54189c71781c412ef7103f17df89a1bbf6e1b608b4f16479374191e3262d32ed

Analysis

max time kernel
142s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-12-2024 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zapret-win-bundle-master/blockcheck/blockcheck.cmd
Size

194B
MD5

5763cb58e6d9b26d626dc860edf2d964
SHA1

e7a90688360deae0e0f44c2541b0aa392f622766
SHA256

5a2de13b097b1ee482f02052c72c5ed29d1541e139464a98697388f4e90cd998
SHA512

339ef0a577f6f6529d36aead691afe9eede48789908cbf30036f516842d3a100599bb3992c66663b085601e5ef8a4b0179644ba7571e23936ba9f5055d308299

Score

5^/10

discovery

Malware Config

Signatures

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

Processes:

tasklist.exetasklist.exe

pid	Process
2616	tasklist.exe
2412	tasklist.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

Processes:

ping.exe

pid	Process
2904	ping.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

Processes:

ping.exe

pid	Process
2904	ping.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

grep.exegrep.exegrep.exegrep.exegrep.exegrep.exegrep.exegrep.exegrep.exe

pid	Process
816	grep.exe
816	grep.exe
1436	grep.exe
1436	grep.exe
2532	grep.exe
2532	grep.exe
2608	grep.exe
2608	grep.exe
1256	grep.exe
1256	grep.exe
2156	grep.exe
2156	grep.exe
2372	grep.exe
2372	grep.exe
1652	grep.exe
1652	grep.exe
3020	grep.exe
3020	grep.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

cygpath.exebash.exebash.execygpath.exebash.execygpath.exebash.exedirname.exebash.exebash.exebash.exesh.exetee.exesh.exedirname.exe

description	pid	Process
Token: SeRestorePrivilege	2132	cygpath.exe
Token: SeBackupPrivilege	2132	cygpath.exe
Token: SeDebugPrivilege	2132	cygpath.exe
Token: SeRestorePrivilege	1968	bash.exe
Token: SeBackupPrivilege	1968	bash.exe
Token: SeDebugPrivilege	1968	bash.exe
Token: SeRestorePrivilege	2828	bash.exe
Token: SeBackupPrivilege	2828	bash.exe
Token: SeDebugPrivilege	2828	bash.exe
Token: SeRestorePrivilege	2828	bash.exe
Token: SeBackupPrivilege	2828	bash.exe
Token: SeDebugPrivilege	2828	bash.exe
Token: SeRestorePrivilege	2844	cygpath.exe
Token: SeBackupPrivilege	2844	cygpath.exe
Token: SeDebugPrivilege	2844	cygpath.exe
Token: SeRestorePrivilege	2780	bash.exe
Token: SeBackupPrivilege	2780	bash.exe
Token: SeDebugPrivilege	2780	bash.exe
Token: SeRestorePrivilege	2780	bash.exe
Token: SeBackupPrivilege	2780	bash.exe
Token: SeDebugPrivilege	2780	bash.exe
Token: SeRestorePrivilege	2652	cygpath.exe
Token: SeBackupPrivilege	2652	cygpath.exe
Token: SeDebugPrivilege	2652	cygpath.exe
Token: SeRestorePrivilege	2716	bash.exe
Token: SeBackupPrivilege	2716	bash.exe
Token: SeDebugPrivilege	2716	bash.exe
Token: SeRestorePrivilege	2716	bash.exe
Token: SeBackupPrivilege	2716	bash.exe
Token: SeDebugPrivilege	2716	bash.exe
Token: SeRestorePrivilege	2436	dirname.exe
Token: SeBackupPrivilege	2436	dirname.exe
Token: SeDebugPrivilege	2436	dirname.exe
Token: SeRestorePrivilege	2888	bash.exe
Token: SeBackupPrivilege	2888	bash.exe
Token: SeDebugPrivilege	2888	bash.exe
Token: SeRestorePrivilege	2888	bash.exe
Token: SeBackupPrivilege	2888	bash.exe
Token: SeDebugPrivilege	2888	bash.exe
Token: SeRestorePrivilege	376	bash.exe
Token: SeBackupPrivilege	376	bash.exe
Token: SeDebugPrivilege	376	bash.exe
Token: SeRestorePrivilege	376	bash.exe
Token: SeBackupPrivilege	376	bash.exe
Token: SeDebugPrivilege	376	bash.exe
Token: SeRestorePrivilege	1716	bash.exe
Token: SeBackupPrivilege	1716	bash.exe
Token: SeDebugPrivilege	1716	bash.exe
Token: SeRestorePrivilege	1716	bash.exe
Token: SeBackupPrivilege	1716	bash.exe
Token: SeDebugPrivilege	1716	bash.exe
Token: SeRestorePrivilege	780	sh.exe
Token: SeBackupPrivilege	780	sh.exe
Token: SeDebugPrivilege	780	sh.exe
Token: SeRestorePrivilege	1592	tee.exe
Token: SeBackupPrivilege	1592	tee.exe
Token: SeDebugPrivilege	1592	tee.exe
Token: SeRestorePrivilege	1640	sh.exe
Token: SeBackupPrivilege	1640	sh.exe
Token: SeDebugPrivilege	1640	sh.exe
Token: SeRestorePrivilege	1640	sh.exe
Token: SeBackupPrivilege	1640	sh.exe
Token: SeDebugPrivilege	1640	sh.exe
Token: SeRestorePrivilege	2304	dirname.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.execmd.exeelevator.exebash.exebash.exebash.exebash.exe

