概要
volatilityの作法、調べてみた。
winxpsp3のスナップショット、取ってみた。
filescan
Offset(P) #Ptr #Hnd Access Name
------------------ ------ ------ ------ ----
0x0000000001950138 2 1 ------ \Device\NamedPipe\lsass
0x00000000019503e0 1 1 RW---- \Device\HarddiskVolume1\Documents and Settings\testuser\ntuser.dat.LOG
0x00000000019506f0 3 1 RW-r-- \Device\HarddiskVolume1\WINDOWS\SchedLgU.Txt
0x00000000019538b8 1 1 RW-rw- \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
0x000000000196c5d8 1 1 ------ \Device\Afd\Endpoint
0x000000000196c7b8 3 1 ------ \Device\Afd\Endpoint
0x00000000019737d0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001973878 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001973d40 1 0 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\imjp81.ime
0x00000000019792c0 2 1 ------ \Device\NamedPipe\PCHHangRepExecPipe
0x0000000001979ef8 1 1 ------ \Device\NamedPipe\DAV RPC SERVICE
0x0000000001979f90 2 1 ------ \Device\NamedPipe\DAV RPC SERVICE
0x00000000019c4af8 4 1 RW---- \Device\HarddiskVolume1\Documents and Settings\LocalService\NTUSER.DAT
0x00000000019c4f00 3 1 ------ \Device\NamedPipe\net\NtControlPipe0
0x00000000019c7628 1 1 ------ \Device\NamedPipe\epmapper
0x00000000019c7710 2 1 ------ \Device\NamedPipe\epmapper
0x00000000019c9a48 1 1 ------ \Device\NamedPipe\wkssvc
0x00000000019c9eb8 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019ca890 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019cc2a8 1 1 ------ \Device\Afd\Endpoint
0x00000000019ccc08 2 1 ------ \Device\Afd\Endpoint
0x00000000019cdd40 1 1 RW-rw- \Device\HarddiskVolume1\Documents and Settings\testuser\Application Data\Microsoft\IMJP8_1\imjp81u.dic
0x00000000019cdec0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019ce158 3 1 ------ \Device\NamedPipe\net\NtControlPipe7
0x00000000019ceb70 3 1 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\デスクトップ
0x00000000019cf238 1 1 ------ \Device\Afd\Endpoint
0x00000000019d1158 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\stobject.dll
0x00000000019d1938 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019d2028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cryptsvc.dll
0x00000000019d3028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\odbcint.dll
0x00000000019d3b60 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019d4160 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\psbase.dll
0x00000000019d4428 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Triedit
0x00000000019d44c0 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1
0x00000000019d45e8 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\Setup
0x00000000019d47e0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x00000000019d4988 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019d5028 2 1 R--rw- \Device\HarddiskVolume1\Program Files\MSN Gaming Zone\Windows
0x00000000019d51c8 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\drivers\disdn
0x00000000019d52b0 2 1 R--rw- \Device\HarddiskVolume1\Program Files\NetMeeting
0x00000000019d5348 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\PCHealth\HelpCtr\Binaries
0x00000000019d5628 1 1 ------ \Device\NamedPipe\lsarpc
0x00000000019d5a08 2 1 ------ \Device\NamedPipe\scerpc
0x00000000019d5b78 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\AppPatch
0x00000000019d5c10 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x00000000019d60e0 2 1 ------ \Device\Afd\Endpoint
0x00000000019d6ac0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x00000000019d6e98 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019d6f30 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019d7028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\certcli.dll
0x00000000019d9158 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\sptip.dll
0x00000000019d9308 2 1 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\mof
0x00000000019da2b0 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\servsupp
0x00000000019da348 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\drivers
0x00000000019da3e0 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\Fonts
0x00000000019da508 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin
0x00000000019dad18 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\win.ini
0x00000000019dc130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dot3api.dll
0x00000000019dc2f0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\KBDJPN.DLL
0x00000000019dd600 2 1 ------ \Device\NamedPipe\SfcApi
0x00000000019ddeb8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wzcsapi.dll
0x00000000019de228 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\usbmon.dll
0x00000000019de7e8 1 1 ------ \Device\NamedPipe\SfcApi
0x00000000019dec60 4 1 RW---- \Device\HarddiskVolume1\Documents and Settings\NetworkService\NTUSER.DAT
0x00000000019e1028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wscsvc.dll
0x00000000019e1648 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019e1e98 1 1 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\kbdnec.dll
0x00000000019e2130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\logonui.exe
0x00000000019e3130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cscdll.dll
0x00000000019e3410 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_ja_25380412.Manifest
0x00000000019e3548 5 1 RWDr-- \Device\HarddiskVolume1\System Volume Information\tracking.log
0x00000000019e35e0 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest
0x00000000019e37b0 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest
0x00000000019e3980 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c.Manifest
0x00000000019e3b50 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy
0x00000000019e3d20 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy
0x00000000019e4380 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\スタート メニュー\プログラム\スタートアップ\desktop.ini
0x00000000019e49c0 3 1 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\Local Settings\Application Data\Microsoft\CD Burning
0x00000000019e4a58 3 1 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\デスクトップ
0x00000000019e59b0 1 1 RW---- \Device\HarddiskVolume1\Documents and Settings\LocalService\ntuser.dat.LOG
0x00000000019e6130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\duser.dll
0x00000000019e6f90 1 0 R--r-- \Device\HarddiskVolume1\System Volume Information\_restore{40F29F75-F15D-426C-A93C-3569C8AB5373}\RP4\rp.log
0x00000000019e78a8 1 1 R--rw- \Device\HarddiskVolume1\Documents and Settings\testuser
0x00000000019e7f90 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019e8158 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mydocs.dll
0x00000000019e85a8 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\dllcache
0x00000000019e8828 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_adm
0x00000000019e9028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cabinet.dll
0x00000000019ea130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mswsock.dll
0x00000000019eb150 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rasman.dll
0x00000000019eb5b8 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x00000000019eb750 1 1 ------ \Device\Afd\Endpoint
0x00000000019ed130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winrnr.dll
0x00000000019ef8b0 1 0 RW---- \Device\HarddiskVolume1\WINDOWS\SoftwareDistribution\EventCache\{FFD8C705-CBFA-426B-A078-942C405C02F4}.bin
0x00000000019efde0 1 1 RW-r-- \Device\HarddiskVolume1\WINDOWS\SoftwareDistribution\ReportingEvents.log
0x00000000019f1028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ersvc.dll
0x00000000019f2160 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\oakley.dll
0x00000000019f2708 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\xircom
0x00000000019f2830 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\ime\IMKR6_1\Applets
0x00000000019f2958 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\APPLETS
0x00000000019f37d8 1 1 RW-r-- \Device\HarddiskVolume1\WINDOWS\system32\config\Internet.evt
0x00000000019f42c0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\termsrv.dll
0x00000000019f4470 3 1 R--rwd \Device\HarddiskVolume1\WINDOWS\Tasks
0x00000000019f4630 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x00000000019f5138 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winspool.drv
0x00000000019f5aa0 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.5512.Policy
0x00000000019f6470 2 1 R--rw- \Device\HarddiskVolume1\Program Files\microsoft frontpage\version3.0\bin
0x00000000019f6628 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar
0x00000000019f70e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00000000019f7228 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\imm32.dll
0x00000000019f8c60 1 1 ------ \Device\NamedPipe\net\NtControlPipe3
0x00000000019f9228 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msgina.dll
0x00000000019f9300 2 1 RW-r-- \Device\HarddiskVolume1\WINDOWS\system32\config\SecEvent.Evt
0x00000000019f9e08 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019f9f90 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x00000000019fb028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\es.dll
0x00000000019fc138 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msi.dll
0x00000000019fc5f8 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
0x00000000019fc720 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Speech
0x00000000019fc898 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033
0x00000000019fc930 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\Restore
0x00000000019fceb8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\desk.cpl
0x00000000019fd228 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wscntfy.exe
0x00000000019fdca0 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\Help
0x00000000019fe150 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rasdlg.dll
0x00000000019fec30 1 1 RW---- \Device\HarddiskVolume1\Documents and Settings\NetworkService\ntuser.dat.LOG
0x00000000019ff138 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\c_1252.nls
0x00000000019ff348 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a00158 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
0x0000000001a005e0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a01158 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\batmeter.dll
0x0000000001a01470 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x0000000001a01508 3 1 ------ \Device\NamedPipe\net\NtControlPipe4
0x0000000001a01808 1 1 ------ \Device\Afd\Endpoint
0x0000000001a01ae8 2 1 ------ \Device\Afd\Endpoint
0x0000000001a01cc8 2 1 ------ \Device\Afd\Endpoint
0x0000000001a02130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\esent.dll
0x0000000001a02ef8 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\IMJP8_1\imjp81u.dic
0x0000000001a03908 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a039a0 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a03a38 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a03ad0 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a03b68 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a03c00 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a03c98 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a03d30 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a03dc8 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a03e60 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a03ef8 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a03f90 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a04158 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ntshrui.dll
0x0000000001a05150 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rasapi32.dll
0x0000000001a05220 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\Registration\R000000000007.clb
0x0000000001a05f90 1 1 ------ \Device\Afd\Endpoint
0x0000000001a06150 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\adsldpc.dll
0x0000000001a07028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemprox.dll
0x0000000001a070c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemcomn.dll
0x0000000001a09160 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winipsec.dll
0x0000000001a0a990 1 1 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\kbdnec.dll
0x0000000001a0b028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\win32spl.dll
0x0000000001a0b150 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netrap.dll
0x0000000001a0b508 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\alg.exe
0x0000000001a0c130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\atl.dll
0x0000000001a0c278 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\imjp81.ime
0x0000000001a0c5a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mstlsapi.dll
0x0000000001a0c718 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\icaapi.dll
0x0000000001a0cf30 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\Resources\Themes\Luna\luna.msstyles
0x0000000001a0d138 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\clbcatq.dll
0x0000000001a0de90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\spoolsv.exe
0x0000000001a0e178 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\upnp.dll
0x0000000001a0e908 2 1 RW-r-- \Device\HarddiskVolume1\WINDOWS\system32\config\AppEvent.Evt
0x0000000001a0f158 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001a10028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msxml3.dll
0x0000000001a10320 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\kbd101.dll
0x0000000001a10b78 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001a10c10 1 1 ------ \Device\NamedPipe\net\NtControlPipe2
0x0000000001a11840 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001a11aa0 3 1 ------ \Device\NamedPipe\net\NtControlPipe3
0x0000000001a11b38 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a12130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dnsrslvr.dll
0x0000000001a127b0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a13028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ws2help.dll
0x0000000001a13bf8 3 2 ------ \Device\RawIp\255
0x0000000001a13d68 1 1 ------ \Device\Afd\Endpoint
0x0000000001a15158 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ctfmon.exe
0x0000000001a15e58 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a15f40 2 1 ------ \Device\NamedPipe\winlogonrpc
0x0000000001a16288 1 1 RW---- \Device\HarddiskVolume1\Documents and Settings\testuser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
0x0000000001a16698 4 1 RW---- \Device\HarddiskVolume1\Documents and Settings\testuser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0x0000000001a17158 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mlang.dll
0x0000000001a18160 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\srsvc.dll
0x0000000001a18348 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\kbdnec.dll
0x0000000001a18a10 1 1 RW---- \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
0x0000000001a18d78 3 1 ------ \Device\NamedPipe\net\NtControlPipe5
0x0000000001a19720 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x0000000001a197e8 1 1 ------ \Device\NamedPipe\net\NtControlPipe6
0x0000000001a19eb8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netshell.dll
0x0000000001a1a028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\xpsp1res.dll
0x0000000001a1a9b0 1 1 ------ \Device\NamedPipe\ntsvcs
0x0000000001a1bb48 3 1 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\スタート メニュー
0x0000000001a1be30 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a1c800 1 1 ------ \Device\NamedPipe\lsarpc
0x0000000001a1d028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\srvsvc.dll
0x0000000001a1d2a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ws2_32.dll
0x0000000001a1d3b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\eappprxy.dll
0x0000000001a1e028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shsvcs.dll
0x0000000001a1f330 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msidle.dll
0x0000000001a20158 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\webcheck.dll
0x0000000001a20860 2 1 ------ \Device\NamedPipe\lsass
0x0000000001a208f8 1 1 ------ \Device\NamedPipe\lsass
0x0000000001a21130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dhcpcsvc.dll
0x0000000001a216f0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x0000000001a22028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\raschap.dll
0x0000000001a22268 3 1 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\PrintHood
0x0000000001a23028 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS
0x0000000001a23848 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a24150 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\riched20.dll
0x0000000001a25150 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\tapi32.dll
0x0000000001a255a8 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Windows NT\Pinball
0x0000000001a27028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\kbd106.dll
0x0000000001a271e0 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\mui\0411
0x0000000001a272f0 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Internet Explorer
0x0000000001a274a8 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\ime\IMKR6_1\Dicts
0x0000000001a28b88 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wkssvc.dll
0x0000000001a293e8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msv1_0.dll
0x0000000001a29c38 2 1 RW-r-- \Device\HarddiskVolume1\WINDOWS\system32\config\SysEvent.Evt
0x0000000001a2b700 2 1 ------ \Device\NamedPipe\lsass
0x0000000001a2c130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\eapolqec.dll
0x0000000001a2db20 4 1 RW---- \Device\HarddiskVolume1\Documents and Settings\testuser\NTUSER.DAT
0x0000000001a2e160 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\pstorsvc.dll
0x0000000001a2ed78 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\srchasst
0x0000000001a2ee10 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\ime
0x0000000001a2eea8 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Movie Maker
0x0000000001a2ef40 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\Resources\Themes\Luna
0x0000000001a2f1d0 2 1 ------ \Device\NamedPipe\lsass
0x0000000001a30340 2 1 ------ \Device\NamedPipe\lsass
0x0000000001a309f8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ssdpapi.dll
0x0000000001a30bc0 1 1 ------ \Device\NamedPipe\net\NtControlPipe1
0x0000000001a31028 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\DAO
0x0000000001a311d0 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\System\msadc
0x0000000001a312f8 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Windows Media Player
0x0000000001a314b0 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\Com
0x0000000001a315d8 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\IME\CINTLGNT
0x0000000001a31670 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\wbem
0x0000000001a317c0 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\ime\CHTIME\Applets
0x0000000001a32a90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\imjp81k.dll
0x0000000001a32f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\kerberos.dll
0x0000000001a33160 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sens.dll
0x0000000001a33450 1 1 RW---- \Device\HarddiskVolume1\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
0x0000000001a33cf0 3 1 ------ \Device\NamedPipe\net\NtControlPipe6
0x0000000001a34028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\inf\unregmp2.exe
0x0000000001a340d8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wuaucpl.cpl
0x0000000001a34170 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\linkinfo.dll
0x0000000001a35150 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shdoclc.dll
0x0000000001a35338 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\browseui.dll
0x0000000001a367e8 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001a36918 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\explorer.exe
0x0000000001a37240 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\actxprxy.dll
0x0000000001a37f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msprivs.dll
0x0000000001a38130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\oleacc.dll
0x0000000001a385d8 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut
0x0000000001a38700 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_aut
0x0000000001a38ad8 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a39dc0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001a39e58 1 1 ------ \Device\NamedPipe\net\NtControlPipe4
0x0000000001a3a028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rpcss.dll
0x0000000001a3b2b8 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest
0x0000000001a3d0b0 3 1 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\スタート メニュー
0x0000000001a3e130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msimg32.dll
0x0000000001a3e4b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msctf.dll
0x0000000001a3f778 2 1 ------ \Device\NamedPipe\wkssvc
0x0000000001a40078 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\VGX
0x0000000001a40240 1 1 ------ \Device\NamedPipe\lsarpc
0x0000000001a40328 1 1 ------ \Device\NamedPipe\scerpc
0x0000000001a41028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
0x0000000001a41d00 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\iphlpapi.dll
0x0000000001a425a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netlogon.dll
0x0000000001a429d0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\w32time.dll
0x0000000001a42df8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wdigest.dll
0x0000000001a42f90 1 0 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\ctfmon.exe
0x0000000001a43318 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winscard.dll
0x0000000001a434b0 2 1 ------ \Device\NamedPipe\atsvc
0x0000000001a43d00 2 1 ------ \Device\NamedPipe\lsass
0x0000000001a44158 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\webclnt.dll
0x0000000001a44918 3 1 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\drivers\etc
0x0000000001a44af0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a460e0 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\wbem\xml
0x0000000001a47130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\qutil.dll
0x0000000001a474b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rsaenh.dll
0x0000000001a49028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ntmarta.dll
0x0000000001a494c8 2 1 ------ \Device\NamedPipe\lsass
0x0000000001a498c0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x0000000001a4a130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wzcsvc.dll
0x0000000001a4aae8 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.5512.Policy
0x0000000001a4abb0 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest
0x0000000001a4ac48 1 1 ------ \Device\NamedPipe\net\NtControlPipe7
0x0000000001a4b288 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a4b320 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a4b3b8 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a4b450 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a4b4e8 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a4b580 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a4b618 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a4b6b0 3 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a4b748 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001a4b828 2 1 ------ \Device\NamedPipe\srvsvc
0x0000000001a4b990 2 1 ------ \Device\NamedPipe\srvsvc
0x0000000001a4c158 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001a4c648 1 1 -W-rw- \Device\HarddiskVolume1\WINDOWS\Debug\PASSWD.LOG
0x0000000001a4cba8 1 0 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\shell32.dll
0x0000000001a4d158 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\imjpmig.exe
0x0000000001a51b80 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmiutils.dll
0x0000000001a51c18 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemsvc.dll
0x0000000001a661f8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\csrsrv.dll
0x0000000001a663b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msacm32.dll
0x0000000001a67028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\xpsp2res.dll
0x0000000001a67130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\eventlog.dll
0x0000000001a68138 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\DICTS\imjpcd.dic
0x0000000001a68e68 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon\1033
0x0000000001a68f90 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\IME\PINTLGNT
0x0000000001a69130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rasadhlp.dll
0x0000000001a6a910 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\ime\SHARED
0x0000000001a6a9a8 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\ime\IMKR6_1
0x0000000001a6aad0 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\MSInfo
0x0000000001a6abb8 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Internet Explorer\Connection Wizard
0x0000000001a6acd0 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS
0x0000000001a6ad68 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi
0x0000000001a6ae90 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\1041
0x0000000001a6af28 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin
0x0000000001a6b028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\lsasrv.dll
0x0000000001a6b0e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ntdsapi.dll
0x0000000001a6baf0 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\MSSoap\Binaries
0x0000000001a6bc18 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\oobe
0x0000000001a6bcb0 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Outlook Express
0x0000000001a6be20 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\browser.dll
0x0000000001a6bf90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\ncprov.dll
0x0000000001a6e130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rtutils.dll
0x0000000001a6ef68 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS
0x0000000001a709a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\eappcfg.dll
0x0000000001a70b60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\schannel.dll
0x0000000001a70d48 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\audiosrv.dll
0x0000000001a71140 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cryptui.dll
0x0000000001a71698 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\verclsid.exe
0x0000000001a72170 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dssenh.dll
0x0000000001a72398 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\themeui.dll
0x0000000001a72908 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msutb.dll
0x0000000001a72b10 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\onex.dll
0x0000000001a72c90 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x0000000001a72e78 2 1 ------ \Device\NamedPipe\wkssvc
0x0000000001a73278 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\userinit.exe
0x0000000001a74140 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dpcdll.dll
0x0000000001a744b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dot3dlg.dll
0x0000000001a74678 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\credui.dll
0x0000000001a74eb8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msctfime.ime
0x0000000001a75130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wmi.dll
0x0000000001a757e8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shdocvw.dll
0x0000000001a76028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\vga64k.dll
0x0000000001a76a80 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rpcrt4.dll
0x0000000001a76b90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\fastprox.dll
0x0000000001a76e20 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\comsvcs.dll
0x0000000001a76f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemess.dll
0x0000000001a775d0 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\usmt
0x0000000001a77788 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\scripts
0x0000000001a778d8 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\scripts
0x0000000001a78140 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cscui.dll
0x0000000001a78310 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\profmap.dll
0x0000000001a79b58 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a7aa30 1 1 R--rw- \Device\HarddiskVolume1\Documents and Settings\testuser
0x0000000001a7ad68 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a7b1c8 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\peernet
0x0000000001a7b2f0 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Speech\1041
0x0000000001a7b388 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\SpeechEngines\Microsoft
0x0000000001a7b448 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\wbem\snmp
0x0000000001a7bac8 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a7bb90 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a7bf90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shell32.dll
0x0000000001a7c0e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\urlmon.dll
0x0000000001a7c288 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\umpnpmgr.dll
0x0000000001a7c320 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\scesrv.dll
0x0000000001a7c448 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\user32.dll
0x0000000001a7dd70 2 1 ------ \Device\Afd\Endpoint
0x0000000001a7dee8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\version.dll
0x0000000001a7e4a8 3 1 R--rwd \Device\HarddiskVolume1\WINDOWS\PCHealth\HelpCtr\BATCH
0x0000000001a7ea50 2 1 ------ \Device\NamedPipe\PCHFaultRepExecPipe
0x0000000001a805f0 1 1 ------ \Device\NamedPipe\atsvc
0x0000000001a83798 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\wpa.dbl
0x0000000001a83860 1 1 ------ \Device\NamedPipe\lsarpc
0x0000000001a83f90 1 0 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
0x0000000001a84028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msasn1.dll
0x0000000001a85440 1 1 ------ \Device\NamedPipe\trkwks
0x0000000001a855b0 2 1 ------ \Device\NamedPipe\trkwks
0x0000000001a87690 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\crypt32.dll
0x0000000001a877d0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmisvc.dll
0x0000000001a88328 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a88c90 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001a89130 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\inetsrv
0x0000000001a894e0 2 1 ------ \Device\Afd\Endpoint
0x0000000001a89dd0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a8ae58 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\スタート メニュー\プログラム\アクセサリ\desktop.ini
0x0000000001a8d368 2 1 ------ \Device\NamedPipe\srvsvc
0x0000000001a8d548 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\sens.dll
0x0000000001a8e690 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\ime\SHARED\RES
0x0000000001a8e7b8 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\npp
0x0000000001a8e930 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\MSSoap\Binaries\Resources\1033
0x0000000001a8e9c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wininet.dll
0x0000000001a8f3b8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wldap32.dll
0x0000000001a91028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netapi32.dll
0x0000000001a91a20 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\comctl32.dll
0x0000000001a91af0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shlwapi.dll
0x0000000001a92168 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\trkwks.dll
0x0000000001a932a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\vssapi.dll
0x0000000001a93370 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\PCHealth\UploadLB\Binaries
0x0000000001a93790 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msvcrt.dll
0x0000000001a93900 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mpr.dll
0x0000000001a93eb8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wuauserv.dll
0x0000000001a942d8 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x0000000001a944a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wuaueng.dll
0x0000000001a951f8 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\msagent\intl
0x0000000001a95320 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\msagent
0x0000000001a95470 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\secur32.dll
0x0000000001a96028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sxs.dll
0x0000000001a96950 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\iertutil.dll
0x0000000001a96a70 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ieframe.dll
0x0000000001a96b80 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\normaliz.dll
0x0000000001a97028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\vga256.dll
0x0000000001a97118 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\apphelp.dll
0x0000000001a97468 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\userenv.dll
0x0000000001a97e58 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001a98940 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\win32k.sys
0x0000000001a98a60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
0x0000000001a9b7c8 1 1 ------ \Device\NamedPipe\net\NtControlPipe0
0x0000000001a9be38 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\xpsp3res.dll
0x0000000001a9c1c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msimtf.dll
0x0000000001a9c2d0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\imagehlp.dll
0x0000000001a9c438 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sensapi.dll
0x0000000001a9c6a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\regsvr32.exe
0x0000000001a9c8a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\spupdsvc.exe
0x0000000001a9cc08 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001a9cca0 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\Favorites\Desktop.ini
0x0000000001a9ce98 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rundll32.exe
0x0000000001a9d150 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001a9d1e8 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
0x0000000001a9d3e0 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\Application Data\desktop.ini
0x0000000001a9d5d8 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\Application Data\desktop.ini
0x0000000001a9d908 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001a9d9a0 1 0 R--rwd \Device\HarddiskVolume1\Program Files\Internet Explorer\iexplore.exe
0x0000000001a9db38 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sfc.dll
0x0000000001a9dca0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msls31.dll
0x0000000001a9de28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winsta.dll
0x0000000001a9df90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mshtml.dll
0x0000000001a9f500 1 1 ------ \Device\NamedPipe\W32TIME
0x0000000001a9f828 2 1 ------ \Device\NamedPipe\W32TIME
0x0000000001a9fb78 1 1 RW-rw- \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x0000000001aa0a88 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ieuinit.inf
0x0000000001aa0e28 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001aa0ec0 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini
0x0000000001aa2028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\basesrv.dll
0x0000000001aa2d98 2 1 ------ \Device\NamedPipe\lsass
0x0000000001aa2ec0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shdoclc.dll
0x0000000001aa30d8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wuaucpl.cpl
0x0000000001aa32d0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\linkinfo.dll
0x0000000001aa34f8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\hnetwiz.dll
0x0000000001aa3708 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\compatui.dll
0x0000000001aa3910 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mshearts.exe
0x0000000001aa3b18 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\spider.exe
0x0000000001aa3d28 1 0 R--rwd \Device\HarddiskVolume1\PROGRA~1\MSNGAM~1\Windows\Rvseres.dll
0x0000000001aa3f28 1 0 R--rwd \Device\HarddiskVolume1\PROGRA~1\MSNGAM~1\Windows\bckgres.dll
0x0000000001aa4028 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001aa41a0 1 0 R--rwd \Device\HarddiskVolume1\PROGRA~1\MSNGAM~1\Windows\Hrtzres.dll
0x0000000001aa43a0 1 0 R--rwd \Device\HarddiskVolume1\PROGRA~1\MSNGAM~1\Windows\chkrres.dll
0x0000000001aa46d8 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001aa4770 1 0 R--rwd \Device\HarddiskVolume1\PROGRA~1\MSNGAM~1\Windows\Shvlres.dll
0x0000000001aa4aa8 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001aa4b40 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\usmt\migwiz.exe
0x0000000001aa4d50 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\Restore\rstrui.exe
0x0000000001aa50e8 1 0 R--rwd \Device\HarddiskVolume1\PROGRA~1\MOVIEM~1\wmmres.dll
0x0000000001aa5300 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\tourstart.exe
0x0000000001aa5508 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rcbdyctl.dll
0x0000000001aa5848 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001aa58e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\inf\unregmp2.exe
0x0000000001aa5a00 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\comres.dll
0x0000000001aa5c60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\xpsp1res.dll
0x0000000001aa5e70 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001aa60a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\inetpp.dll
0x0000000001aa62d0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netrap.dll
0x0000000001aa64f0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\win32spl.dll
0x0000000001aa6720 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\usbmon.dll
0x0000000001aa6938 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\tcpmon.dll
0x0000000001aa6b60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\pjlmon.dll
0x0000000001aa6d78 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cnbjmon.dll
0x0000000001aa6f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\localspl.dll
0x0000000001aa7310 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\spoolss.dll
0x0000000001aa7570 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wscntfy.exe
0x0000000001aa7790 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rasdlg.dll
0x0000000001aa7a68 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netcfgx.dll
0x0000000001aa7b78 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmiprvsd.dll
0x0000000001aa7c10 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\repdrvfs.dll
0x0000000001aa7e70 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\Logs\wbemcore.log
0x0000000001aa80f8 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001aa8190 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\Logs\wbemess.log
0x0000000001aa83a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemcons.dll
0x0000000001aa8570 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\alg.exe
0x0000000001aa87c0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ssdpsrv.dll
0x0000000001aa8990 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\drivers\http.sys
0x0000000001aa8d88 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ssdpapi.dll
0x0000000001aa8f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\upnp.dll
0x0000000001aa91b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mstlsapi.dll
0x0000000001aa92d8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winlogon.exe
0x0000000001aa9440 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\icaapi.dll
0x0000000001aa9658 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\termsrv.dll
0x0000000001aa99b8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ipnathlp.dll
0x0000000001aa9ad0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\advpack.dll
0x0000000001aa9d70 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\browser.dll
0x0000000001aaa1d0 2 1 ------ \Device\Afd\Endpoint
0x0000000001aaa3c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\ncprov.dll
0x0000000001aaa618 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wuapi.dll
0x0000000001aaa798 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\regapi.dll
0x0000000001aaa900 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\resutils.dll
0x0000000001aaab28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\clusapi.dll
0x0000000001aaad70 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wsock32.dll
0x0000000001aaaf90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mtxclu.dll
0x0000000001aab098 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\kernel32.dll
0x0000000001aab200 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\colbact.dll
0x0000000001aab428 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\comsvcs.dll
0x0000000001aab7a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemess.dll
0x0000000001aabb50 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmiprvsd.dll
0x0000000001aabdb0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sensapi.dll
0x0000000001aabf90 1 0 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\drivers\etc\hosts
0x0000000001aac2b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
0x0000000001aac7d0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
0x0000000001aacf28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
0x0000000001aad3c0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001aad458 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
0x0000000001aad650 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\Repository\$WinMgmt.CFG
0x0000000001aad848 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\repdrvfs.dll
0x0000000001aadb70 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmiutils.dll
0x0000000001aadd40 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemsvc.dll
0x0000000001aadf90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\fastprox.dll
0x0000000001aae1c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\esscli.dll
0x0000000001aae308 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\samlib.dll
0x0000000001aae3a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dnsapi.dll
0x0000000001aae508 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemcore.dll
0x0000000001aae9a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemcomn.dll
0x0000000001aaec68 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemprox.dll
0x0000000001aaee90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msxml3r.dll
0x0000000001aaf288 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msxml3.dll
0x0000000001aaf390 1 1 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\kbd106.dll
0x0000000001aaf9a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wscsvc.dll
0x0000000001aafad8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\nddeapi.dll
0x0000000001aafe50 1 1 ------ \Device\Afd\Endpoint
0x0000000001ab0028 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\System\ado
0x0000000001ab0120 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system
0x0000000001ab01b8 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\inf
0x0000000001ab02e0 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\System\Ole DB
0x0000000001ab0420 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winhttp.dll
0x0000000001ab05f0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shfolder.dll
0x0000000001ab0808 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mspatcha.dll
0x0000000001ab0a50 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cabinet.dll
0x0000000001ab0c88 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\advpack.dll
0x0000000001ab0d90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\lsass.exe
0x0000000001ab0e28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\services.exe
0x0000000001ab0f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wuaueng.dll
0x0000000001ab11f0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wuauserv.dll
0x0000000001ab1400 2 1 R--rwd \Device\HarddiskVolume1\$Extend\$ObjId
0x0000000001ab15f8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dssenh.dll
0x0000000001ab1708 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\esscli.dll
0x0000000001ab17a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemcore.dll
0x0000000001ab19e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\vssapi.dll
0x0000000001ab1ce8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmisvc.dll
0x0000000001ab1f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\trkwks.dll
0x0000000001ab2218 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\seclogon.dll
0x0000000001ab2438 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\stdole2.tlb
0x0000000001ab2690 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\srsvc.dll
0x0000000001ab2c68 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msimtf.dll
0x0000000001ab2dd0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\psbase.dll
0x0000000001ab3028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
0x0000000001ab30d0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\pstorsvc.dll
0x0000000001ab3308 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winipsec.dll
0x0000000001ab3530 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\oakley.dll
0x0000000001ab3780 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ipsecsvc.dll
0x0000000001ab39d8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netmsg.dll
0x0000000001ab3be8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\srvsvc.dll
0x0000000001ab3f90 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ab4260 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\es.dll
0x0000000001ab44b8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mspatcha.dll
0x0000000001ab4620 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ersvc.dll
0x0000000001ab4850 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\certcli.dll
0x0000000001ab4a80 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cryptsvc.dll
0x0000000001ab4ce8 2 1 ------ \Device\NamedPipe\keysvc
0x0000000001ab4ee8 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
0x0000000001ab5028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\framebuf.dll
0x0000000001ab5168 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\LocalService\Cookies\index.dat
0x0000000001ab54b0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ab5548 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
0x0000000001ab5760 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\webclnt.dll
0x0000000001ab5d00 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\batmeter.dll
0x0000000001ab5f28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\stobject.dll
0x0000000001ab6178 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mlang.dll
0x0000000001ab62b8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shgina.dll
0x0000000001ab64f8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\webcheck.dll
0x0000000001ab6600 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ipsecsvc.dll
0x0000000001ab6730 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netmsg.dll
0x0000000001ab6898 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\sptip.dll
0x0000000001ab69a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msvcp60.dll
0x0000000001ab6a38 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ncobjapi.dll
0x0000000001ab6ba0 1 0 R--rw- \Device\HarddiskVolume1\DELL\DELLSUPPORT.ICO
0x0000000001ab6ef8 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ab6f90 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\My Documents\My Pictures\Desktop.ini
0x0000000001ab7028 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ab71b8 1 1 R--rw- \Device\HarddiskVolume1\Documents and Settings\testuser
0x0000000001ab77e8 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001ab7c40 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\My Documents\desktop.ini
0x0000000001ab8028 1 0 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\mydocs.dll
0x0000000001ab80c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ja-jp\ieframe.dll.mui
0x0000000001ab83c8 1 0 R--rw- \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\imjpmig.exe
0x0000000001ab8c58 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\testuser.bmp
0x0000000001ab8f90 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ab92d8 1 1 ------ \Device\NamedPipe\samr
0x0000000001ab9608 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ab96a0 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\スタート メニュー\プログラム\アクセサリ\ユーザー補助\desktop.ini
0x0000000001ab9898 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\スタート メニュー\プログラム\アクセサリ\システム ツール\desktop.ini
0x0000000001ab9bc8 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ab9c60 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\スタート メニュー\プログラム\アクセサリ\エンターテイメント\desktop.ini
0x0000000001ab9e58 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\スタート メニュー\プログラム\アクセサリ\通信\desktop.ini
0x0000000001aba0a0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001aba138 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\スタート メニュー\プログラム\管理ツール\desktop.ini
0x0000000001aba330 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\スタート メニュー\プログラム\ゲーム\desktop.ini
0x0000000001aba660 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001aba6f8 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\スタート メニュー\プログラム\アクセサリ\desktop.ini
0x0000000001aba8f0 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\スタート メニュー\プログラム\アクセサリ\ユーザー補助\desktop.ini
0x0000000001abaae8 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\スタート メニュー\プログラム\desktop.ini
0x0000000001abace0 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\スタート メニュー\プログラム\アクセサリ\エンターテイメント\desktop.ini
0x0000000001abaed8 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\スタート メニュー\プログラム\desktop.ini
0x0000000001abb028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wtsapi32.dll
0x0000000001abb428 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\desktop.ini
0x0000000001abb620 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\スタート メニュー\desktop.ini
0x0000000001abb818 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msutb.dll
0x0000000001abbb60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\actxprxy.dll
0x0000000001abbd30 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\Application Data\Microsoft\IMJP8_1\imjp81u.dic
0x0000000001abbf28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\themeui.dll
0x0000000001abd2c8 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\My Documents\My Music\Desktop.ini
0x0000000001abd908 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\Documents\desktop.ini
0x0000000001abdb30 3 1 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\NetHood
0x0000000001abe3b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\desk.cpl
0x0000000001abe608 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001abe7d8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shdocvw.dll
0x0000000001abe8e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system.ini
0x0000000001abec08 1 0 R--r-- \Device\HarddiskVolume1\Documents and Settings\testuser\Local Settings\Application Data\IconCache.db
0x0000000001abed70 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\browseui.dll
0x0000000001abee90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\AppPatch\acadproc.dll
0x0000000001abef28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shimeng.dll
0x0000000001abf118 1 0 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\moricons.dll
0x0000000001abf2e8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\userinit.exe
0x0000000001abf528 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wkssvc.dll
0x0000000001abf780 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\audiosrv.dll
0x0000000001abf950 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msidle.dll
0x0000000001abfb60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\spoolsv.exe
0x0000000001abfda8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wzcsapi.dll
0x0000000001abff90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\eappprxy.dll
0x0000000001ac0028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sfc_os.dll
0x0000000001ac02e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\eappcfg.dll
0x0000000001ac0538 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\onex.dll
0x0000000001ac0768 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dot3dlg.dll
0x0000000001ac0980 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\credui.dll
0x0000000001ac0bd8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netshell.dll
0x0000000001ac0f28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netman.dll
0x0000000001ac1028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\tapi32.dll
0x0000000001ac11d0 1 1 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\kbd101.dll
