: SeBackupPrivilege	1944	bash.exe
Token: SeDebugPrivilege	1944	bash.exe
Token: SeRestorePrivilege	1944	bash.exe
Token: SeBackupPrivilege	1944	bash.exe
Token: SeDebugPrivilege	1944	bash.exe
Token: SeRestorePrivilege	1276	bash.exe
Token: SeBackupPrivilege	1276	bash.exe
Token: SeDebugPrivilege	1276	bash.exe
Token: SeRestorePrivilege	1276	bash.exe
Token: SeBackupPrivilege	1276	bash.exe
Token: SeDebugPrivilege	1276	bash.exe
Token: SeRestorePrivilege	2844	bash.exe
Token: SeBackupPrivilege	2844	bash.exe
Token: SeDebugPrivilege	2844	bash.exe
Token: SeRestorePrivilege	2844	bash.exe
Token: SeBackupPrivilege	2844	bash.exe
Token: SeDebugPrivilege	2844	bash.exe
Token: SeRestorePrivilege	2152	sh.exe
Token: SeBackupPrivilege	2152	sh.exe
Token: SeDebugPrivilege	2152	sh.exe
Token: SeRestorePrivilege	3064	sh.exe
Token: SeBackupPrivilege	3064	sh.exe
Token: SeDebugPrivilege	3064	sh.exe
Token: SeRestorePrivilege	1464	tee.exe
Token: SeBackupPrivilege	1464	tee.exe
Token: SeDebugPrivilege	1464	tee.exe
Token: SeRestorePrivilege	3064	sh.exe
Token: SeBackupPrivilege	3064	sh.exe
Token: SeDebugPrivilege	3064	sh.exe
Token: SeRestorePrivilege	1968	dirname.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.execmd.exeelevator.exebash.exebash.exebash.exebash.exe

description	pid	Process	procid_target
PID 2296 wrote to memory of 300	2296	cmd.exe	31
PID 2296 wrote to memory of 300	2296	cmd.exe	31
PID 2296 wrote to memory of 300	2296	cmd.exe	31
PID 300 wrote to memory of 1724	300	cmd.exe	32
PID 300 wrote to memory of 1724	300	cmd.exe	32
PID 300 wrote to memory of 1724	300	cmd.exe	32
PID 2296 wrote to memory of 1916	2296	cmd.exe	33
PID 2296 wrote to memory of 1916	2296	cmd.exe	33
PID 2296 wrote to memory of 1916	2296	cmd.exe	33
PID 1916 wrote to memory of 2192	1916	elevator.exe	34
PID 1916 wrote to memory of 2192	1916	elevator.exe	34
PID 1916 wrote to memory of 2192	1916	elevator.exe	34
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2192 wrote to memory of 2760	2192	bash.exe	36
PID 2760 wrote to memory of 2768	2760	bash.exe	37
PID 2760 wrote to memory of 2768	2760	bash.exe	37
PID 2760 wrote to memory of 2768	2760	bash.exe	37
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2192 wrote to memory of 2344	2192	bash.exe	38
PID 2344 wrote to memory of 2652	2344	bash.exe	39
PID 2344 wrote to memory of 2652	2344	bash.exe	39
PID 2344 wrote to memory of 2652	2344	bash.exe	39
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 2192 wrote to memory of 1948	2192	bash.exe	40
PID 1948 wrote to memory of 1108	1948	bash.exe	41
PID 1948 wrote to memory of 1108	1948	bash.exe	41
PID 1948 wrote to memory of 1108	1948	bash.exe	41
PID 2192 wrote to memory of 1944	2192	bash.exe	42
PID 2192 wrote to memory of 1944	2192	bash.exe	42
PID 2192 wrote to memory of 1944	2192	bash.exe	42
PID 2192 wrote to memory of 1944	2192	bash.exe	42
PID 2192 wrote to memory of 1944	2192	bash.exe	42
PID 2192 wrote to memory of 1944	2192	bash.exe	42
PID 2192 wrote to memory of 1944	2192	bash.exe	42

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\blockcheck.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:300
- - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
    ..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1724
- C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\tools\elevator.exe
  "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\..\tools\elevator" ..\cygwin\bin\bash -i "'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1916
- - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
    "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe"
        7⤵
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"
        7⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1616
        
        C:\Windows\system32\tasklist.exe
        
        C:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq winws.exe"
        7⤵
        Enumerates processes with tasklist
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2820
        
        C:\Windows\system32\tasklist.exe
        
        C:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq goodbyedpi.exe"
        7⤵
        Enumerates processes with tasklist
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2172
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe iana.org
        7⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1072
        
