Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
03-12-2024 16:39
General
-
Target
zapret-win-bundle-master/blockcheck/blockcheck.cmd
-
Size
194B
-
MD5
5763cb58e6d9b26d626dc860edf2d964
-
SHA1
e7a90688360deae0e0f44c2541b0aa392f622766
-
SHA256
5a2de13b097b1ee482f02052c72c5ed29d1541e139464a98697388f4e90cd998
-
SHA512
339ef0a577f6f6529d36aead691afe9eede48789908cbf30036f516842d3a100599bb3992c66663b085601e5ef8a4b0179644ba7571e23936ba9f5055d308299
Score
5/10
Malware Config
Signatures
-
Enumerates processes with tasklist 1 TTPs 2 IoCs
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 36 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\blockcheck.cmd"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\tools\elevator.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\..\tools\elevator" ..\cygwin\bin\bash -i "'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'3⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"7⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\tasklist.exeC:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq winws.exe"7⤵
- Enumerates processes with tasklist
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\tasklist.exeC:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq goodbyedpi.exe"7⤵
- Enumerates processes with tasklist
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe iana.org7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\ping.exeC:\Windows\system32\ping.exe -4 -n 1 -w 1000 8.8.8.87⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe iana.org 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exeC:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=47⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe pornhub.com 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exeC:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=47⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe ntc.party 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exeC:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=47⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe rutracker.org 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exeC:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=47⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe www.torproject.org 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exeC:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=47⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Windows\system32\nslookup.exeC:\Windows\system32\nslookup.exe bbc.com 8.8.8.87⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sort.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sort.exe"8⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"8⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"8⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"7⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"8⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe"9⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe"7⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe"C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
C:\Windows\servicing\TrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57B
MD5b61dbf9b0eb32ef5ecec360db6973df1
SHA13a73a9e6649d6f8b10f136e575cbc2049e296025
SHA25634d67ff1ffec0d83288bc73bf4036b8c23e1b4d84bc48d70175b2d372b10557e
SHA512a6e62681b1080989c736eecc288782857add9164e513161a4214bbab75cbed8e7d54663761ea2b915df384f74d2542e65eabbbf4ae161233824e57d7cdeddcb3
-
Filesize
28B
MD52bca117c7ca80d5951636483b6fe1a6b
SHA153311b733b86d547c4cd2808c1506b7d1c2e2280
SHA256a17d0f85df96c0dec8ca5934347045292cb2c3ff090fdb5e081f2a26b6a1d076
SHA512035be0f5c36235019e182c8c8cd05b5fbabd6b85e8931b579dd0ce65ba6aba35992cf61a603caa738ac8e55fe681fb6504332f8fae7f9be5a2e04d503056a21e
-
Filesize
72B
MD519cd2d0221be5ed8a5846c5c833628de
SHA1def8ef0f7170e79f5d7faf6c677302ef8eccc20e
