4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6

Resubmissions

12/12/2024, 19:32

241212-x9e15svnbv 10

12/12/2024, 19:32

241212-x8638sxjep 9

12/12/2024, 19:19

241212-x1wyaswqbq 10

Analysis

max time kernel
11s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/12/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe
Size

624KB
MD5

84b88ac81e4872ff3bf15c72f431d101
SHA1

0823d067541de16325e5454a91b57262365a0705
SHA256

4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6
SHA512

185691b0103669c5aa25b22c36f29ddb66f074e0f2e3ae6a36ed8917c35f1fba71fba65c11c3211ce64f6c5919ac879ce0fdcc4dddae420cbecf40711dff1860
SSDEEP

12288:V4eCA30wfnlxvaUwZNf6qYID7ZJuIQOsknZh20QyCkje0ZM7qgbGKTO7muYpralU:3C8valgsDyfSBKXyMUkW2LILGBm3IzPB

Score

6^/10

discovery execution

Malware Config

Signatures

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4832	powershell.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4832	powershell.exe
4832	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4832	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 4832	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	83
PID 2104 wrote to memory of 4832	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	83
PID 2104 wrote to memory of 4832	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	83
PID 2104 wrote to memory of 4188	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	85
PID 2104 wrote to memory of 4188	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	85
PID 2104 wrote to memory of 4188	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	85
PID 4188 wrote to memory of 2796	4188	net.exe	87
PID 4188 wrote to memory of 2796	4188	net.exe	87
PID 4188 wrote to memory of 2796	4188	net.exe	87
PID 2104 wrote to memory of 4580	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	88
PID 2104 wrote to memory of 4580	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	88
PID 2104 wrote to memory of 4580	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	88
PID 4580 wrote to memory of 4936	4580	net.exe	90
PID 4580 wrote to memory of 4936	4580	net.exe	90
PID 4580 wrote to memory of 4936	4580	net.exe	90
PID 2104 wrote to memory of 2784	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	91
PID 2104 wrote to memory of 2784	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	91
PID 2104 wrote to memory of 2784	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	91
PID 2784 wrote to memory of 3616	2784	net.exe	93
PID 2784 wrote to memory of 3616	2784	net.exe	93
PID 2784 wrote to memory of 3616	2784	net.exe	93
PID 2104 wrote to memory of 2440	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	94
PID 2104 wrote to memory of 2440	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	94
PID 2104 wrote to memory of 2440	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	94
PID 2440 wrote to memory of 3256	2440	net.exe	96
PID 2440 wrote to memory of 3256	2440	net.exe	96
PID 2440 wrote to memory of 3256	2440	net.exe	96
PID 2104 wrote to memory of 1412	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	97
PID 2104 wrote to memory of 1412	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	97
PID 2104 wrote to memory of 1412	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	97
PID 1412 wrote to memory of 2004	1412	net.exe	99
PID 1412 wrote to memory of 2004	1412	net.exe	99
PID 1412 wrote to memory of 2004	1412	net.exe	99
PID 2104 wrote to memory of 4984	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	100
PID 2104 wrote to memory of 4984	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	100
PID 2104 wrote to memory of 4984	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	100
PID 4984 wrote to memory of 4504	4984	net.exe	102
PID 4984 wrote to memory of 4504	4984	net.exe	102
PID 4984 wrote to memory of 4504	4984	net.exe	102
PID 2104 wrote to memory of 3544	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	103
PID 2104 wrote to memory of 3544	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	103
PID 2104 wrote to memory of 3544	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	103
PID 3544 wrote to memory of 2640	3544	net.exe	105
PID 3544 wrote to memory of 2640	3544	net.exe	105
PID 3544 wrote to memory of 2640	3544	net.exe	105
PID 2104 wrote to memory of 3884	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	106
PID 2104 wrote to memory of 3884	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	106
PID 2104 wrote to memory of 3884	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	106
PID 3884 wrote to memory of 2496	3884	net.exe	108
PID 3884 wrote to memory of 2496	3884	net.exe	108
PID 3884 wrote to memory of 2496	3884	net.exe	108
PID 2104 wrote to memory of 512	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	109
PID 2104 wrote to memory of 512	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	109
PID 2104 wrote to memory of 512	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	109
PID 512 wrote to memory of 4464	512	net.exe	111
PID 512 wrote to memory of 4464	512	net.exe	111
PID 512 wrote to memory of 4464	512	net.exe	111
PID 2104 wrote to memory of 4728	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	112
PID 2104 wrote to memory of 4728	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	112
PID 2104 wrote to memory of 4728	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	112
PID 4728 wrote to memory of 3328	4728	net.exe	114
PID 4728 wrote to memory of 3328	4728	net.exe	114
PID 4728 wrote to memory of 3328	4728	net.exe	114
PID 2104 wrote to memory of 4556	2104	4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe	115

C:\Users\Admin\AppData\Local\Temp\4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe
"C:\Users\Admin\AppData\Local\Temp\4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "& { }"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4832
- C:\Windows\SysWOW64\net.exe
  net stop "Acronis VSS Provider" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4188
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Acronis VSS Provider" /y
    3⤵
    PID:2796
- C:\Windows\SysWOW64\net.exe
  net stop "Enterprise Client Service" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4580
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Enterprise Client Service" /y
    3⤵
    PID:4936
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos Agent" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos Agent" /y
    3⤵
    PID:3616
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos AutoUpdate Service" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos AutoUpdate Service" /y
    3⤵
    PID:3256
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos Clean Service" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1412
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos Clean Service" /y
    3⤵
    PID:2004
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos Device Control Service" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4984
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos Device Control Service" /y
    3⤵
    PID:4504
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos File Scanner Service" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3544
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos File Scanner Service" /y
    3⤵
    PID:2640
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos Health Service" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3884
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos Health Service" /y
    3⤵
    PID:2496
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos MCS Agent" /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:512
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos MCS Agent" /y
    3⤵
    PID:4464
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos MCS Client" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4728
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos MCS Client" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3328
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos Message Router" /y
  2⤵
  PID:4556
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos Message Router" /y
    3⤵
    PID:4276
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos Safestore Service" /y
  2⤵
  PID:3644
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos Safestore Service" /y
    3⤵
    PID:4004
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos System Protection Service" /y
  2⤵
  PID:2120
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos System Protection Service" /y
    3⤵
    PID:1796
- C:\Windows\SysWOW64\net.exe
  net stop "Sophos Web Control Service" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1460
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Sophos Web Control Service" /y
    3⤵
    PID:2948
- C:\Windows\SysWOW64\net.exe
  net stop "SQLsafe Backup Service" /y
  2⤵
  PID:3880
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLsafe Backup Service" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4108
- C:\Windows\SysWOW64\net.exe
  net stop "SQLsafe Filter Service" /y
  2⤵
  PID:2856
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLsafe Filter Service" /y
    3⤵
    PID:1044
- C:\Windows\SysWOW64\net.exe
  net stop "Symantec System Recovery" /y
  2⤵
  PID:3064
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Symantec System Recovery" /y
    3⤵
    PID:2368
- C:\Windows\SysWOW64\net.exe
  net stop "Veeam Backup Catalog Data Service" /y
  2⤵
  PID:2988
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Veeam Backup Catalog Data Service" /y
    3⤵
    PID:3468
- C:\Windows\SysWOW64\net.exe
  net stop "AcronisAgent" /y
  2⤵
  PID:2956
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "AcronisAgent" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3640
- C:\Windows\SysWOW64\net.exe
  net stop "AcrSch2Svc" /y
  2⤵
  PID:4596
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "AcrSch2Svc" /y
    3⤵
    PID:4940
- C:\Windows\SysWOW64\net.exe
  net stop "Antivirus" /y
  2⤵
  PID:3952
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Antivirus" /y
    3⤵
    PID:2592
- C:\Windows\SysWOW64\net.exe
  net stop "ARSM" /y
  2⤵
  PID:3840
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "ARSM" /y
    3⤵
    PID:2752
- C:\Windows\SysWOW64\net.exe
  net stop "BackupExecAgentAccelerator" /y
  2⤵
  PID:1924
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "BackupExecAgentAccelerator" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2700
- C:\Windows\SysWOW64\net.exe
  net stop "BackupExecAgentBrowser" /y
  2⤵
  PID:2128
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "BackupExecAgentBrowser" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4536
- C:\Windows\SysWOW64\net.exe
  net stop "BackupExecDeviceMediaService" /y
  2⤵
  PID:4856
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "BackupExecDeviceMediaService" /y
    3⤵
    PID:3808
- C:\Windows\SysWOW64\net.exe
  net stop "BackupExecJobEngine" /y
  2⤵
  PID:2232
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "BackupExecJobEngine" /y
    3⤵
    PID:2800
- C:\Windows\SysWOW64\net.exe
  net stop "BackupExecManagementService" /y
  2⤵
  PID:1672
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "BackupExecManagementService" /y
    3⤵
    PID:4036
- C:\Windows\SysWOW64\net.exe
  net stop "BackupExecRPCService" /y
  2⤵
  PID:1964
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "BackupExecRPCService" /y
    3⤵
    PID:2216
- C:\Windows\SysWOW64\net.exe
  net stop "BackupExecVSSProvider" /y
  2⤵
  PID:1512
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "BackupExecVSSProvider" /y
    3⤵
    PID:1652
- C:\Windows\SysWOW64\net.exe
  net stop "bedbg" /y
  2⤵
  PID:1836
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "bedbg" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2512
- C:\Windows\SysWOW64\net.exe
  net stop "DCAgent" /y
  2⤵
  PID:3304
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "DCAgent" /y
    3⤵
    PID:4752
- C:\Windows\SysWOW64\net.exe
  net stop "EPSecurityService" /y
  2⤵
  PID:3704
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "EPSecurityService" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4440
- C:\Windows\SysWOW64\net.exe
  net stop "EPUpdateService" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5092
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "EPUpdateService" /y
    3⤵
    PID:3372
- C:\Windows\SysWOW64\net.exe
  net stop "EraserSvc11710" /y
  2⤵
  PID:3768
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "EraserSvc11710" /y
    3⤵
    PID:1128
- C:\Windows\SysWOW64\net.exe
  net stop "EsgShKernel" /y
  2⤵
  PID:1300
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "EsgShKernel" /y
    3⤵
    PID:1984
- C:\Windows\SysWOW64\net.exe
  net stop "FA_Scheduler" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:448
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "FA_Scheduler" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4564
- C:\Windows\SysWOW64\net.exe
  net stop "IISAdmin" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2940
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "IISAdmin" /y
    3⤵
    PID:2808
- C:\Windows\SysWOW64\net.exe
  net stop "IMAP4Svc" /y
  2⤵
  PID:2160
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "IMAP4Svc" /y
    3⤵
    PID:2396
- C:\Windows\SysWOW64\net.exe
  net stop "macmnsvc" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3624
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "macmnsvc" /y
    3⤵
    PID:2896
- C:\Windows\SysWOW64\net.exe
  net stop "masvc" /y
  2⤵
  PID:4008
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "masvc" /y
    3⤵
    PID:2204
- C:\Windows\SysWOW64\net.exe
  net stop "MBAMService" /y
  2⤵
  PID:4776
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MBAMService" /y
    3⤵
    PID:1416
- C:\Windows\SysWOW64\net.exe
  net stop "MBEndpointAgent" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3252
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MBEndpointAgent" /y
    3⤵
    PID:2076
- C:\Windows\SysWOW64\net.exe
  net stop "McAfeeEngineService" /y
  2⤵
  PID:3284
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "McAfeeEngineService" /y
    3⤵
    PID:2292
- C:\Windows\SysWOW64\net.exe
  net stop "McAfeeFramework" /y
  2⤵
  PID:4332
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "McAfeeFramework" /y
    3⤵
    PID:2616
- C:\Windows\SysWOW64\net.exe
  net stop "McAfeeFrameworkMcAfeeFramework" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2460
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "McAfeeFrameworkMcAfeeFramework" /y
    3⤵
    PID:3540
- C:\Windows\SysWOW64\net.exe
  net stop "McShield" /y
  2⤵
  PID:920
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "McShield" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4692
- C:\Windows\SysWOW64\net.exe
  net stop "McTaskManager" /y
  2⤵
  PID:3292
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "McTaskManager" /y
    3⤵
    PID:4256
- C:\Windows\SysWOW64\net.exe
  net stop "mfemms" /y
  2⤵
  PID:716
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "mfemms" /y
    3⤵
    PID:964
- C:\Windows\SysWOW64\net.exe
  net stop "mfevtp" /y
  2⤵
  PID:1372
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "mfevtp" /y
    3⤵
    PID:3836
- C:\Windows\SysWOW64\net.exe
  net stop "MMS" /y
  2⤵
  PID:1256
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MMS" /y
    3⤵
    PID:1764
- C:\Windows\SysWOW64\net.exe
  net stop "mozyprobackup" /y
  2⤵
  PID:1064
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "mozyprobackup" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1840
- C:\Windows\SysWOW64\net.exe
  net stop "MsDtsServer" /y
  2⤵
  PID:1248
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MsDtsServer" /y
    3⤵
    PID:1720
- C:\Windows\SysWOW64\net.exe
  net stop "MsDtsServer100" /y
  2⤵
  PID:440
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MsDtsServer100" /y
    3⤵
    PID:3488
- C:\Windows\SysWOW64\net.exe
  net stop "MsDtsServer110" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4868
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MsDtsServer110" /y
    3⤵
    PID:1884
- C:\Windows\SysWOW64\net.exe
  net stop "MSExchangeES" /y
  2⤵
  PID:2780
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSExchangeES" /y
    3⤵
    PID:4572
- C:\Windows\SysWOW64\net.exe
  net stop "MSExchangeIS" /y
  2⤵
  PID:4748
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSExchangeIS" /y
    3⤵
    PID:3600
- C:\Windows\SysWOW64\net.exe
  net stop "MSExchangeMGMT" /y
  2⤵
  PID:2240
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSExchangeMGMT" /y
    3⤵
    PID:4848
- C:\Windows\SysWOW64\net.exe
  net stop "MSExchangeMTA" /y
  2⤵
  PID:5032
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSExchangeMTA" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2436
- C:\Windows\SysWOW64\net.exe
  net stop "MSExchangeSA" /y
  2⤵
  PID:1776
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSExchangeSA" /y
    3⤵
    PID:2944
- C:\Windows\SysWOW64\net.exe
  net stop "MSExchangeSRS" /y
  2⤵
  PID:4068
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSExchangeSRS" /y
    3⤵
    PID:4508
- C:\Windows\SysWOW64\net.exe
  net stop "MSOLAP$SQL_2008" /y
  2⤵
  PID:1432
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSOLAP$SQL_2008" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1792
- C:\Windows\SysWOW64\net.exe
  net stop "MSOLAP$SYSTEM_BGC" /y
  2⤵
  PID:1020
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSOLAP$SYSTEM_BGC" /y
    3⤵
    PID:3020
- C:\Windows\SysWOW64\net.exe
  net stop "MSOLAP$TPS" /y
  2⤵
  PID:764
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSOLAP$TPS" /y
    3⤵
    PID:4500
- C:\Windows\SysWOW64\net.exe
  net stop "MSOLAP$TPSAMA" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2968
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSOLAP$TPSAMA" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3280
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$BKUPEXEC" /y
  2⤵
  PID:4268
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$BKUPEXEC" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2260
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$ECWDB2" /y
  2⤵
  PID:376
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$ECWDB2" /y
    3⤵
    PID:1576
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$PRACTICEMGT" /y
  2⤵
  PID:5024
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$PRACTICEMGT" /y
    3⤵
    PID:1812
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$PRACTTICEBGC" /y
  2⤵
  PID:2220
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$PRACTTICEBGC" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3116
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$PROFXENGAGEMENT" /y
  2⤵
  PID:4260
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$PROFXENGAGEMENT" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3028
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$SBSMONITORING" /y
  2⤵
  PID:2256
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$SBSMONITORING" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:856
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$SHAREPOINT" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4900
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$SHAREPOINT" /y
    3⤵
    PID:1120
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$SQL_2008" /y
  2⤵
  PID:1824
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$SQL_2008" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2588
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$SYSTEM_BGC" /y
  2⤵
  PID:2860
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$SYSTEM_BGC" /y
    3⤵
    PID:3472
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$TPS" /y
  2⤵
  PID:400
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$TPS" /y
    3⤵
    PID:868
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$TPSAMA" /y
  2⤵
  PID:1336
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$TPSAMA" /y
    3⤵
    PID:4360
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$VEEAMSQL2008R2" /y
  2⤵
  PID:3240
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$VEEAMSQL2008R2" /y
    3⤵
    PID:4896
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$VEEAMSQL2012" /y
  2⤵
  PID:4340
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$VEEAMSQL2012" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1676
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLFDLauncher" /y
  2⤵
  PID:1612
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLFDLauncher" /y
    3⤵
    PID:3932
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLFDLauncher$PROFXENGAGEMENT" /y
  2⤵
  PID:2252
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLFDLauncher$PROFXENGAGEMENT" /y
    3⤵
    PID:4800
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLFDLauncher$SBSMONITORING" /y
  2⤵
  PID:1872
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLFDLauncher$SBSMONITORING" /y
    3⤵
    PID:3676
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLFDLauncher$SHAREPOINT" /y
  2⤵
  PID:4784
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLFDLauncher$SHAREPOINT" /y
    3⤵
    PID:2872
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLFDLauncher$SQL_2008" /y
  2⤵
  PID:4600
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLFDLauncher$SQL_2008" /y
    3⤵
    PID:4696
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLFDLauncher$SYSTEM_BGC" /y
  2⤵
  PID:4484
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLFDLauncher$SYSTEM_BGC" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1928
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLFDLauncher$TPS" /y
  2⤵
  PID:4524
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLFDLauncher$TPS" /y
    3⤵
    PID:1276
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLFDLauncher$TPSAMA" /y
  2⤵
  PID:1348
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLFDLauncher$TPSAMA" /y
    3⤵
    PID:2040
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLSERVER" /y
  2⤵
  PID:2056
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLSERVER" /y
    3⤵
    PID:4196
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLServerADHelper100" /y
  2⤵
  PID:4704
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLServerADHelper100" /y
    3⤵
    PID:2760
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLServerOLAPService" /y
  2⤵
  PID:208
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLServerOLAPService" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:912
- C:\Windows\SysWOW64\net.exe
  net stop "MySQL80" /y
  2⤵
  PID:1908
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MySQL80" /y
    3⤵
    PID:1680
- C:\Windows\SysWOW64\net.exe
  net stop "MySQL57" /y
  2⤵
  PID:2444
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MySQL57" /y
    3⤵
    PID:1172
- C:\Windows\SysWOW64\net.exe
  net stop "ntrtscan" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4608
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "ntrtscan" /y
    3⤵
    PID:2408
- C:\Windows\SysWOW64\net.exe
  net stop "OracleClientCache80" /y
  2⤵
  PID:5112
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "OracleClientCache80" /y
    3⤵
    PID:1296
- C:\Windows\SysWOW64\net.exe
  net stop "PDVFSService" /y
  2⤵
  PID:4680
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "PDVFSService" /y
    3⤵
    PID:2016
- C:\Windows\SysWOW64\net.exe
  net stop "POP3Svc" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:684
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "POP3Svc" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4812
- C:\Windows\SysWOW64\net.exe
  net stop "ReportServer" /y
  2⤵
  PID:2576
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "ReportServer" /y
    3⤵
    PID:2728
- C:\Windows\SysWOW64\net.exe
  net stop "ReportServer$SQL_2008" /y
  2⤵
  PID:5080
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "ReportServer$SQL_2008" /y
    3⤵
    PID:3560
- C:\Windows\SysWOW64\net.exe
  net stop "ReportServer$SYSTEM_BGC" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3396
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "ReportServer$SYSTEM_BGC" /y
    3⤵
    PID:3988
- C:\Windows\SysWOW64\net.exe
  net stop "ReportServer$TPS" /y
  2⤵
  PID:4804
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "ReportServer$TPS" /y
    3⤵
    PID:3340
- C:\Windows\SysWOW64\net.exe
  net stop "ReportServer$TPSAMA" /y
  2⤵
  PID:2584
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "ReportServer$TPSAMA" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1420
- C:\Windows\SysWOW64\net.exe
  net stop "RESvc" /y
  2⤵
  PID:976
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "RESvc" /y
    3⤵
    PID:3124
- C:\Windows\SysWOW64\net.exe
  net stop "sacsvr" /y
  2⤵
  PID:896
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "sacsvr" /y
    3⤵
    PID:4548
- C:\Windows\SysWOW64\net.exe
  net stop "SamSs" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3084
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SamSs" /y
    3⤵
    PID:4320
- C:\Windows\SysWOW64\net.exe
  net stop "SAVAdminService" /y
  2⤵
  PID:4412
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SAVAdminService" /y
    3⤵
    PID:1688
- C:\Windows\SysWOW64\net.exe
  net stop "SAVService" /y
  2⤵
  PID:2376
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SAVService" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1868
- C:\Windows\SysWOW64\net.exe
  net stop "SDRSVC" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4452
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SDRSVC" /y
    3⤵
    PID:2704
- C:\Windows\SysWOW64\net.exe
  net stop "SepMasterService" /y
  2⤵
  PID:3888
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SepMasterService" /y
    3⤵
    PID:3436
- C:\Windows\SysWOW64\net.exe
  net stop "ShMonitor" /y
  2⤵
  PID:860
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "ShMonitor" /y
    3⤵
    PID:4296
- C:\Windows\SysWOW64\net.exe
  net stop "Smcinst" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:776
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Smcinst" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2620
- C:\Windows\SysWOW64\net.exe
  net stop "SmcService" /y
  2⤵
  PID:4308
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SmcService" /y
    3⤵
    PID:3852
- C:\Windows\SysWOW64\net.exe
  net stop "SMTPSvc" /y
  2⤵
  PID:2068
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SMTPSvc" /y
    3⤵
    PID:2632
- C:\Windows\SysWOW64\net.exe
  net stop "SNAC" /y
  2⤵
  PID:1496
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SNAC" /y
    3⤵
    PID:2952
- C:\Windows\SysWOW64\net.exe
  net stop "SntpService" /y
  2⤵
  PID:2892
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SntpService" /y
    3⤵
    PID:544
- C:\Windows\SysWOW64\net.exe
  net stop "sophossps" /y
  2⤵
  PID:368
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "sophossps" /y
    3⤵
    PID:4020
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$BKUPEXEC" /y
  2⤵
  PID:2416
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$BKUPEXEC" /y
    3⤵
    PID:4668
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$ECWDB2" /y
  2⤵
  PID:4684
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$ECWDB2" /y
    3⤵
    PID:3224
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$PRACTTICEBGC" /y
  2⤵
  PID:4908
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$PRACTTICEBGC" /y
    3⤵
    PID:2284
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$PRACTTICEMGT" /y
  2⤵
  PID:3412
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$PRACTTICEMGT" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3788
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$PROFXENGAGEMENT" /y
  2⤵
  PID:2060
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$PROFXENGAGEMENT" /y
    3⤵
    PID:1008
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$SBSMONITORING" /y
  2⤵
  PID:3260
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$SBSMONITORING" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4352
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$SHAREPOINT" /y
  2⤵
  PID:720
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$SHAREPOINT" /y
    3⤵
    PID:3968
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$SQL_2008" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4284
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$SQL_2008" /y
    3⤵
    PID:4528
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$SYSTEM_BGC" /y
  2⤵
  PID:4828
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$SYSTEM_BGC" /y
    3⤵
    PID:4084
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$TPS" /y
  2⤵
  PID:4840
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$TPS" /y
    3⤵
    PID:2960
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$TPSAMA" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3348
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$TPSAMA" /y
    3⤵
    PID:4364
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$VEEAMSQL2008R2" /y
  2⤵
  PID:1588
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$VEEAMSQL2008R2" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2108
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$VEEAMSQL2012" /y
  2⤵
  PID:3928
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$VEEAMSQL2012" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5004
- C:\Windows\SysWOW64\net.exe
  net stop "SQLBrowser" /y
  2⤵
  PID:5036
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLBrowser" /y
    3⤵
    PID:4760
- C:\Windows\SysWOW64\net.exe
  net stop "SQLSafeOLRService" /y
  2⤵
  PID:3140
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLSafeOLRService" /y
    3⤵
    PID:4136
- C:\Windows\SysWOW64\net.exe
  net stop "SQLSERVERAGENT" /y
  2⤵
  PID:1476
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLSERVERAGENT" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3100
- C:\Windows\SysWOW64\net.exe
  net stop "SQLTELEMETRY" /y
  2⤵
  PID:4416
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLTELEMETRY" /y
    3⤵
    PID:996
- C:\Windows\SysWOW64\net.exe
  net stop "SQLTELEMETRY$ECWDB2" /y
  2⤵
  PID:2920
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLTELEMETRY$ECWDB2" /y
    3⤵
    PID:2236
- C:\Windows\SysWOW64\net.exe
  net stop "SQLWriter" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:668
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLWriter" /y
    3⤵
    PID:1852
- C:\Windows\SysWOW64\net.exe
  net stop "SstpSvc" /y
  2⤵
  PID:2148
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SstpSvc" /y
    3⤵
    PID:3688
- C:\Windows\SysWOW64\net.exe
  net stop "svcGenericHost" /y
  2⤵
  PID:4912
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "svcGenericHost" /y
    3⤵
    PID:4648
- C:\Windows\SysWOW64\net.exe
  net stop "swi_filter" /y
  2⤵
  PID:3272
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "swi_filter" /y
    3⤵
    PID:2804
- C:\Windows\SysWOW64\net.exe
  net stop "swi_service" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3548
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "swi_service" /y
    3⤵
    PID:3944
- C:\Windows\SysWOW64\net.exe
  net stop "swi_update_64" /y
  2⤵
  PID:3300
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "swi_update_64" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:880
- C:\Windows\SysWOW64\net.exe
  net stop "TmCCSF" /y
  2⤵
  PID:60
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "TmCCSF" /y
    3⤵
    PID:3992
- C:\Windows\SysWOW64\net.exe
  net stop "tmlisten" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1036
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "tmlisten" /y
    3⤵
    PID:2228
- C:\Windows\SysWOW64\net.exe
  net stop "TrueKey" /y
  2⤵
  PID:3320
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "TrueKey" /y
    3⤵
    PID:4404
- C:\Windows\SysWOW64\net.exe
  net stop "TrueKeyScheduler" /y
  2⤵
  PID:2732
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "TrueKeyScheduler" /y
    3⤵
    PID:4552
- C:\Windows\SysWOW64\net.exe
  net stop "TrueKeyServiceHelper" /y
  2⤵
  PID:1784
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "TrueKeyServiceHelper" /y
    3⤵
    PID:4168
- C:\Windows\SysWOW64\net.exe
  net stop "UI0Detect" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4932
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "UI0Detect" /y
    3⤵
    PID:2580
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamBackupSvc" /y
  2⤵
  PID:5016
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamBackupSvc" /y
    3⤵
    PID:4288
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamBrokerSvc" /y
  2⤵
  PID:5128
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamBrokerSvc" /y
    3⤵
    PID:5176
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamCatalogSvc" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5192
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamCatalogSvc" /y
    3⤵
    PID:5240
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamCloudSvc" /y
  2⤵
  PID:5256
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamCloudSvc" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5304
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamDeploymentService" /y
  2⤵
  PID:5320
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamDeploymentService" /y
    3⤵
    PID:5368
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamDeploySvc" /y
  2⤵
  PID:5384
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamDeploySvc" /y
    3⤵
    PID:5432
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamEnterpriseManagerSvc" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5448
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamEnterpriseManagerSvc" /y
    3⤵
    PID:5496
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamMountSvc" /y
  2⤵
  PID:5512
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamMountSvc" /y
    3⤵
    PID:5560
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamNFSSvc" /y
  2⤵
  PID:5576
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamNFSSvc" /y
    3⤵
    PID:5624
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamRESTSvc" /y
  2⤵
  PID:5640
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamRESTSvc" /y
    3⤵
    PID:5688
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamTransportSvc" /y
  2⤵
  PID:5704
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamTransportSvc" /y
    3⤵
    PID:5752
- C:\Windows\SysWOW64\net.exe
  net stop "W3Svc" /y
  2⤵
  PID:5768
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "W3Svc" /y
    3⤵
    PID:5816
- C:\Windows\SysWOW64\net.exe
  net stop "wbengine" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5852
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "wbengine" /y
    3⤵
    PID:5932
- C:\Windows\SysWOW64\net.exe
  net stop "WRSVC" /y
  2⤵
  PID:5948
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "WRSVC" /y
    3⤵
    PID:5996
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$VEEAMSQL2008R2" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6012
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$VEEAMSQL2008R2" /y
    3⤵
    PID:6080
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$VEEAMSQL2008R2" /y
  2⤵
  PID:6112
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$VEEAMSQL2008R2" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:212
- C:\Windows\SysWOW64\net.exe
  net stop "VeeamHvIntegrationSvc" /y
  2⤵
  PID:5180
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "VeeamHvIntegrationSvc" /y
    3⤵
    PID:5252
- C:\Windows\SysWOW64\net.exe
  net stop "swi_update" /y
  2⤵
  PID:5232
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "swi_update" /y
    3⤵
    PID:5300
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$CXDB" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5292
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$CXDB" /y
    3⤵
    PID:5356
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$CITRIX_METAFRAME" /y
  2⤵
  PID:5400
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$CITRIX_METAFRAME" /y
    3⤵
    PID:5464
- C:\Windows\SysWOW64\net.exe
  net stop "SQL Backups" /y
  2⤵
  PID:5504
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQL Backups" /y
    3⤵
    PID:5564
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$PROD" /y
  2⤵
  PID:5540
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$PROD" /y
    3⤵
    PID:5656
- C:\Windows\SysWOW64\net.exe
  net stop "Zoolz 2 Service" /y
  2⤵
  PID:5696
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Zoolz 2 Service" /y
    3⤵
    PID:5744
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQLServerADHelper" /y
  2⤵
  PID:5784
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQLServerADHelper" /y
    3⤵
    PID:5916
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$PROD" /y
  2⤵
  PID:6000
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$PROD" /y
    3⤵
    PID:6052
- C:\Windows\SysWOW64\net.exe
  net stop "msftesql$PROD" /y
  2⤵
  PID:5148
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "msftesql$PROD" /y
    3⤵
    PID:5152
- C:\Windows\SysWOW64\net.exe
  net stop "NetMsmqActivator" /y
  2⤵
  PID:5212
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "NetMsmqActivator" /y
    3⤵
    PID:5312
- C:\Windows\SysWOW64\net.exe
  net stop "EhttpSrv" /y
  2⤵
  PID:5272
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "EhttpSrv" /y
    3⤵
    PID:5344
- C:\Windows\SysWOW64\net.exe
  net stop "ekrn" /y
  2⤵
  PID:5264
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "ekrn" /y
    3⤵
    PID:5408
- C:\Windows\SysWOW64\net.exe
  net stop "ESHASRV" /y
  2⤵
  PID:5488
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "ESHASRV" /y
    3⤵
    PID:5592
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$SOPHOS" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5628
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$SOPHOS" /y
    3⤵
    PID:5728
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$SOPHOS" /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5672
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$SOPHOS" /y
    3⤵
    PID:5812
- C:\Windows\SysWOW64\net.exe
  net stop "AVP" /y
  2⤵
  PID:6020
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "AVP" /y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5236
- C:\Windows\SysWOW64\net.exe
  net stop "klnagent" /y
  2⤵
  PID:2112
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "klnagent" /y
    3⤵
    PID:5288
- C:\Windows\SysWOW64\net.exe
  net stop "MSSQL$SQLEXPRESS" /y
  2⤵
  PID:5220
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "MSSQL$SQLEXPRESS" /y
    3⤵
    PID:5328
- C:\Windows\SysWOW64\net.exe
  net stop "SQLAgent$SQLEXPRESS" /y
  2⤵
  PID:5440
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "SQLAgent$SQLEXPRESS" /y
    3⤵
    PID:5524
- C:\Windows\SysWOW64\net.exe
  net stop "wbengine" /y
  2⤵
  PID:5588
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "wbengine" /y
    3⤵
    PID:5756
- C:\Windows\SysWOW64\net.exe
  net stop "kavfsslp" /y
  2⤵
  PID:5788
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "kavfsslp" /y
    3⤵
    PID:5864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fjtw4b2y.1vq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/4832-6-0x0000000005E10000-0x0000000005E76000-memory.dmp