0x0000000001ac13c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\schedsvc.dll
0x0000000001ac16d8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\oembios.bin
0x0000000001ac1bc8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\raschap.dll
0x0000000001ac1e30 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\riched20.dll
0x0000000001ac21c0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rasman.dll
0x0000000001ac2418 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rasapi32.dll
0x0000000001ac2528 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winsrv.dll
0x0000000001ac2690 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\adsldpc.dll
0x0000000001ac2860 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\activeds.dll
0x0000000001ac2a98 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mprapi.dll
0x0000000001ac2cc8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cryptui.dll
0x0000000001ac2f28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rastls.dll
0x0000000001ac3780 2 1 ------ \Device\NamedPipe\winlogonrpc
0x0000000001ac3b60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\4e2e0405-d641-4c56-8afd-e15cb50a0349
0x0000000001ac3e90 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ac3f28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Web\Wallpaper\草原.bmp
0x0000000001ac4188 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\oembios.dat
0x0000000001ac4388 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\oembios.sig
0x0000000001ac4588 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dpcdll.dll
0x0000000001ac4758 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\powrprof.dll
0x0000000001ac4980 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cscui.dll
0x0000000001ac4c20 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001ac4e18 1 0 RW-rwd \Device\HarddiskVolume1\Documents and Settings\testuser\Local Settings\desktop.ini
0x0000000001ac4f28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\lpk.dll
0x0000000001ac5230 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-2e0-0
0x0000000001ac5888 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shgina.dll
0x0000000001ac5b90 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ac5c28 1 1 ------ \Device\NamedPipe\samr
0x0000000001ac5e48 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\comres.dll
0x0000000001ac6098 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\clbcatq.dll
0x0000000001ac6228 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\odbc32.dll
0x0000000001ac6390 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\DICTS\imjpcd.dic
0x0000000001ac6560 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\DICTS\imjpsb.dic
0x0000000001ac6770 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\DICTS\imjpln.dic
0x0000000001ac6988 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\DICTS\imjpnm.dic
0x0000000001ac6b98 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\DICTS\imjpch.dic
0x0000000001ac6da8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\DICTS\imjptk.dic
0x0000000001ac6f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\DICTS\imjpzp.dic
0x0000000001ac75c0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001ac7b40 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\DICTS\imjpst.dic
0x0000000001ac7d60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\IMJP8_1\imjp81u.dic
0x0000000001ac8110 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ac81a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\DICTS\imjpgn.grm
0x0000000001ac82f0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mprapi.dll
0x0000000001ac8530 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msi.dll
0x0000000001ac88f8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winspool.drv
0x0000000001ac8ac8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wlnotify.dll
0x0000000001ac8d00 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dimsntfy.dll
0x0000000001ac8f28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cscdll.dll
0x0000000001ac9148 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\oleaccrc.dll
0x0000000001ac9318 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\oleacc.dll
0x0000000001ac9428 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\usp10.dll
0x0000000001ac9590 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msimg32.dll
0x0000000001ac97a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\duser.dll
0x0000000001ac98b0 1 1 ------ \Device\NamedPipe\InitShutdown
0x0000000001ac9b30 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\esent.dll
0x0000000001ac9ef8 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm
0x0000000001aca098 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dot3api.dll
0x0000000001aca2c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\qutil.dll
0x0000000001aca528 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\atl.dll
0x0000000001aca6f8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\eapolqec.dll
0x0000000001aca8c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wmi.dll
0x0000000001acaad0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rtutils.dll
0x0000000001acaca0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wzcsvc.dll
0x0000000001acaea0 2 1 ------ \Device\NamedPipe\lsass
0x0000000001ace078 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\lmhsvc.dll
0x0000000001ace290 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\logonui.exe.manifest
0x0000000001ace488 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\logonui.exe
0x0000000001ace6a0 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\Resources\Themes\Luna\Shell\Metallic
0x0000000001ace7c8 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\Resources\Themes\Luna\Shell\Homestead
0x0000000001acee18 1 0 RW-rwd \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\desktop.ini
0x0000000001acef28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\drivers\dxg.sys
0x0000000001acf0c0 4 1 RW---- \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0x0000000001acf4b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dnsrslvr.dll
0x0000000001acf680 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dhcpcsvc.dll
0x0000000001acf850 1 1 ------ \Device\NamedPipe\net\NtControlPipe5
0x0000000001acfa60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rasadhlp.dll
0x0000000001acfc70 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winrnr.dll
0x0000000001acfe40 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wshtcpip.dll
0x0000000001ad0090 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\hnetcfg.dll
0x0000000001ad0460 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mswsock.dll
0x0000000001ad0708 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x0000000001ad0900 1 0 RW-rwd \Device\HarddiskVolume1\Documents and Settings\NetworkService\Local Settings\desktop.ini
0x0000000001ad0ad0 4 1 RW---- \Device\HarddiskVolume1\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0x0000000001ad0ec0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\config\SysEvent.Evt
0x0000000001ad10a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\config\SecEvent.Evt
0x0000000001ad1310 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\config\Internet.evt
0x0000000001ad1508 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\config\AppEvent.Evt
0x0000000001ad1720 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netevent.dll
0x0000000001ad18f0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\eventlog.dll
0x0000000001ad1b50 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ntkrnlpa.exe
0x0000000001ad1d60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\xpsp2res.dll
0x0000000001ad1f68 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\scecli.dll
0x0000000001ad2028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rsaenh.dll
0x0000000001ad2130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rpcss.dll
0x0000000001ad2278 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\activeds.dll
0x0000000001ad24b8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ntmarta.dll
0x0000000001ad2688 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\svchost.exe
0x0000000001ad2858 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\scecli.dll
0x0000000001ad2a28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ntoskrnl.exe
0x0000000001ad2c30 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wtsapi32.dll
0x0000000001ad2e58 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winscard.dll
0x0000000001ad3528 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wdigest.dll
0x0000000001ad36f8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\w32time.dll
0x0000000001ad3880 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wintrust.dll
0x0000000001ad39e8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netlogon.dll
0x0000000001ad3c10 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\iphlpapi.dll
0x0000000001ad3de0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msv1_0.dll
0x0000000001ad3f50 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\psapi.dll
0x0000000001ad4288 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\kerberos.dll
0x0000000001ad4568 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msprivs.dll
0x0000000001ad4738 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\WindowsLogon.manifest
0x0000000001ad4930 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msctf.dll
0x0000000001ad4d50 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\serife.fon
0x0000000001ad4f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\sserife.fon
0x0000000001ad5248 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\coure.fon
0x0000000001ad5550 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ad55e8 2 1 ------ \Device\NamedPipe\protected_storage
0x0000000001ad57e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\imjp81k.dll
0x0000000001ad5cc0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msctfime.ime
0x0000000001ad5f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\schannel.dll
0x0000000001ad6200 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\uxtheme.dll
0x0000000001ad6540 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msacm32.dll
0x0000000001ad6710 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winmm.dll
0x0000000001ad68e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\AppPatch\acgenral.dll
0x0000000001ad6bb0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cryptdll.dll
0x0000000001ad6de8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\samsrv.dll
0x0000000001ad6f68 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\setupapi.dll
0x0000000001ad7178 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\samlib.dll
0x0000000001ad73b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dnsapi.dll
0x0000000001ad7580 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ntdsapi.dll
0x0000000001ad77a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\lsasrv.dll
0x0000000001ad7c88 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\AppPatch\acadproc.dll
0x0000000001ad7e58 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shimeng.dll
0x0000000001ad8078 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\umpnpmgr.dll
0x0000000001ad8248 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\scesrv.dll
0x0000000001ad8418 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msvcp60.dll
0x0000000001ad86c0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ncobjapi.dll
0x0000000001ad88f8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\lsass.exe
0x0000000001ad8d08 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x0000000001ad9028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\services.exe
0x0000000001ad94a0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ad9538 1 1 ------ \Device\NamedPipe\lsarpc
0x0000000001ad9868 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ad9900 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy
0x0000000001ad9c30 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001ad9cc8 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001ad9ec0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001ada220 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\AppPatch\sysmain.sdb
0x0000000001ada388 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\seclogon.dll
0x0000000001ada5c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sfc_os.dll
0x0000000001ada798 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sfc.dll
0x0000000001ada9a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shsvcs.dll
0x0000000001adac90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\odbcint.dll
0x0000000001adae98 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\WindowsShell.Manifest
0x0000000001adb2a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x0000000001adb9d0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001adba68 2 1 ------ \Device\NamedPipe\InitShutdown
0x0000000001adbd98 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001adbe30 3 1 ------ \Device\NamedPipe\net\NtControlPipe1
0x0000000001adc028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\wst_swed.fon
0x0000000001adc0e8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sxs.dll
0x0000000001adc2b8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\odbc32.dll
0x0000000001adc488 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msgina.dll
0x0000000001adc6e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shfolder.dll
0x0000000001adc968 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mtxclu.dll
0x0000000001adca00 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\colbact.dll
0x0000000001adcc60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\marlett.ttf
0x0000000001adce30 1 1 ------ \Device\NamedPipe\lsarpc
0x0000000001add230 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\wst_span.fon
0x0000000001add448 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\wst_ital.fon
0x0000000001add618 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\wst_germ.fon
0x0000000001add7e8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\wst_fren.fon
0x0000000001add9b8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\wst_engl.fon
0x0000000001addb88 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\wst_czec.fon
0x0000000001addd58 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\symbole.fon
0x0000000001addf28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\jsmalle.fon
0x0000000001ade138 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\modern.fon
0x0000000001ade340 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\script.fon
0x0000000001ade548 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\roman.fon
0x0000000001ade950 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\kbdnec.dll
0x0000000001adeb20 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\kbd106.dll
0x0000000001adecf0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\kbd101.dll
0x0000000001adeec0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\KBDJPN.DLL
0x0000000001adf1e8 1 1 ------ \Device\NamedPipe\protected_storage
0x0000000001adf348 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\imm32.dll
0x0000000001adf5a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ctype.nls
0x0000000001adf770 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ws2help.dll
0x0000000001adf940 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ws2_32.dll
0x0000000001adfb10 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wintrust.dll
0x0000000001adfe30 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winsta.dll
0x0000000001ae0388 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\setupapi.dll
0x0000000001ae0558 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\regapi.dll
0x0000000001ae0790 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\psapi.dll
0x0000000001ae0960 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netapi32.dll
0x0000000001ae0c88 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\profmap.dll
0x0000000001ae0e58 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\nddeapi.dll
0x0000000001ae1058 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msasn1.dll
0x0000000001ae1228 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\crypt32.dll
0x0000000001ae13f8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\authz.dll
0x0000000001ae1630 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winlogon.exe
0x0000000001ae1748 3 1 ------ \Device\NamedPipe\net\NtControlPipe2
0x0000000001ae1b88 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\cga40woa.fon
0x0000000001ae1d58 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\cga80woa.fon
0x0000000001ae1f28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\ega40woa.fon
0x0000000001ae2028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\mingliu.ttc
0x0000000001ae2180 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\ega80woa.fon
0x0000000001ae2350 1 1 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\kbd101.dll
0x0000000001ae2520 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\app932.fon
0x0000000001ae26f0 2 1 ------ \Device\NamedPipe\TerminalServer\AutoReconnect
0x0000000001ae28e8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\vga64k.dll
0x0000000001ae2ab8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\vga256.dll
0x0000000001ae2c88 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\framebuf.dll
0x0000000001ae2e58 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\vga.dll
0x0000000001af1090 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\スタート メニュー\desktop.ini
0x0000000001af1158 2 1 ------ \Device\NamedPipe\spoolss