SHA25622178bad2786d0776a18d3f9dc9c823329eae33f2d6d94c6ff48cbccb7ff1f27
SHA512d7e063fc7c8789369def8319b794976217494985d68b70f56ed58c8b5d5042dc4b7f1d40e878d6c620280184fd9df458b4fd6c8f89edc866efb7e3a2254129fe
-
Filesize
57B
MD5ebde8629ceb171cf6f07bb5634e615e2
SHA10fa52a303c29eb0f4c11db22b691101ba4ca90dd
SHA256a4a00f45a69e45786239bd380e579a8ac2e20ba8f5893f2aa416c73b435517f0
SHA51295af2dc8a4ccea3e34d188517d0b4585b28fc34dbe23dec8ee92af3f89e456ced536245f28a10391774c7eaaa5bafc91bd7ec7536e6489d6e28f8d159b9c9483
-
Filesize
14B
MD533f60dd6ef06bce06340797778c148ae
SHA15a5c11a86f5ef0e603a15bc41ad146d583a60a63
SHA256f9d879ff5b7a606aaff0e6d8f44007b10decd918495ecc688d885d9fe27774af
SHA5125e3983736a186607fb6a672ce904f7a0184a596ee11bb14d7909f33954d4621e2ef184718a207da3426511ce595e93c392714319c89368a77db651eac6dfc69f
-
Filesize
14B
MD584233515f8c3dfb3d3c8104583d3d22a
SHA1e9049ef4bac7a3bf8847d418784356e6d1b09f02
SHA256b361db25fd46ea38eca0669ec2326b298a30fed89947303b96d734eb02e08343
SHA5126174b8aa3a0c314eaee8b20a9483a0462c1f0b74d004f122be4ca52b171c59397713e1d2720947314c52d49f89f72088e60999ed8addd56252c3ab342def29b0
-
Filesize
28B
MD54e7f727a3da88bb76adac3bebbb155c9
SHA1bb1ede39224444cbbf7a1f95a752ca54957f56c4
SHA256311446186a80bb610cafbb6fb5226cfacd1ac39cd3a84aa548df015e4ec7a79b
SHA512a8ea00beff8d1adffefd41ebb8a777cc238e7376f112ec154a85a309beffd42688767496c5f3cc541030dddd17c421ac2c9dbe128be07163028f2b7f8cdd872f
-
Filesize
72B
MD50ac69c0cab59c0250841797fc53d5905
SHA13604e09df6a3cad76b0ffe825dfea4a3e61cfed7
SHA256e7ba625ab5dfc3561e1259a4bab33bc43eb6e999ce1fb3aab14e0cf598fe9b69
SHA51261e2657e2ee8ab085e35003221380232dfaed498a0e1fd13b0265126ce62f82db852d29fb3b5fe4b94a41af9ebcff197a94165adbba319a4bfc95feb12f3aec4
-
Filesize
128B
MD5734b74ba0049f81df4fa3c4736f7c057
SHA14dc53da97f59f85683cc6e9bede7bbcfdc94ae72
SHA25615c4c3112b930033c4d5b5c491f6a1e88b5a787880366397916ab6bc6b947517
SHA512a81e24e3762b0ec06490204fb398ba91e3aff2b1b719a083510cfb7c42d9037d5e01777f365a0aaf434055354d7c9737a42fefd73c47c48eb96a29d6610bef5f
-
Filesize
185B
MD568ad373f20cdd36af32834a7ee37924e
SHA1b73239fc57c466963cd3533f3240eaf75e5dc85a
SHA25678f9c86576ea9026b39efd4466539b3c60267c4f400b534582463b005f856e4e
SHA512ed4ad1eaeadd3e6413703b1ef983bb744c7c5785b35276a9775508ac1aced29d0f958a82958495910047d2bcab5cb893a09147f6f1a94927ae253c5eca69ba63
-
Filesize
28B
MD534728dcc159b2b3157d88bda83f39f7e
SHA139c35b23a489137fac8022572581e5b8dba8aa9e
SHA25642a50a19f3d726050777cb2f4d684b1c08774873348b035254d628d8a01c1be6
SHA512f73a8677edbae31e12d991ced857c4968b9ec5ebffda46f0bd9a3e3fe6487971830104001660a8686148a8a0857bc3537893cff38219442daf45e94a68f5b6cc
-
Filesize
56B
MD50b86555011d1c18046efb754d34c99be
SHA1089fb3dbc859c73882633869ddb11194e3896bbb
SHA2563c39dc27a0772f36697e2005917e864a0fb0e67a8a2ab45aa4642505bbb450dc
SHA5121bcbfacab6adf874398c9235045a7f8138f1f369af61e09e5ed42ec226c5df654a5027e07d43ad1e4767503a8b6182ab8be83a56ecca8bf1697d0e64c1800f84
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
908KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
60KB
-
Filesize
284KB
-
Filesize
3.0MB
-
Filesize
908KB
-
Filesize
908KB
-
Filesize
3.0MB
-
Filesize
140KB
-
Filesize
1.1MB
-
Filesize
908KB
-
Filesize
368KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
60KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
72KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
140KB
-
Filesize
52KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
284KB
-
Filesize
908KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
60KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
908KB
-
Filesize
284KB
-
Filesize
908KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
368KB
-
Filesize
140KB
-
Filesize
1.1MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
908KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB