概要
volatilityの作法、調べてみた。
winxpsp3のスナップショット、取ってみた。
handles
Offset(V) Pid Handle Access Type Details
---------- ------ ---------- ---------- ---------------- -------
0x817c6bd0 4 0x4 0x1f0fff Process System(4)
0x817c6510 4 0x8 0x0 Thread TID 12 PID 4
0xe1325b10 4 0xc 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER\MEMORY MANAGEMENT\PREFETCHPARAMETERS
0xe10070e0 4 0x10 0x0 Key
0xe132e140 4 0x14 0x20019 Key MACHINE\SYSTEM\WPA\KEY-QQDRV3JCYR96TMX49FWYR
0xe132fcd0 4 0x18 0x20019 Key MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MULTIFUNCTIONADAPTER
0xe132fd90 4 0x1c 0x20019 Key MACHINE\SYSTEM\WPA\KEY-28W34WWKYT9TPVMYFTKXT
0xe1336a90 4 0x20 0x2001f Key MACHINE\SYSTEM\SETUP
0xe132e338 4 0x24 0x20019 Key MACHINE\SYSTEM\WPA\KEY-QB73PBDMF6XM2798HY4BB
0xe1330020 4 0x28 0x20019 Key MACHINE\SYSTEM\WPA\PNP
0xe132fb68 4 0x2c 0x20019 Key MACHINE\SYSTEM\WPA\SIGNINGHASH-2J946TKMBDVV39
0xe1330f88 4 0x30 0x20019 Key MACHINE\SYSTEM\WPA\SIGNINGHASH-J2X2CYPVVTP4HV
0xe132fad0 4 0x34 0x20019 Key MACHINE\SYSTEM\WPA\SIGNINGHASH-XT33R8KXVF2JY7
0xe1324748 4 0x38 0x2001f Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRODUCTOPTIONS
0xe132f8c0 4 0x3c 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG
0x817bfcd0 4 0x40 0x1f0003 Event TRKWKS_EVENT
0x816934a0 4 0x7c 0x1f03ff Thread TID 256 PID 4
0x817ad7b0 4 0x88 0x1f03ff Thread TID 96 PID 4
0xe1397328 4 0x8c 0xf000f Directory WinDfs
0xe1393818 4 0x94 0xf000f Directory Harddisk0
0x816204b0 4 0x330 0x12019f File \Device\Gpc
0x816841d8 4 0x334 0xf0003 Desktop Disconnect
0x81611980 4 0x338 0x1200a0 File \Device\Tcp
0x816d0ad0 4 0x33c 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0x81714f90 4 0x340 0x2000003 File \Device\HarddiskVolume1\WINDOWS\system32\config\SAM.LOG
0x817158a8 4 0x344 0x3 File \Device\HarddiskVolume1\WINDOWS\system32\config\system.LOG
0x817155a8 4 0x348 0x2000003 File \Device\HarddiskVolume1\WINDOWS\system32\config\default
0x81715370 4 0x34c 0x2000003 File \Device\HarddiskVolume1\WINDOWS\system32\config\default.LOG
0x81636180 4 0x350 0x438 Process lsass.exe(528)
0x81715bd8 4 0x354 0x3 File \Device\HarddiskVolume1\WINDOWS\system32\config\system
0xe17d5a80 4 0x358 0x1f0001 Port
0x817160d8 4 0x35c 0x2000003 File \Device\HarddiskVolume1\WINDOWS\system32\config\software.LOG
0x8170e9d0 4 0x360 0x2000003 File \Device\HarddiskVolume1\WINDOWS\system32\config\software
0xe17d6c28 4 0x364 0x1f0001 Port
0x81690da8 4 0x368 0x1f03ff Thread TID 264 PID 4
0x8170e580 4 0x36c 0x2000003 File \Device\HarddiskVolume1\WINDOWS\system32\config\SECURITY.LOG
0x81717bc0 4 0x370 0x12019f File \Device\Tcp
0x81717028 4 0x374 0x12019f File \Device\Gpc
0x8166f488 4 0x378 0x12019f File \Device\Gpc
0x815e56a0 4 0x37c 0x12019f File \Device\Tcp
0x81717dc0 4 0x380 0x12019f File \Device\Udp
0x817162a8 4 0x384 0x2000003 File \Device\HarddiskVolume1\WINDOWS\system32\config\SECURITY
0x816302a8 4 0x388 0x12019f File \Device\Tcp
0x8170d7e0 4 0x38c 0x140003 File \Device\HarddiskVolume1\pagefile.sys
0x816b3ae0 4 0x390 0x100003 Event LanmanServerAnnounceEvent
0x816c82b8 4 0x394 0x1f0003 Event StuckThreadEvent
0xe1463380 4 0x398 0x4 Directory WindowStations
0x8166a028 4 0x39c 0x120089 File \Device\Tcp
0xe1648610 4 0x3a0 0x2 Key MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\RNG
0x816dc848 4 0x3a4 0x12019f File \Device\Udp
0x81714a20 4 0x3a8 0x12019f File \Device\Tcp
0x81636180 4 0x3ac 0x28 Process lsass.exe(528)
0x816bb230 4 0x3b0 0x12019f File \Device\Udp
0xe15fb7f8 4 0x3b4 0x1f0001 Port SeRmCommandPort
0x815dec60 4 0x3b8 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\NetworkService\NTUSER.DAT