0x0000000001af2310 1 1 ------ \Device\NamedPipe\lsarpc
0x0000000001af4160 1 1 ------ \Device\NamedPipe\spoolss
0x0000000001af4bb0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001af5158 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001af75a0 1 1 RW-rw- \Device\HarddiskVolume1\Documents and Settings\LocalService\Cookies\index.dat
0x0000000001af7638 1 1 RW-rw- \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
0x0000000001af7e88 1 1 ------ \Device\NamedPipe\keysvc
0x0000000001af91a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\gulim.ttc
0x0000000001af9370 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\simsun.ttc
0x0000000001af9540 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\micross.ttf
0x0000000001af9708 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\$winnt$.inf
0x0000000001af9ab8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\l_10646.ttf
0x0000000001af9dc0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mshtml.dll
0x0000000001af9f28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\msgothic.ttc
0x0000000001afa270 2 1 RW-rw- \Device\NamedPipe\
0x0000000001afaee8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\drivers\dxg.sys
0x0000000001aff240 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\FNTCACHE.DAT
0x0000000001aff938 1 1 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\kbd106.dll
0x0000000001b00028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\unicode.nls
0x0000000001b005a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rpcrt4.dll
0x0000000001b00e00 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b00e98 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\jvgasys.fon
0x0000000001b01140 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\powrprof.dll
0x0000000001b02028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\svchost.exe
0x0000000001b02370 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winhttp.dll
0x0000000001b02498 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rastls.dll
0x0000000001b02648 1 0 R--rw- \Device\HarddiskVolume1\WINDOWS\explorer.exe
0x0000000001b029d0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\locale.nls
0x0000000001b02b78 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\Help\Tours\mmTour
0x0000000001b02c10 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\IME\TINTLGNT
0x0000000001b02e18 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\spool\drivers\color
0x0000000001b033c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\url.dll
0x0000000001b035a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\rundll32.exe
0x0000000001b03a80 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\urlmon.dll
0x0000000001b03d08 2 1 R--rw- \Device\HarddiskVolume1\Program Files\xerox\nwwia
0x0000000001b03e30 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Windows NT\Accessories
0x0000000001b041b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ipnathlp.dll
0x0000000001b04518 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sorttbls.nls
0x0000000001b048e8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\user32.dll
0x0000000001b04eb8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\AppPatch\acgenral.dll
0x0000000001b05138 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\dimsntfy.dll
0x0000000001b05888 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\1041
0x0000000001b05970 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32\1033
0x0000000001b05a08 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Common Files\System
0x0000000001b05aa0 2 1 R--rw- \Device\HarddiskVolume1\Program Files\Windows NT
0x0000000001b05b78 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\version.dll
0x0000000001b05f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wininet.dll
0x0000000001b06380 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sortkey.nls
0x0000000001b06530 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\clusapi.dll
0x0000000001b066a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wsock32.dll
0x0000000001b067e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\xjis.nls
0x0000000001b06a40 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\resutils.dll
0x0000000001b06c30 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\lpk.dll
0x0000000001b07130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\hnetcfg.dll
0x0000000001b07248 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\basesrv.dll
0x0000000001b074a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wuapi.dll
0x0000000001b07740 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wldap32.dll
0x0000000001b07f28 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\comctl32.dll
0x0000000001b080f0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\usp10.dll
0x0000000001b08420 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\shlwapi.dll
0x0000000001b08898 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msvcrt.dll
0x0000000001b08ad8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ie4uinit.exe
0x0000000001b08c98 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\mpr.dll
0x0000000001b08eb8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ssdpsrv.dll
0x0000000001b09130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wshtcpip.dll
0x0000000001b095a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ntvdm.exe
0x0000000001b09e98 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wow32.dll
0x0000000001b0a130 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\lmhsvc.dll
0x0000000001b0ab00 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\secur32.dll
0x0000000001b0ac90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\localspl.dll
0x0000000001b0ae00 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\spoolss.dll
0x0000000001b0af00 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\iertutil.dll
0x0000000001b0b028 1 1 ------ \Device\NamedPipe\winlogonrpc
0x0000000001b0b3e0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ieframe.dll
0x0000000001b0b550 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\regsvr32.exe
0x0000000001b0b6a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\spupdsvc.exe
0x0000000001b0b870 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\apphelp.dll
0x0000000001b0ba00 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\tcpmon.dll
0x0000000001b0bb70 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\pjlmon.dll
0x0000000001b0bc70 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\userenv.dll
0x0000000001b0c138 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wlnotify.dll
0x0000000001b0c2f8 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x0000000001b0cb40 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\normaliz.dll
0x0000000001b0cd00 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cnbjmon.dll
0x0000000001b0d7e0 2 1 RW--w- \Device\HarddiskVolume1\pagefile.sys
0x0000000001b0de20 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netcfgx.dll
0x0000000001b0df90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemcons.dll
0x0000000001b0e580 1 1 RW---- \Device\HarddiskVolume1\WINDOWS\system32\config\SECURITY.LOG
0x0000000001b0e640 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winmm.dll
0x0000000001b0e9d0 4 1 RW---- \Device\HarddiskVolume1\WINDOWS\system32\config\software
0x0000000001b0eb90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\inetpp.dll
0x0000000001b0ed90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\win32k.sys
0x0000000001b0f378 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\schedsvc.dll
0x0000000001b0f600 2 1 ------ \Device\NamedPipe\lsass
0x0000000001b0f9a0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\netman.dll
0x0000000001b100d0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x0000000001b10398 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
0x0000000001b106b0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\csrsrv.dll
0x0000000001b10808 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\winsrv.dll
0x0000000001b10cc0 1 0 R--r-d \Device\HarddiskVolume1\WINDOWS\system32\lz32.dll
0x0000000001b110f0 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\system32
0x0000000001b113f8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\authz.dll
0x0000000001b115d0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\autochk.exe
0x0000000001b117d8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\jvgafix.fon
0x0000000001b119a8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\Fonts\vga932.fon
0x0000000001b11f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\olecli32.dll
0x0000000001b12100 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\olesvr32.dll
0x0000000001b12210 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sfcfiles.dll
0x0000000001b12360 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\imagehlp.dll
0x0000000001b12868 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b129d0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\oleaut32.dll
0x0000000001b12b10 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b12bb8 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b13218 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\advapi32.dll
0x0000000001b13600 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\comdlg32.dll
0x0000000001b13a38 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\olecnv32.dll
0x0000000001b13f90 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ntdll.dll
0x0000000001b14110 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\olethk32.dll
0x0000000001b14260 1 0 R--rwd \Device\HarddiskVolume1\Program Files\Internet Explorer\iexplore.exe
0x0000000001b14428 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\msls31.dll
0x0000000001b14f90 1 1 RW---- \Device\HarddiskVolume1\WINDOWS\system32\config\SAM.LOG
0x0000000001b151a0 4 1 RW---- \Device\HarddiskVolume1\WINDOWS\system32\config\SAM
0x0000000001b15370 1 1 RW---- \Device\HarddiskVolume1\WINDOWS\system32\config\default.LOG
0x0000000001b155a8 4 1 RW---- \Device\HarddiskVolume1\WINDOWS\system32\config\default
0x0000000001b15740 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\kernel32.dll
0x0000000001b158a8 1 1 RW---- \Device\HarddiskVolume1\WINDOWS\system32\config\system.LOG
0x0000000001b15bd8 4 1 RW---- \Device\HarddiskVolume1\WINDOWS\system32\config\system
0x0000000001b160d8 1 1 RW---- \Device\HarddiskVolume1\WINDOWS\system32\config\software.LOG
0x0000000001b162a8 4 1 RW---- \Device\HarddiskVolume1\WINDOWS\system32\config\SECURITY
0x0000000001b16680 1 0 R--r-d \Device\HarddiskVolume1\WINDOWS\system32\wow32.dll
0x0000000001b16898 1 0 R--r-d \Device\HarddiskVolume1\WINDOWS\system32\url.dll
0x0000000001b16a98 1 0 R--r-d \Device\HarddiskVolume1\WINDOWS\system32\olethk32.dll
0x0000000001b16c98 1 0 R--r-d \Device\HarddiskVolume1\WINDOWS\system32\olesvr32.dll
0x0000000001b16f28 1 0 R--r-d \Device\HarddiskVolume1\WINDOWS\system32\olecnv32.dll
0x0000000001b171a8 1 0 R--r-d \Device\HarddiskVolume1\WINDOWS\system32\olecli32.dll
0x0000000001b175a0 1 0 RW---- \Device\HarddiskVolume1\WINDOWS\bootstat.dat
0x0000000001b18b90 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001b18cc8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\lz32.dll
0x0000000001b1a028 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ole32.dll
0x0000000001b1a760 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\smss.exe
0x0000000001b1ba28 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b1be68 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b1c2f0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b1c548 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b1c648 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b1c818 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b1cf40 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\sfcfiles.dll
0x0000000001b4d028 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b4d8c0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b4d968 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\gdi32.dll
0x0000000001b4dc78 3 0 RWD--- \Device\HarddiskVolume1\$Mft
0x0000000001b4df08 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\comdlg32.dll
0x0000000001b4e7d8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\cryptdll.dll
0x0000000001b4ea30 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\samsrv.dll
0x0000000001b4ec68 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ole32.dll
0x0000000001b4f470 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\vga.dll
0x0000000001b4fa60 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b4fb60 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\advapi32.dll
0x0000000001b4fd30 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b70368 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\oleaut32.dll
0x0000000001b71f90 3 0 RWD--- \Device\HarddiskVolume1\$LogFile
0x0000000001b72718 3 0 RWD--- \Device\HarddiskVolume1\$MftMirr
0x0000000001b78168 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b78698 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b78798 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b79308 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b79408 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini
0x0000000001b79878 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ie4uinit.exe
0x0000000001b79e40 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b79f40 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b7aae0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b7abe0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b7b248 2 1 R--rw- \Device\HarddiskVolume1\WINDOWS\ime\CHSIME\APPLETS
0x0000000001b7b748 2 1 ------ \Device\NamedPipe\ntsvcs
0x0000000001b7be78 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\Application Data\Microsoft\Protect\CREDHIST
0x0000000001b7e028 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b7e6e8 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b7e788 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b7e820 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b7fa08 1 1 R--rw- \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x0000000001b7faf0 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\verclsid.exe
0x0000000001b9a890 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\AppPatch\drvmain.sdb
0x0000000001b9c458 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\Documents\My Music\Desktop.ini
0x0000000001b9cbd8 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b9d028 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b9d180 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b9d3e0 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini
0x0000000001b9d678 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b9d778 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b9f350 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b9f5e8 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001b9f6e8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\autochk.exe
0x0000000001ba2b90 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bc7750 1 0 R----- \Device\HarddiskVolume1\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
0x0000000001bc7b20 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bc7e58 3 0 RWD--- \Device\HarddiskVolume1\$BitMap
0x0000000001bc7f68 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bc8428 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\drivers\fips.sys
0x0000000001bc8f90 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bc91a8 1 0 R--rwd \Device\HarddiskVolume1\Documents and Settings\testuser\Application Data\Microsoft\Protect\S-1-5-21-1957994488-2052111302-1078081533-1004\c96a9b95-69ee-4407-ab96-9d94b9cf84c8
0x0000000001bc9380 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\ntshrui.dll
0x0000000001bc95d8 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bc9e30 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bca2a0 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bca4c8 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\gdi32.dll
0x0000000001bcaa78 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bcb378 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bcb478 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bcbb98 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bcbf90 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bcc130 3 0 RWD--- \Device\HarddiskVolume1\$Directory
0x0000000001bd1230 1 0 R--rwd \Device\HarddiskVolume1\WINDOWS\system32\uxtheme.dll
0x0000000001bd1bc8 1 0 R--r-- \Device\HarddiskVolume1\WINDOWS\system32\ntdll.dll
0x0000000001bd3f90 3 0 RWD--- \Device\HarddiskVolume1\$Mft
mutantscan
Offset(P) #Ptr #Hnd Signal Thread CID Name
------------------ -------- -------- ------ ---------- --------- ----
0x000000000193cbd0 1 1 1 0x00000000
0x000000000193cc40 1 1 1 0x00000000
0x000000000194d9e0 1 1 1 0x00000000
0x00000000019744a8 2 1 1 0x00000000 ExplorerIsShellMutex
0x0000000001979928 2 1 1 0x00000000 238FAD3109D3473aB4764B20B3731840
0x0000000001979978 2 1 1 0x00000000 4FCC0DEFE22C4f138FB9D5AF25FD9398
0x00000000019799c8 2 1 1 0x00000000 0CADFD67AF62496dB34264F000F5624A
0x00000000019c72d8 1 1 1 0x00000000
0x00000000019cb148 1 1 1 0x00000000
0x00000000019cb1b8 1 1 1 0x00000000
0x00000000019ce110 2 1 1 0x00000000 MSCTF.GCompartListMUTEX.DefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x00000000019ce868 2 1 1 0x00000000 Mutex__Satori_GlobalFlag_Satori_81__S-1-5-21-1957994488-2052111302-1078081533-1004
0x00000000019cee10 2 1 1 0x00000000 _Satori_81_Satori_KnlDict_DicWriteMutex_S-1-5-21-1957994488-2052111302-1078081533-1004
0x00000000019cf030 2 1 1 0x00000000 c:!documents and settings!localservice!cookies!