        C:\Windows\system32\ping.exe
        
        C:\Windows\system32\ping.exe -4 -n 1 -w 1000 8.8.8.8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3020
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe iana.org 8.8.8.8
        7⤵
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:496
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:804
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe pornhub.com 8.8.8.8
        7⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:280
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1812
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe ntc.party 8.8.8.8
        7⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2752
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe rutracker.org 8.8.8.8
        7⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1336
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe www.torproject.org 8.8.8.8
        7⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1676
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe bbc.com 8.8.8.8
        7⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"
        7⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sort.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sort.exe"
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"
        8⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe"
        7⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe"
        9⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe"
        7⤵
        
        PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Remote System Discovery

T1018

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
72B

MD5
2394bee076c365d3b27a676c4a814993

SHA1
cddc4e35f292c3f91800aa95a23973fdc7c93b39

SHA256
9c1a0b23927dbc1587e6c55e038a8fca7a6ec81739076ef38c9064af46b73238

SHA512
7dc263b0907d21f2c7ecd9d201abd8539aac6984de3073d72f0206ec1f6136742cb8bb963fb8a7cc711b7ce4ebf7d403f5ae8df1d3811f878da7a0616ceb0e24

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
57B

MD5
9037336d0c7ebdcadfe439b9f45ff6b9

SHA1
c9f4409965b35ece63b367b95b172185a1889115

SHA256
7fd4f692fdfc887e9ce5484b5b1298465f13fc119cb95893633ccc3c727a9638

SHA512
df8a1f417db4c45cba77864603fbf73ff7aefb1c6f54026dece0ebe2a63a6ad7c35b0b063508ecd5ddf9d5971a7e063060201327002d0983a7de18ab231b211d

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
14B

MD5
33f60dd6ef06bce06340797778c148ae

SHA1
5a5c11a86f5ef0e603a15bc41ad146d583a60a63

SHA256
f9d879ff5b7a606aaff0e6d8f44007b10decd918495ecc688d885d9fe27774af

SHA512
5e3983736a186607fb6a672ce904f7a0184a596ee11bb14d7909f33954d4621e2ef184718a207da3426511ce595e93c392714319c89368a77db651eac6dfc69f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
14B

MD5
84233515f8c3dfb3d3c8104583d3d22a

SHA1
e9049ef4bac7a3bf8847d418784356e6d1b09f02

SHA256
b361db25fd46ea38eca0669ec2326b298a30fed89947303b96d734eb02e08343

SHA512
6174b8aa3a0c314eaee8b20a9483a0462c1f0b74d004f122be4ca52b171c59397713e1d2720947314c52d49f89f72088e60999ed8addd56252c3ab342def29b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
28B

MD5
2bca117c7ca80d5951636483b6fe1a6b

SHA1
53311b733b86d547c4cd2808c1506b7d1c2e2280

SHA256
a17d0f85df96c0dec8ca5934347045292cb2c3ff090fdb5e081f2a26b6a1d076

SHA512
035be0f5c36235019e182c8c8cd05b5fbabd6b85e8931b579dd0ce65ba6aba35992cf61a603caa738ac8e55fe681fb6504332f8fae7f9be5a2e04d503056a21e

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
72B

MD5
c88ebfae34f900b8ce4bdb4a8b731610

SHA1
87eea05f0fe3ce350bdef45e7a5397252af3a88f

SHA256
55320b2d27a2e36efe14c4fdb776fc5a63ee629c84470398b501218b57531121

SHA512
409ae7d51ede50f1ac3c3b49c8bf4938fa116a977de83fc334d26e513cfe404ae2a4c846882ef1f7b71d258a9da40c8e5147d80ba402bcc223c4dfba5f89281c

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
57B

MD5
9976edf4d559a5e27fe34a24733b2e91

SHA1
34f07ba44d34c488f5f210704e21d7523a6ddd91

SHA256
861d8a27fe896890338cc618484bb47c65a202a6fd34ad9b78e1d926ae22d3a2

SHA512
d4bd6c9a2f9cb78854ec88d7158804ba8a0244377cd35f2617c73901c5c6de49cf478cf8b38b33615e5c2c633ab49762cc2c442085471846758fa6ca38ca6f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
28B

MD5
4e7f727a3da88bb76adac3bebbb155c9

SHA1
bb1ede39224444cbbf7a1f95a752ca54957f56c4

SHA256
311446186a80bb610cafbb6fb5226cfacd1ac39cd3a84aa548df015e4ec7a79b

SHA512
a8ea00beff8d1adffefd41ebb8a777cc238e7376f112ec154a85a309beffd42688767496c5f3cc541030dddd17c421ac2c9dbe128be07163028f2b7f8cdd872f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
56B