Filesize
408KB

Download
memory/4832-2-0x00000000750D0000-0x0000000075880000-memory.dmp

Filesize
7.7MB

Download
memory/4832-3-0x0000000005710000-0x0000000005D38000-memory.dmp

Filesize
6.2MB

Download
memory/4832-4-0x00000000750D0000-0x0000000075880000-memory.dmp

Filesize
7.7MB

Download
memory/4832-5-0x0000000005D70000-0x0000000005D92000-memory.dmp

Filesize
136KB

Download
memory/4832-0-0x00000000750DE000-0x00000000750DF000-memory.dmp

Filesize
4KB

Download
memory/4832-7-0x0000000005E80000-0x0000000005EE6000-memory.dmp

Filesize
408KB

Download
memory/4832-1-0x00000000050A0000-0x00000000050D6000-memory.dmp

Filesize
216KB

Download
memory/4832-17-0x0000000005FB0000-0x0000000006304000-memory.dmp

Filesize
3.3MB

Download
memory/4832-18-0x0000000006610000-0x000000000662E000-memory.dmp

Filesize
120KB

Download
memory/4832-19-0x0000000006640000-0x000000000668C000-memory.dmp

Filesize
304KB

Download
memory/4832-22-0x00000000750D0000-0x0000000075880000-memory.dmp

Filesize
7.7MB

Download