description	pid	Process	procid_target
PID 1232 wrote to memory of 1984	1232	cmd.exe	31
PID 1232 wrote to memory of 1984	1232	cmd.exe	31
PID 1232 wrote to memory of 1984	1232	cmd.exe	31
PID 1984 wrote to memory of 2132	1984	cmd.exe	32
PID 1984 wrote to memory of 2132	1984	cmd.exe	32
PID 1984 wrote to memory of 2132	1984	cmd.exe	32
PID 1232 wrote to memory of 2532	1232	cmd.exe	33
PID 1232 wrote to memory of 2532	1232	cmd.exe	33
PID 1232 wrote to memory of 2532	1232	cmd.exe	33
PID 2532 wrote to memory of 1968	2532	elevator.exe	34
PID 2532 wrote to memory of 1968	2532	elevator.exe	34
PID 2532 wrote to memory of 1968	2532	elevator.exe	34
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 1968 wrote to memory of 2828	1968	bash.exe	36
PID 2828 wrote to memory of 2844	2828	bash.exe	37
PID 2828 wrote to memory of 2844	2828	bash.exe	37
PID 2828 wrote to memory of 2844	2828	bash.exe	37
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 1968 wrote to memory of 2780	1968	bash.exe	38
PID 2780 wrote to memory of 2652	2780	bash.exe	98
PID 2780 wrote to memory of 2652	2780	bash.exe	98
PID 2780 wrote to memory of 2652	2780	bash.exe	98
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 1968 wrote to memory of 2716	1968	bash.exe	40
PID 2716 wrote to memory of 2436	2716	bash.exe	100
PID 2716 wrote to memory of 2436	2716	bash.exe	100
PID 2716 wrote to memory of 2436	2716	bash.exe	100
PID 1968 wrote to memory of 2888	1968	bash.exe	42
PID 1968 wrote to memory of 2888	1968	bash.exe	42
PID 1968 wrote to memory of 2888	1968	bash.exe	42
PID 1968 wrote to memory of 2888	1968	bash.exe	42
PID 1968 wrote to memory of 2888	1968	bash.exe	42
PID 1968 wrote to memory of 2888	1968	bash.exe	42
PID 1968 wrote to memory of 2888	1968	bash.exe	42

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\blockcheck.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1984
- - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
    ..\cygwin\bin\cygpath -C OEM -a -m zapret\blog.sh
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2132
- C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\tools\elevator.exe
  "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\..\tools\elevator" ..\cygwin\bin\bash -i "'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
    "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cygpath.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\dirname.exe"
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sleep.exe"
        7⤵
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"
        7⤵
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2104
        
        C:\Windows\system32\tasklist.exe
        
        C:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq winws.exe"
        7⤵
        Enumerates processes with tasklist
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2872
        
        C:\Windows\system32\tasklist.exe
        
        C:\Windows\system32\tasklist.exe /NH /FI "IMAGENAME eq goodbyedpi.exe"
        7⤵
        Enumerates processes with tasklist
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2796
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe iana.org
        7⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1644
        
        C:\Windows\system32\ping.exe
        
        C:\Windows\system32\ping.exe -4 -n 1 -w 1000 8.8.8.8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1812
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe iana.org 8.8.8.8
        7⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2352
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe pornhub.com 8.8.8.8
        7⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1868
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe ntc.party 8.8.8.8
        7⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:396
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe rutracker.org 8.8.8.8
        7⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2648
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe www.torproject.org 8.8.8.8
        7⤵
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\blockcheck\zapret\mdig\mdig.exe --family=4
        7⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tr.exe"
        7⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\readlink.exe"
        7⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1944
        
        C:\Windows\system32\nslookup.exe
        
        C:\Windows\system32\nslookup.exe bbc.com 8.8.8.8
        7⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sed.exe"
        7⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\grep.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\cat.exe"
        7⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"
        7⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sort.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sort.exe"
        8⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\wc.exe"
        8⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\rm.exe"
        7⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\uname.exe"
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        8⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\gawk.exe"
        9⤵
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\sh.exe"
        6⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\usr\local\bin\curl.exe"
        7⤵
        
        PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\bash.exe" -i 'C:/Users/Admin/AppData/Local/Temp/zapret-win-bundle-master/blockcheck/zapret/blog.sh'
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\bin\tee.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Remote System Discovery

T1018

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
72B

MD5
dcd5a23400726908d479deced1ac96ee

SHA1
7313e8300a59749b28070c47e9ca6f7aca25b00f

SHA256
ba8fde76e7ca0b1c9055bdb0ec522222102982a60f873774ff97890832b60e98

SHA512
26e0dbc6a0433835d299fb9be901961aa9ff03b776dd631c8db1cd02d27812a91c48798b80025cae032ca5ae6fa425bf9a09b44480e5c126f69f4b7462ce5149

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
57B

MD5
6cac2e7b99dbb1a1d56dbba546b3b23e

SHA1
0bbaa27de53da67b81a3a3304d557662846a8881

SHA256
49092498ef25216532b8ac0d5b2b260619d7df4863fcd3566d548d46608a7225

SHA512
e4a47887f6f9eafdd8bfd489eb6ffd8d8b7e89af5781693c2899bdac6f173fa1bd585b119c91299e0b1ac2f6d4193850b005291a2a5e709ea25e06be7033648c

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
14B

MD5
84233515f8c3dfb3d3c8104583d3d22a

SHA1
e9049ef4bac7a3bf8847d418784356e6d1b09f02

SHA256
b361db25fd46ea38eca0669ec2326b298a30fed89947303b96d734eb02e08343

SHA512
6174b8aa3a0c314eaee8b20a9483a0462c1f0b74d004f122be4ca52b171c59397713e1d2720947314c52d49f89f72088e60999ed8addd56252c3ab342def29b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig1.txt

Filesize
28B

MD5
2bca117c7ca80d5951636483b6fe1a6b

SHA1
53311b733b86d547c4cd2808c1506b7d1c2e2280

SHA256
a17d0f85df96c0dec8ca5934347045292cb2c3ff090fdb5e081f2a26b6a1d076

SHA512
035be0f5c36235019e182c8c8cd05b5fbabd6b85e8931b579dd0ce65ba6aba35992cf61a603caa738ac8e55fe681fb6504332f8fae7f9be5a2e04d503056a21e

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
57B

MD5
9976edf4d559a5e27fe34a24733b2e91

SHA1
34f07ba44d34c488f5f210704e21d7523a6ddd91

SHA256
861d8a27fe896890338cc618484bb47c65a202a6fd34ad9b78e1d926ae22d3a2

SHA512
d4bd6c9a2f9cb78854ec88d7158804ba8a0244377cd35f2617c73901c5c6de49cf478cf8b38b33615e5c2c633ab49762cc2c442085471846758fa6ca38ca6f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
14B

MD5
33f60dd6ef06bce06340797778c148ae

SHA1
5a5c11a86f5ef0e603a15bc41ad146d583a60a63

SHA256
f9d879ff5b7a606aaff0e6d8f44007b10decd918495ecc688d885d9fe27774af

SHA512
5e3983736a186607fb6a672ce904f7a0184a596ee11bb14d7909f33954d4621e2ef184718a207da3426511ce595e93c392714319c89368a77db651eac6dfc69f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
28B

MD5
4e7f727a3da88bb76adac3bebbb155c9

SHA1
bb1ede39224444cbbf7a1f95a752ca54957f56c4

SHA256
311446186a80bb610cafbb6fb5226cfacd1ac39cd3a84aa548df015e4ec7a79b

SHA512
a8ea00beff8d1adffefd41ebb8a777cc238e7376f112ec154a85a309beffd42688767496c5f3cc541030dddd17c421ac2c9dbe128be07163028f2b7f8cdd872f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\dig2.txt

Filesize
72B

MD5
4fa2a5e5f9cfefa28c56f2d5578e2129

SHA1
20d3979a41d91448658629d79aa19c7c08795f30

SHA256
0f97889af3e2f17db9961ccaeaec7d5daba446e556a41a770e102023fccb016e

SHA512
33ea8a1b9d87d19ce5a9ded8292b5d0bf3cc20c285037a347b92b4c1dc7f970bc9200a95098e7e10a42114f5a4a16dc881ee3d864e27f05237191d68e8656b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
56B