MD5
0b86555011d1c18046efb754d34c99be

SHA1
089fb3dbc859c73882633869ddb11194e3896bbb

SHA256
3c39dc27a0772f36697e2005917e864a0fb0e67a8a2ab45aa4642505bbb450dc

SHA512
1bcbfacab6adf874398c9235045a7f8138f1f369af61e09e5ed42ec226c5df654a5027e07d43ad1e4767503a8b6182ab8be83a56ecca8bf1697d0e64c1800f84

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
128B

MD5
d62d1c0a09bc43a28d88c50157daa24b

SHA1
0978b4a235a86fd8e35dc6e8859f377986a592c3

SHA256
ccd3895a5b6683e0919f68c363d0015d5c5b79ddc82fcfd5b90e401d4cbc3bb3

SHA512
400467a08dec5aa8ce4f4f4cb64cb1acd7b59fcbae64d4710c61dbdd2fa7cd4afb5cdfb539a620d26ddecb0fbe2c13bff9f65f9694a3fa1328d82617d96c18a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
185B

MD5
f8cba4b39e4860012983813ac9f4b29e

SHA1
dd34f0bffb7c517fbccb85ceb769b8ac452567d2

SHA256
b3e13089d10d5c09f1b61ff8296c92277a6591d325f581625956b9a428c6f871

SHA512
5d3c412266745736b761cabc2db7aac83a4843c56a211057a1c32b1033b3bd21d0880b8f9703c89c10ab600690429bd0ab80acf2b2eb64df31d8f29c73e6917f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
28B

MD5
34728dcc159b2b3157d88bda83f39f7e

SHA1
39c35b23a489137fac8022572581e5b8dba8aa9e

SHA256
42a50a19f3d726050777cb2f4d684b1c08774873348b035254d628d8a01c1be6

SHA512
f73a8677edbae31e12d991ced857c4968b9ec5ebffda46f0bd9a3e3fe6487971830104001660a8686148a8a0857bc3537893cff38219442daf45e94a68f5b6cc

Download Submit
memory/292-176-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/988-699-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/988-326-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/988-219-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1044-183-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1044-178-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1060-171-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1108-79-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/1108-83-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1108-77-0x0000000100400000-0x0000000100412000-memory.dmp

Filesize
72KB

Download
memory/1276-129-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1276-107-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1304-236-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1304-242-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1464-142-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1600-243-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1600-251-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1616-273-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1616-269-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1680-204-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1680-196-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1712-211-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1712-324-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1724-1-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/1724-3-0x000007FEF5ED0000-0x000007FEF61D2000-memory.dmp

Filesize
3.0MB

Download
memory/1724-0-0x000007FEF5ED0000-0x000007FEF61D2000-memory.dmp

Filesize
3.0MB

Download
memory/1916-4-0x000000013F470000-0x000000013F47D000-memory.dmp

Filesize
52KB

Download
memory/1944-91-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/1944-98-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1944-89-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1948-65-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1948-67-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/1948-73-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1948-71-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/1968-154-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1988-232-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/1988-224-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2152-223-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2152-143-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2172-329-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2172-325-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2184-164-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2184-161-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2192-11-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2192-5-0x00000003FF670000-0x00000003FF782000-memory.dmp

Filesize
1.1MB

Download
memory/2192-9-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2192-7-0x00000003FF430000-0x00000003FF48C000-memory.dmp

Filesize
368KB

Download
memory/2192-8-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/2192-6-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/2192-141-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2192-10-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2296-277-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2296-1233-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2344-41-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2344-40-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2344-48-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2436-265-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2592-188-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2592-194-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2652-51-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/2652-53-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2652-297-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2652-308-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2652-47-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2760-29-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/2760-32-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2760-12-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2760-13-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2760-20-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2760-21-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2760-23-0x00000003FF670000-0x00000003FF782000-memory.dmp

Filesize
1.1MB

Download
memory/2760-26-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/2760-30-0x00000003FF430000-0x00000003FF48C000-memory.dmp

Filesize
368KB

Download
memory/2768-27-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/2768-31-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2820-309-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2820-284-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2844-120-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/2844-140-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/3032-287-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/3032-295-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download
memory/3064-149-0x000007FEF5BC0000-0x000007FEF5EC2000-memory.dmp

Filesize
3.0MB

Download