0x00000000019d3e90 2 1 1 0x00000000 {A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}
0x00000000019d42e0 1 1 1 0x00000000
0x00000000019d5520 1 1 1 0x00000000
0x00000000019d8108 2 1 1 0x00000000 _!MSFTHISTORY!_
0x00000000019d8aa0 2 1 1 0x00000000 SingleSesMutex
0x00000000019d8f30 1 1 1 0x00000000
0x00000000019d9290 1 1 1 0x00000000
0x00000000019dd168 1 1 1 0x00000000
0x00000000019dd1d8 1 1 1 0x00000000
0x00000000019e07f0 1 1 1 0x00000000
0x00000000019e3e48 4 2 0 0x81645558 736:760 NETMAN
0x00000000019e4308 3 2 1 0x00000000 CTF.Compart.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x00000000019e4910 3 2 1 0x00000000 CTF.LBES.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x00000000019e4b28 1 1 1 0x00000000
0x00000000019e4e28 3 2 1 0x00000000 CTF.TMD.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x00000000019e4e78 3 2 1 0x00000000 CTF.Layouts.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x00000000019e4ec8 3 2 1 0x00000000 CTF.Asm.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x00000000019e5ac0 2 1 1 0x00000000 PnP_Init_Mutex
0x00000000019ec2a8 1 1 1 0x00000000
0x00000000019f8778 2 1 1 0x00000000 CtfmonInstMutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x00000000019fa030 2 1 1 0x00000000 c:!documents and settings!localservice!local settings!temporary internet files!content.ie5!
0x00000000019fabb8 3 2 1 0x00000000 ZoneAttributeCacheCounterMutex
0x00000000019faca8 2 1 1 0x00000000 ZonesCacheCounterMutex
0x0000000001a0b8a8 1 1 1 0x00000000
0x0000000001a113a0 1 1 1 0x00000000
0x0000000001a11410 1 1 1 0x00000000
0x0000000001a15dc0 2 1 1 0x00000000 _Satori_81_Satori_KnlDict_DicWriteMutex_S-1-5-18
0x0000000001a15e10 4 3 1 0x00000000 _Satori_81_MutexObject_S-1-5-18
0x0000000001a17750 2 1 1 0x00000000 Mutex__Satori_GlobalFlag_Satori_81__S-1-5-18
0x0000000001a1a0c0 1 1 1 0x00000000
0x0000000001a1a130 1 1 1 0x00000000
0x0000000001a1e8b8 2 1 1 0x00000000 WPA_LICSTORE_MUTEX
0x0000000001a1e908 2 1 1 0x00000000 WPA_HWID_MUTEX
0x0000000001a1e958 2 1 1 0x00000000 WPA_LT_MUTEX
0x0000000001a1e9a8 2 1 1 0x00000000 WPA_RT_MUTEX
0x0000000001a1e9f8 2 1 1 0x00000000 WPA_PR_MUTEX
0x0000000001a21f00 1 1 1 0x00000000
0x0000000001a21f70 1 1 1 0x00000000
0x0000000001a21fe0 1 1 1 0x00000000
0x0000000001a233e8 6 5 1 0x00000000 ShimCacheMutex
0x0000000001a2a2e0 1 1 1 0x00000000
0x0000000001a2a320 1 1 1 0x00000000
0x0000000001a2b7b0 2 1 1 0x00000000 !IETld!Mutex
0x0000000001a2c468 1 1 1 0x00000000
0x0000000001a2c500 1 1 1 0x00000000
0x0000000001a2d808 1 1 1 0x00000000
0x0000000001a33118 2 1 1 0x00000000 userenv: User Registry policy mutex
0x0000000001a3e580 2 1 1 0x00000000 RasPbFile
0x0000000001a3e668 1 1 1 0x00000000
0x0000000001a3f020 1 1 1 0x00000000
0x0000000001a3f0a8 1 1 1 0x00000000
0x0000000001a3f698 4 3 1 0x00000000 _Satori_81_MutexObject_S-1-5-21-1957994488-2052111302-1078081533-1004
0x0000000001a48208 2 1 1 0x00000000 userenv: Machine Registry policy mutex
0x0000000001a48518 1 1 1 0x00000000
0x0000000001a49c90 2 1 1 0x00000000 msgina: InteractiveLogonRequestMutex
0x0000000001a4a408 1 1 1 0x00000000
0x0000000001a65fe0 2 1 1 0x00000000 userenv: machine policy mutex
0x0000000001a75d80 2 1 1 0x00000000 _SHuassist.mtx
0x0000000001a75dd0 2 1 1 0x00000000 ZonesCounterMutex
0x0000000001a80838 1 1 1 0x00000000
0x0000000001a84460 1 1 1 0x00000000
0x0000000001a880e0 3 2 1 0x00000000 CTF.TimListCache.FMPDefaultS-1-5-21-1957994488-2052111302-1078081533-1004MUTEX.DefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x0000000001a88fe0 2 1 1 0x00000000 ZonesLockedCacheCounterMutex
0x0000000001a89758 3 2 1 0x00000000 SRDataStore
0x0000000001a8f858 1 1 1 0x00000000
0x0000000001a8f8c8 1 1 1 0x00000000
0x0000000001a92120 1 1 1 0x00000000
0x0000000001a92d70 2 1 1 0x00000000 WindowsUpdateTracingMutex
0x0000000001a93b68 1 1 1 0x00000000
0x0000000001a93bd8 1 1 1 0x00000000
0x0000000001a95698 1 1 1 0x00000000
0x0000000001a9b260 2 1 1 0x00000000 c:!documents and settings!localservice!local settings!history!history.ie5!
0x0000000001a9b568 1 1 1 0x00000000
0x0000000001ab2aa0 2 1 1 0x00000000 WininetProxyRegistryMutex
0x0000000001abd178 1 1 1 0x00000000
0x0000000001ac33a8 1 1 1 0x00000000
0x0000000001acadd8 1 1 1 0x00000000
0x0000000001acae18 1 1 1 0x00000000
0x0000000001ad0190 1 1 1 0x00000000
0x0000000001ad0200 1 1 1 0x00000000
0x0000000001ad4ea0 2 1 1 0x00000000 WininetStartupMutex
0x0000000001ad78c8 1 1 1 0x00000000
0x0000000001aebc50 1 1 1 0x00000000
0x0000000001af3148 1 1 1 0x00000000
0x0000000001af31b8 1 1 1 0x00000000
0x0000000001af5260 2 1 1 0x00000000 msgina: InteractiveLogonMutex
0x0000000001af7238 1 1 1 0x00000000
0x0000000001b04260 1 1 1 0x00000000
0x0000000001b042d0 1 1 1 0x00000000
0x0000000001b064e8 12 11 1 0x00000000 SHIMLIB_LOG_MUTEX
0x0000000001b0d548 1 1 1 0x00000000
0x0000000001b0d5b8 1 1 1 0x00000000
0x0000000001b131d0 1 1 1 0x00000000
0x0000000001b4f7b8 1 1 1 0x00000000
0x0000000001b4f828 1 1 1 0x00000000
0x0000000001b73b80 1 1 1 0x00000000
0x0000000001b73bf0 1 1 1 0x00000000
0x0000000001b73d58 1 1 1 0x00000000
0x0000000001b7f3b0 2 1 1 0x00000000 winlogon: Logon UserProfileMapping Mutex
0x0000000001bc8308 2 1 1 0x00000000 userenv: user policy mutex
0x0000000001bc8c58 1 1 1 0x00000000
0x0000000001bcae98 1 1 1 0x00000000
0x0000000001bcb990 1 1 1 0x00000000
symlinkscan
Offset(P) #Ptr #Hnd Creation time From To
------------------ ------ ------ ------------------------------ -------------------- ------------------------------------------------------------
0x0000000001f29200 1 0 2020-02-11 12:57:10 UTC+0000 DosDevices \??
0x0000000001f94030 1 0 2020-02-11 12:57:10 UTC+0000 Global \GLOBAL??
0x0000000001f949e0 1 0 2020-02-11 12:57:18 UTC+0000 SystemRoot \Device\Harddisk0\Partition1\WINDOWS
0x00000000023292f8 1 0 2020-02-11 12:57:19 UTC+0000 IPNAT \Device\IPNAT
0x0000000002329d30 1 0 2020-02-11 12:57:18 UTC+0000 DISPLAY3 \Device\Video2
0x0000000002329de0 1 0 2020-02-11 12:57:18 UTC+0000 IPSECDev \Device\IPSEC
0x0000000002330128 1 0 2020-02-11 12:57:10 UTC+0000 WMIDataDevice \Device\WMIDataDevice
0x0000000002637fe0 1 0 2020-02-11 12:57:10 UTC+0000 ACPI#Fixe...9062857} \Device\00000034
0x00000000026de788 1 0 2020-02-11 12:57:11 UTC+0000 MountPointManager \Device\MountPointManager
0x00000000026ee530 1 0 2020-02-11 12:57:18 UTC+0000 DISPLAY2 \Device\Video1
0x00000000026fc2d8 1 0 2020-02-11 12:57:11 UTC+0000 Scsi0: \Device\Ide\IdePort0
0x00000000026fc638 1 0 2020-02-11 12:57:12 UTC+0000 IDE#DiskQ...91efb8b} \Device\Ide\IdeDeviceP0T0L0-3
0x00000000026fcfc0 1 0 2020-02-11 12:57:11 UTC+0000 FtControl \Device\FtControl
0x0000000002760130 1 0 2020-02-11 12:57:11 UTC+0000 Scsi1: \Device\Ide\IdePort1
0x00000000027608f0 1 0 2020-02-11 12:57:11 UTC+0000 Root#ftdi...91efb8b} \Device\00000003
0x00000000027651f8 1 0 2020-02-11 12:57:12 UTC+0000 FltMgrMsg \FileSystem\Filters\FltMgrMsg
0x0000000002765660 1 0 2020-02-11 12:57:12 UTC+0000 Volume{85...172696f} \Device\HarddiskVolume1
0x00000000027658d0 1 0 2020-02-11 12:57:12 UTC+0000 STORAGE#V...91efb8b} \Device\HarddiskVolume1