MD5
0b86555011d1c18046efb754d34c99be

SHA1
089fb3dbc859c73882633869ddb11194e3896bbb

SHA256
3c39dc27a0772f36697e2005917e864a0fb0e67a8a2ab45aa4642505bbb450dc

SHA512
1bcbfacab6adf874398c9235045a7f8138f1f369af61e09e5ed42ec226c5df654a5027e07d43ad1e4767503a8b6182ab8be83a56ecca8bf1697d0e64c1800f84

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
128B

MD5
cfb40a23d040f75f7c4b61468ab22b42

SHA1
25ef6770b6d400fedc750b67fc42f9fb7281860c

SHA256
bed3e18e6204d2720ce1d3d7769d3ea57b54a2bbf6055c66b10470268d22e6b5

SHA512
cd848ed0b57fe01f8472f4e5fdae56a89dc348760bf3417fb03b42ec6346cad3b11c005ccc87fad9f875d8a3f71542ab222cd27e33f6e0740726614289038db9

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
185B

MD5
8365de82d2163dee80a4c0bda408f6db

SHA1
a30ba8c6bd9c13771e00da4296832ef4650fef1e

SHA256
5c272bc70cacd4f45ec92cf56259ae503f188c37e17738e95ae010cc1ac8a3bc

SHA512
5028295526bb011bd05e61f95902a498c8e9e8249faa5547347183eaa7f7cae0af1941290132b39bf77fa55163760378568b1345fc4fdd556868142f66876bb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapret-win-bundle-master\cygwin\tmp\digs.txt

Filesize
28B

MD5
34728dcc159b2b3157d88bda83f39f7e

SHA1
39c35b23a489137fac8022572581e5b8dba8aa9e

SHA256
42a50a19f3d726050777cb2f4d684b1c08774873348b035254d628d8a01c1be6

SHA512
f73a8677edbae31e12d991ced857c4968b9ec5ebffda46f0bd9a3e3fe6487971830104001660a8686148a8a0857bc3537893cff38219442daf45e94a68f5b6cc

Download Submit
memory/292-236-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/292-507-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/376-125-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/376-108-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/440-260-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/440-172-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/780-211-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/780-138-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/816-191-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/816-199-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1436-226-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1592-139-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1640-146-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1640-140-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1680-290-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1680-300-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1716-136-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1716-117-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1848-239-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1848-247-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1868-183-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1868-190-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1968-11-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/1968-10-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/1968-9-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1968-6-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/1968-7-0x00000003FF430000-0x00000003FF48C000-memory.dmp

Filesize
368KB

Download
memory/1968-8-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/1968-128-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/1968-5-0x00000003FF670000-0x00000003FF782000-memory.dmp

Filesize
1.1MB

Download
memory/2028-270-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2028-178-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2104-278-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2116-269-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2116-1330-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2132-3-0x000007FEF66E0000-0x000007FEF69E2000-memory.dmp

Filesize
3.0MB

Download
memory/2132-0-0x000007FEF66E0000-0x000007FEF69E2000-memory.dmp

Filesize
3.0MB

Download
memory/2132-1-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/2268-206-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2304-230-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2304-152-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2436-72-0x0000000100400000-0x0000000100412000-memory.dmp

Filesize
72KB

Download
memory/2436-76-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/2436-82-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2436-84-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2532-284-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2532-4-0x000000013FF10000-0x000000013FF1D000-memory.dmp

Filesize
52KB

Download
memory/2532-272-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2608-301-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2608-314-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2652-54-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2652-49-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2652-52-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/2716-80-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/2716-73-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2716-83-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2716-66-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2780-43-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2780-44-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2780-42-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2796-329-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2796-332-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2808-655-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2808-218-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2828-26-0x00000003FF670000-0x00000003FF782000-memory.dmp

Filesize
1.1MB

Download
memory/2828-27-0x00000003FF640000-0x00000003FF663000-memory.dmp

Filesize
140KB

Download
memory/2828-12-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2828-13-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2828-20-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2828-31-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2828-29-0x00000003FF430000-0x00000003FF48C000-memory.dmp

Filesize
368KB

Download
memory/2828-24-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2828-28-0x00000003FF140000-0x00000003FF187000-memory.dmp

Filesize
284KB

Download
memory/2844-34-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2844-30-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2844-32-0x0000000100400000-0x000000010040F000-memory.dmp

Filesize
60KB

Download
memory/2872-288-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2872-310-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2888-95-0x0000000100400000-0x00000001004E3000-memory.dmp

Filesize
908KB

Download
memory/2888-96-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2888-92-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2920-167-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2920-238-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2976-237-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download
memory/2976-160-0x000007FEF63D0000-0x000007FEF66D2000-memory.dmp

Filesize
3.0MB

Download