0x0000000002765ec0 1 0 2020-02-11 12:57:11 UTC+0000 ScsiPort0 \Device\Ide\IdePort0
0x000000000278f030 1 0 2020-02-11 12:57:12 UTC+0000 Partition0 \Device\Harddisk0\DR0
0x000000000278f698 1 0 2020-02-11 12:57:12 UTC+0000 Partition1 \Device\HarddiskVolume1
0x000000000278fa00 1 0 2020-02-11 12:57:11 UTC+0000 ScsiPort1 \Device\Ide\IdePort1
0x000000000278fc20 1 0 2020-02-11 12:57:12 UTC+0000 PhysicalDrive0 \Device\Harddisk0\DR0
0x00000000027ac148 1 0 2020-02-11 12:57:12 UTC+0000 multi(0)d...ition(3) \Device\Harddisk0\Partition3
0x00000000027ac1e8 1 0 2020-02-11 12:57:12 UTC+0000 multi(0)d...ition(2) \Device\Harddisk0\Partition2
0x00000000027ac6c8 1 0 2020-02-11 12:57:12 UTC+0000 multi(0)d...ition(4) \Device\Harddisk0\Partition4
0x00000000027e74e8 1 0 2020-02-11 12:57:12 UTC+0000 multi(0)d...rdisk(0) \Device\Harddisk0\Partition0
0x00000000027e7618 1 0 2020-02-11 12:57:12 UTC+0000 multi(0)d...ition(1) \Device\Harddisk0\Partition1
0x00000000027e7d98 1 0 2020-02-11 12:57:12 UTC+0000 C: \Device\HarddiskVolume1
0x00000000027e7e70 1 0 2020-02-11 12:57:12 UTC+0000 NDIS \Device\Ndis
0x00000000027e7f50 1 0 2020-02-11 12:57:12 UTC+0000 FltMgr \FileSystem\Filters\FltMgr
0x0000000002d764f8 1 0 2020-02-11 12:57:19 UTC+0000 WanArp \Device\WANARP
0x0000000002dad680 2 1 2020-02-11 12:57:19 UTC+0000 0 \BaseNamedObjects
0x0000000002dd64a8 1 0 2020-02-11 12:57:19 UTC+0000 Session \Sessions\BNOLINKS
0x0000000002dd8668 1 0 2020-02-11 12:57:19 UTC+0000 Global \BaseNamedObjects
0x0000000002ddb5f0 1 0 2020-02-11 12:57:19 UTC+0000 Local \BaseNamedObjects
0x0000000002f341e0 1 0 2020-02-11 12:57:19 UTC+0000 AUX \DosDevices\COM1
0x0000000002f371c8 2 1 2020-02-11 12:57:19 UTC+0000 KnownDllPath C:\WINDOWS\system32
0x0000000002f37d00 1 0 2020-02-11 12:57:19 UTC+0000 UNC \Device\Mup
0x0000000002f38508 1 0 2020-02-11 12:57:16 UTC+0000 IDE#CdRom...91efb8b} \Device\Ide\IdeDeviceP1T0L0-e
0x0000000002f3bc28 1 0 2020-02-11 12:57:19 UTC+0000 MAILSLOT \Device\MailSlot
0x0000000002f3bf28 1 0 2020-02-11 12:57:16 UTC+0000 PTILINK1 \Device\ParTechInc0
0x00000000037308d0 1 0 2020-02-11 12:57:14 UTC+0000 CdRom0 \Device\CdRom0
0x00000000037666d0 1 0 2020-02-11 12:57:16 UTC+0000 PTILINK2 \Device\ParTechInc1
0x0000000004942030 1 0 2020-02-11 12:57:18 UTC+0000 LPTENUM#M...8753ed1} \Device\Parallel0
0x0000000004992110 1 0 2020-02-11 12:57:16 UTC+0000 Volume{85...172696f} \Device\CdRom0
0x0000000004993340 1 0 2020-02-11 12:57:16 UTC+0000 ACPI#PNP0...91405dd} \Device\00000040
0x0000000004993a00 1 0 2020-02-11 12:57:16 UTC+0000 PTILINK3 \Device\ParTechInc2
0x000000000673a250 1 0 2020-02-11 12:57:16 UTC+0000 Root#MS_P...fc3358c} \Device\00000026
0x000000000673a2a0 1 0 2020-02-11 12:57:16 UTC+0000 Root#MS_L...fc3358c} \Device\00000023
0x000000000673a3d0 1 0 2020-02-11 12:57:16 UTC+0000 {D75CC30F...6EFC23D} \Device\{D75CC30F-6690-4B5F-8877-6772B6EFC23D}
0x000000000673a5a0 1 0 2020-02-11 12:57:16 UTC+0000 {333FD06D...755471E} \Device\{333FD06D-65F1-4C26-9F91-20A01755471E}
0x000000000673a5f0 1 0 2020-02-11 12:57:16 UTC+0000 {98CAB9EE...7A37F7F} \Device\{98CAB9EE-7036-4655-B15D-5CEBF7A37F7F}
0x000000000673a640 1 0 2020-02-11 12:57:16 UTC+0000 NDISWANIP \Device\NdisWanIp
0x000000000673adb0 1 0 2020-02-11 12:57:16 UTC+0000 IDE#CdRom...91efb8b} \Device\Ide\IdeDeviceP1T0L0-e
0x00000000067c12b0 1 0 2020-02-11 12:57:18 UTC+0000 LPT1 \Device\Parallel0
0x00000000067c1418 1 0 2020-02-11 12:57:18 UTC+0000 PCI#VEN_8...1e6af27} \Device\NTPNP_PCI0003
0x00000000067c1490 1 0 2020-02-11 12:57:18 UTC+0000 USB#ROOT_...906bed8} \Device\USBPDO-0
0x00000000067c1748 1 0 2020-02-11 12:57:18 UTC+0000 HCD0 \Device\USBFDO-0
0x00000000067c1908 1 0 2020-02-11 12:57:16 UTC+0000 Root#SYST...fc3358c} \Device\0000002c
0x00000000067c1958 1 0 2020-02-11 12:57:16 UTC+0000 Root#SYST...4c10000} \Device\0000002c
0x00000000067c1ba8 1 0 2020-02-11 12:57:16 UTC+0000 Root#MS_P...fc3358c} \Device\00000025
0x00000000067c1c30 1 0 2020-02-11 12:57:16 UTC+0000 {5F58C9B7...17523EE} \Device\{5F58C9B7-EEFE-40F2-A41D-7514117523EE}
0x00000000067c1c80 1 0 2020-02-11 12:57:16 UTC+0000 Root#MS_P...fc3358c} \Device\00000027
0x00000000067c1f40 1 0 2020-02-11 12:57:16 UTC+0000 PSched \Device\PSched
0x000000000680c1a8 1 0 2020-02-11 12:57:18 UTC+0000 ACPI#PNP0...800845c} \Device\00000043
0x000000000680c1f8 1 0 2020-02-11 12:57:18 UTC+0000 PCI#VEN_1...fc3358c} \Device\NTPNP_PCI0005
0x000000000680c248 1 0 2020-02-11 12:57:18 UTC+0000 Root#MS_P...fc3358c} \Device\00000028
0x000000000680c4f8 1 0 2020-02-11 12:57:18 UTC+0000 {C9CCA781...73CDC54} \Device\{C9CCA781-1E30-4BDD-A33E-13F3373CDC54}
0x000000000680c670 1 0 2020-02-11 12:57:16 UTC+0000 Root#MS_P...fc3358c} \Device\00000029
0x000000000680c768 1 0 2020-02-11 12:57:16 UTC+0000 A: \Device\Floppy0
0x000000000680c830 1 0 2020-02-11 12:57:16 UTC+0000 Volume{85...172696f} \Device\Floppy0
0x000000000680c980 1 0 2020-02-11 12:57:16 UTC+0000 FDC#GENER...91efb8b} \Device\FloppyPDO0
0x000000000680cb78 1 0 2020-02-11 12:57:16 UTC+0000 ACPI#PNP0...91405dd} \Device\00000041
0x000000000680cdd8 1 0 2020-02-11 12:57:16 UTC+0000 Root#MS_N...fc3358c} \Device\00000024
0x000000000680cf38 1 0 2020-02-11 12:57:16 UTC+0000 Root#RDP_...91405dd} \Device\0000002b
0x000000000680cfe0 1 0 2020-02-11 12:57:16 UTC+0000 Root#RDP_...91405dd} \Device\0000002a
0x000000000682f140 1 0 2020-02-11 12:57:18 UTC+0000 ACPI#PNP0...be10318} \Device\00000044
0x000000000682f218 1 0 2020-02-11 12:57:18 UTC+0000 DISPLAY1 \Device\Video0
0x000000000682fa78 1 0 2020-02-11 12:57:16 UTC+0000 {18DD0775...14B6CEF} \Device\{18DD0775-33B7-4F93-9D30-4475914B6CEF}
0x000000000682fcb8 1 0 2020-02-11 12:57:16 UTC+0000 multi(0)d...fdisk(0) \Device\Floppy0
0x000000000687cbf8 1 0 2020-02-11 12:57:18 UTC+0000 COM1 \Device\Serial0
0x000000000687cf10 1 0 2020-02-11 12:57:18 UTC+0000 ACPI#PNP0...e301f73} \Device\00000044
0x00000000068ef668 1 0 2020-02-11 12:57:19 UTC+0000 PIPE \Device\NamedPipe
0x00000000068ef710 1 0 2020-02-11 12:57:18 UTC+0000 Shadow \Device\LanmanRedirector
0x00000000068f17d0 1 0 2020-02-11 12:57:19 UTC+0000 PRN \DosDevices\LPT1
0x00000000068f1a18 1 0 2020-02-11 12:57:18 UTC+0000 Ip \Device\Ip
0x0000000006a00590 1 0 2020-02-11 12:57:16 UTC+0000 ACPI#Genu...29dbdd0} \Device\00000035
0x0000000006a00708 1 0 2020-02-11 12:57:16 UTC+0000 D: \Device\CdRom0
0x0000000006a009d8 1 0 2020-02-11 12:57:16 UTC+0000 NdisWan \Device\NdisWan
0x0000000006a00c50 1 0 2020-02-11 12:57:16 UTC+0000 {470AC39E...84F057F} \Device\{470AC39E-8BC9-4AC9-B48E-C9B7E84F057F}
0x0000000006b80ad0 1 0 2020-02-11 12:57:18 UTC+0000 fsWrap \Device\FsWrap
0x0000000006b80b28 1 0 2020-02-11 12:57:19 UTC+0000 NUL \Device\Null
0x0000000006b80d98 1 0 2020-02-11 12:57:18 UTC+0000 Tcp \Device\Tcp
0x0000000006b80de8 1 0 2020-02-11 12:57:18 UTC+0000 IPMULTICAST \Device\IPMULTICAST
0x0000000008943118 1 0 2020-02-11 12:57:20 UTC+0000 Global \Global??
0x0000000008bc3fe0 1 0 2020-02-11 12:57:20 UTC+0000 Ndisuio \Device\Ndisuio
0x0000000008bffdf0 1 0 2020-02-11 12:57:20 UTC+0000 Global \Global??
0x000000000a1cefe0 1 0 2020-02-11 12:57:21 UTC+0000 Global \Global??
0x000000000c60f2e0 1 0 2020-02-11 12:57:30 UTC+0000 $VDMLPT1 \Device\ParallelVdm0
thrdscan
Offset(P) PID TID Start Address Create Time Exit Time
------------------ ------ ------ ------------- ------------------------------ ------------------------------
0x00000000018f71a8 800 1736 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x00000000018f78d0 844 1732 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001944020 4 124 0xf9b6c92d 2020-02-11 12:57:16 UTC+0000
0x0000000001944da8 4 128 0xf9b6d133 2020-02-11 12:57:16 UTC+0000
0x0000000001953328 876 1512 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x00000000019535a0 876 1508 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x000000000195f020 4 252 0xf98686c4 2020-02-11 12:57:18 UTC+0000
0x000000000196c8a8 528 1668 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001973540 1284 1348 0x7c8106e9 2020-02-11 12:57:22 UTC+0000
0x00000000019746a8 1172 1180 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001974da8 800 1424 0x7c8106e9 2020-02-11 12:57:23 UTC+0000
0x00000000019793d0 800 1524 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001979c78 876 1516 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x00000000019b8578 1172 1196 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019b88b8 1172 1192 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019b8b30 1172 1188 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019b8da8 1172 1184 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019c4650 288 308 0x485893b2 2020-02-11 12:57:19 UTC+0000
0x00000000019c4be0 516 824 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x00000000019c7020 800 1152 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019c7358 800 1164 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019c77a0 800 1160 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019c7a18 800 1156 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019c7da8 388 432 0x764c7cdf 2020-02-11 12:57:19 UTC+0000
0x00000000019ca980 388 404 0x75a84616 2020-02-11 12:57:19 UTC+0000
0x00000000019cada8 388 396 0x764c7d63 2020-02-11 12:57:19 UTC+0000
0x00000000019cbc10 412 728 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x00000000019cc470 736 1616 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x00000000019cc6e8 800 1612 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x00000000019cc960 800 1608 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x00000000019ccda8 800 1632 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x00000000019cd4d8 1284 1300 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019cd7b0 1284 1296 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019ce350 516 1320 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019d1da8 412 508 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x00000000019d2530 4 268 0xf9630517 2020-02-11 12:57:18 UTC+0000
0x00000000019d8558 516 652 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x00000000019dada8 528 620 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x00000000019dc660 800 1056 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019dda00 412 504 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x00000000019e0da8 1284 1328 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019e2cb0 528 576 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x00000000019e52c8 528 612 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x00000000019e64f8 800 1208 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019e6840 800 1204 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019e8da8 516 724 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x00000000019e9600 412 1264 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019e98b8 412 1252 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019e9b38 1284 1336 0x7c8106e9 2020-02-11 12:57:22 UTC+0000
0x00000000019eb290 4 1648 0xf8e75ce4 2020-02-11 12:57:30 UTC+0000
0x00000000019ebda8 800 1644 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x00000000019ef3b8 516 1704 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x00000000019f0b38 876 968 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019f4a58 800 840 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x00000000019f6da8 412 712 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x00000000019f88b8 800 976 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x00000000019fb4a8 1284 1444 0x7c8106e9 2020-02-11 12:57:24 UTC+0000
0x00000000019fb720 736 1440 0x7c8106e9 2020-02-11 12:57:24 UTC+0000
0x00000000019fbc10 516 1432 0x7c8106e9 2020-02-11 12:57:24 UTC+0000
0x00000000019fc2d0 412 524 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x00000000019fd878 676 696 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x00000000019fdda8 676 704 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x00000000019ffda8 412 512 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a01da8 736 768 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a02928 1268 1272 0x7c8106f5 2020-02-11 12:57:21 UTC+0000
0x0000000001a033b8 800 1664 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a046f0 528 580 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a05328 736 1640 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a05640 516 1636 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a058b8 800 1628 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a05b30 800 1624 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a066f0 528 596 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a06b18 528 600 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a074a0 4 1492 0xf8ee1814 2020-02-11 12:57:30 UTC+0000
0x0000000001a07718 4 1488 0xf8eff5a8 2020-02-11 12:57:30 UTC+0000
0x0000000001a07990 4 1484 0xf8eff5a8 2020-02-11 12:57:30 UTC+0000
0x0000000001a07c08 4 1480 0xf8eff5a8 2020-02-11 12:57:30 UTC+0000
0x0000000001a08298 800 820 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a08598 800 816 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a09ae0 800 916 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a0ada8 528 560 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a0c810 844 904 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a0caf0 844 900 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a0eda8 528 616 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a10da8 516 660 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a11cc8 736 740 0x7c8106f5 2020-02-11 12:57:20 UTC+0000
0x0000000001a131d0 528 1676 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a13680 528 1672 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a14200 800 1688 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a149b8 800 1684 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a14cb0 528 1680 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a172c8 528 608 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a19020 736 752 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a192f8 736 756 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a1eda8 412 984 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a20590 528 1020 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a21c10 388 408 0x75a83b3a 2020-02-11 12:57:19 UTC+0000
0x0000000001a22b30 736 1452 0x7c8106e9 2020-02-11 12:57:24 UTC+0000
0x0000000001a22da8 676 1448 0x7c8106e9 2020-02-11 12:57:24 UTC+0000
0x0000000001a23da8 1268 1360 0x7c8106e9 2020-02-11 12:57:22 UTC+0000
0x0000000001a24320 800 1476 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a24a20 1284 1464 0x7c8106e9 2020-02-11 12:57:27 UTC+0000
0x0000000001a25da8 528 732 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a28320 516 664 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a29490 288 304 0x485893b2 2020-02-11 12:57:19 UTC+0000
0x0000000001a2ab00 800 804 0x7c8106f5 2020-02-11 12:57:20 UTC+0000
0x0000000001a2d200 388 536 0x764c7cdf 2020-02-11 12:57:19 UTC+0000
0x0000000001a2fda8 528 668 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a30c90 516 672 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a33a20 516 868 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a38da8 676 808 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a3f358 528 1224 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a3f848 800 1216 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a3fba8 800 1212 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a406f0 412 572 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a41da8 288 292 0x4858a4c8 2020-02-11 12:57:18 UTC+0000
0x0000000001a44558 412 496 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a45558 736 760 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a48558 516 588 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a49558 412 416 0x103e5e1 2020-02-11 12:57:19 UTC+0000
0x0000000001a49980 388 428 0x764c7cdf 2020-02-11 12:57:19 UTC+0000
0x0000000001a49da8 388 424 0x75a84616 2020-02-11 12:57:19 UTC+0000
0x0000000001a4a488 1172 1176 0x7c8106f5 2020-02-11 12:57:21 UTC+0000
0x0000000001a4ad18 800 1168 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a4bb00 412 1656 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a4bda8 412 1652 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a4d620 516 584 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a4f3d0 800 1604 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a4f648 4 1600 0xf8e75ce4 2020-02-11 12:57:30 UTC+0000
0x0000000001a4fda8 800 1592 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a68460 876 936 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a689a8 844 920 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a69320 800 1140 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a69608 800 1136 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a69958 516 1132 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a69c38 412 1116 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a6b678 516 656 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a6d4e0 800 1692 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a6e3b8 736 748 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a6ec88 412 708 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a6fa50 516 872 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a70248 516 520 0x7c8106f5 2020-02-11 12:57:19 UTC+0000
0x0000000001a706a8 676 680 0x7c8106f5 2020-02-11 12:57:19 UTC+0000
0x0000000001a71da8 528 604 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a738d0 800 1128 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a754f0 528 556 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a764f0 800 896 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a7a508 1284 1392 0x7c8106e9 2020-02-11 12:57:22 UTC+0000
0x0000000001a7e5a8 800 1536 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a7eda8 800 1528 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a7fb70 528 1008 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a83968 412 992 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a85640 528 1552 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a858b8 800 1548 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a85da8 800 1540 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a8d9f8 800 1696 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001a8f0f8 4 272 0xf9630517 2020-02-11 12:57:18 UTC+0000
0x0000000001a90250 800 1048 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a904c8 800 1044 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a90740 412 1040 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001a90da8 4 264 0xf9f11038 2020-02-11 12:57:18 UTC+0000
0x0000000001a91c30 516 540 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a934a0 4 256 0xf982d086 2020-02-11 12:57:18 UTC+0000
0x0000000001a959b0 528 640 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a95da8 528 544 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a99550 844 848 0x7c8106f5 2020-02-11 12:57:20 UTC+0000
0x0000000001a99da8 516 648 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001a9b858 800 812 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001a9f8b8 800 1588 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001aac480 528 548 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001ac5538 736 764 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001ac7788 412 996 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001ac9c48 676 692 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001ad5970 528 552 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001ae1838 516 688 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001aee640 412 1100 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001aeeb30 388 1092 0x75a84616 2020-02-11 12:57:21 UTC+0000
0x0000000001af2568 1284 1292 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001af28f8 1284 1288 0x7c8106f5 2020-02-11 12:57:21 UTC+0000
0x0000000001af3da8 1412 1416 0x7c8106f5 2020-02-11 12:57:22 UTC+0000
0x0000000001af6470 1284 1316 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001af6800 1284 1312 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001af6ae0 1284 1308 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001af6da8 1284 1304 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001af7278 4 1504 0xf8eded14 2020-02-11 12:57:30 UTC+0000
0x0000000001af7b30 876 1500 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001afb558 388 400 0x764cbebd 2020-02-11 12:57:19 UTC+0000
0x0000000001afbda8 800 892 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001afc620 844 1716 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001afc898 516 1712 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001afcce8 736 1708 0x7c8106e9 2020-02-11 12:57:30 UTC+0000
0x0000000001b002e0 528 624 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001b008a8 736 744 0x7c8106e9 2020-02-11 12:57:20 UTC+0000
0x0000000001b01820 800 1148 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001b01da8 800 1144 0x7c8106e9 2020-02-11 12:57:21 UTC+0000
0x0000000001b04628 4 284 0x805aba3e 2020-02-11 12:57:18 UTC+0000
0x0000000001b06da8 4 280 0xf96198b1 2020-02-11 12:57:18 UTC+0000
0x0000000001b098c0 876 880 0x7c8106f5 2020-02-11 12:57:20 UTC+0000
0x0000000001b0bda8 412 500 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001b0c798 412 716 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001b10da8 4 276 0xf9630517 2020-02-11 12:57:18 UTC+0000
0x0000000001b14c40 676 700 0x7c8106e9 2020-02-11 12:57:19 UTC+0000
0x0000000001b74b38 4 104 0xf98b8b85 2020-02-11 12:57:12 UTC+0000
0x0000000001bad7b0 4 96 0xf9a0db10 2020-02-11 12:57:10 UTC+0000
0x0000000001bbf020 4 84 0x804e8aa0 2020-02-11 12:57:10 UTC+0000
0x0000000001bbf4b0 4 88 0x8051185a 2020-02-11 12:57:10 UTC+0000
0x0000000001bc22c8 4 80 0x804e757a 2020-02-11 12:57:10 UTC+0000
0x0000000001bc25c0 4 76 0x80660eaa 2020-02-11 12:57:10 UTC+0000
0x0000000001bc2838 4 72 0x80516f8b 2020-02-11 12:57:10 UTC+0000
0x0000000001bc3020 4 64 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc3da8 4 68 0x80566811 2020-02-11 12:57:10 UTC+0000
0x0000000001bc4020 4 40 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc43c8 4 60 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc4640 4 56 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc48b8 4 52 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc4b30 4 48 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc4da8 4 44 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc5020 4 16 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc53c8 4 36 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc5640 4 32 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc58b8 4 28 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc5b30 4 24 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc5da8 4 20 0x804e6196 2020-02-11 12:57:10 UTC+0000
0x0000000001bc6510 4 12 0x8050aa31 2020-02-11 12:57:19 UTC+0000
0x0000000001bc6958 4 8 0x806a32fa
0x0000000001bcf3a8 4 100 0x804fe4b9 2020-02-11 12:57:10 UTC+0000
0x0000000001bf0020 4 92 0x8051185a 2020-02-11 12:57:10 UTC+0000
unloadedmodules
Name StartAddress EndAddress Time
-------------------- ------------ ---------- ----
Sfloppy.SYS 0x00f9f0c000 0xf9f0f000 2020-02-11 12:57:18
Cdaudio.SYS 0x00f9d54000 0xf9d59000 2020-02-11 12:57:18
redbook.sys 0x00f9bdc000 0xf9bea000 2020-02-11 12:57:18
imapi.sys 0x00f9bec000 0xf9bf7000 2020-02-11 12:57:18
sockets
Offset(V) PID Port Proto Protocol Address Create Time
---------- -------- ------ ------ --------------- --------------- -----------
0x816f0210 800 123 17 UDP 10.0.2.15 2020-02-11 12:57:30 UTC+0000
0x8156cba8 528 500 17 UDP 0.0.0.0 2020-02-11 12:57:30 UTC+0000
0x816b5aa0 4 445 6 TCP 0.0.0.0 2020-02-11 12:57:18 UTC+0000
0x8170e1c8 736 135 6 TCP 0.0.0.0 2020-02-11 12:57:20 UTC+0000
0x81613920 528 0 255 Reserved 0.0.0.0 2020-02-11 12:57:30 UTC+0000
0x8164fb88 800 123 17 UDP 127.0.0.1 2020-02-11 12:57:30 UTC+0000
0x81673748 4 139 6 TCP 10.0.2.15 2020-02-11 12:57:24 UTC+0000
0x814f7b30 844 1025 17 UDP 0.0.0.0 2020-02-11 12:57:30 UTC+0000
0x8160be98 4 137 17 UDP 10.0.2.15 2020-02-11 12:57:24 UTC+0000
0x8156c228 528 4500 17 UDP 0.0.0.0 2020-02-11 12:57:30 UTC+0000
0x815f5260 4 445 17 UDP 0.0.0.0 2020-02-11 12:57:18 UTC+0000
0x81632548 4 138 17 UDP 10.0.2.15 2020-02-11 12:57:24 UTC+0000
sockscan
Offset(P) PID Port Proto Protocol Address Create Time
---------- -------- ------ ------ --------------- --------------- -----------
0x018f7b30 844 1025 17 UDP 0.0.0.0 2020-02-11 12:57:30 UTC+0000
0x0196c228 528 4500 17 UDP 0.0.0.0 2020-02-11 12:57:30 UTC+0000
0x0196cba8 528 500 17 UDP 0.0.0.0 2020-02-11 12:57:30 UTC+0000
0x019f5260 4 445 17 UDP 0.0.0.0 2020-02-11 12:57:18 UTC+0000
0x01a0be98 4 137 17 UDP 10.0.2.15 2020-02-11 12:57:24 UTC+0000
0x01a13920 528 0 255 Reserved 0.0.0.0 2020-02-11 12:57:30 UTC+0000
0x01a32548 4 138 17 UDP 10.0.2.15 2020-02-11 12:57:24 UTC+0000
0x01a4fb88 800 123 17 UDP 127.0.0.1 2020-02-11 12:57:30 UTC+0000
0x01a73748 4 139 6 TCP 10.0.2.15 2020-02-11 12:57:24 UTC+0000
0x01ab5aa0 4 445 6 TCP 0.0.0.0 2020-02-11 12:57:18 UTC+0000
0x01af0210 800 123 17 UDP 10.0.2.15 2020-02-11 12:57:30 UTC+0000
0x01b0e1c8 736 135 6 TCP 0.0.0.0 2020-02-11 12:57:20 UTC+0000
以上。