0x81633450 4 0x3bc 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
0x817151a0 4 0x3c0 0x2000003 File \Device\HarddiskVolume1\WINDOWS\system32\config\SAM
0x815fec30 4 0x3c4 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\NetworkService\ntuser.dat.LOG
0x81630210 4 0x3c8 0x12019f File \Device\Tcp
0x8168e468 4 0x3cc 0x12019f File \Device\Tcp
0x8167a0a0 4 0x3d0 0x12019f File \Device\Tcp
0x816cb140 4 0x3d4 0x12019f File \Device\Tcp
0x815cd028 4 0x3d8 0x12019f File \Device\Tcp
0x815cd0f0 4 0x3dc 0x12019f File \Device\Tcp
0x816ab5c0 4 0x3e0 0x12019f File \Device\Tcp
0x8170f028 4 0x3e4 0x12019f File \Device\Tcp
0x8166e328 4 0x3e8 0x12019f File \Device\Tcp
0x8166e290 4 0x3ec 0x12019f File \Device\Tcp
0x816454c8 4 0x3f0 0x12019f File \Device\Tcp
0x816453b0 4 0x3f4 0x12019f File \Device\Tcp
0x81645298 4 0x3f8 0x12019f File \Device\Tcp
0x8166a738 4 0x3fc 0x12019f File \Device\Tcp
0x8166a620 4 0x400 0x12019f File \Device\Tcp
0x8166a468 4 0x404 0x12019f File \Device\Tcp
0x816acde8 4 0x408 0x12019f File \Device\Tcp
0x816accb0 4 0x40c 0x12019f File \Device\Tcp
0x816acaf8 4 0x410 0x12019f File \Device\Tcp
0x816ac940 4 0x414 0x12019f File \Device\Tcp
0x816f5ea0 4 0x418 0x12019f File \Device\Tcp
0x816f5d18 4 0x41c 0x12019f File \Device\Tcp
0x816f5b60 4 0x420 0x12019f File \Device\Tcp
0x8161fef0 4 0x424 0x12019f File \Device\Tcp
0x8161fd68 4 0x428 0x12019f File \Device\Tcp
0x8161fbe0 4 0x42c 0x12019f File \Device\Tcp
0x81651738 4 0x430 0x12019f File \Device\Tcp
0x816515b0 4 0x434 0x12019f File \Device\Tcp
0x816513f8 4 0x438 0x12019f File \Device\Tcp
0x81651240 4 0x43c 0x12019f File \Device\Tcp
0x81636e70 4 0x440 0x12019f File \Device\Tcp
0x81636cb8 4 0x444 0x12019f File \Device\Tcp
0x81636b00 4 0x448 0x12019f File \Device\Tcp
0x8162b558 4 0x44c 0x12019f File \Device\Tcp
0x8162b3a0 4 0x450 0x12019f File \Device\Tcp
0x8162b1e8 4 0x454 0x12019f File \Device\Tcp
0x8162b0d0 4 0x458 0x12019f File \Device\Tcp
0x8161c438 4 0x45c 0x12019f File \Device\Tcp
0x8161c280 4 0x460 0x12019f File \Device\Tcp
0x8160a798 4 0x464 0x12019f File \Device\Tcp
0x8160a660 4 0x468 0x12019f File \Device\Tcp
0x8160a4a8 4 0x46c 0x12019f File \Device\Tcp
0x8160a2f0 4 0x470 0x12019f File \Device\Tcp
0x815d7838 4 0x474 0x12019f File \Device\Tcp
0x815d7680 4 0x478 0x12019f File \Device\Tcp
0x815d74c8 4 0x47c 0x12019f File \Device\Tcp
0x815d6028 4 0x480 0x12019f File \Device\Tcp
0x815d6460 4 0x484 0x12019f File \Device\Tcp
0x815d62a8 4 0x488 0x12019f File \Device\Tcp
0x8164def0 4 0x48c 0x12019f File \Device\Tcp
0x815e59b0 4 0x490 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\LocalService\ntuser.dat.LOG
0x8163f5f8 4 0x494 0x20 File \Device\LanmanRedirector
0x815c4af8 4 0x498 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\LocalService\NTUSER.DAT
0x8161ca60 4 0x49c 0x12019f File \Device\NetBT_Tcpip_{18DD0775-33B7-4F93-9D30-4475914B6CEF}
0x816cf0c0 4 0x4a0 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0x81618a10 4 0x4a4 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
0x8163f6e0 4 0x4a8 0x120116 File \Device\Mup
0x81632788 4 0x4ac 0x12019f File \Device\Tcp
0x81616698 4 0x4b0 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\testuser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0x8162db20 4 0x4b4 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\testuser\NTUSER.DAT
0x815503e0 4 0x4b8 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\testuser\ntuser.dat.LOG
0x81616288 4 0x4bc 0x2000003 File \Device\HarddiskVolume1\Documents and Settings\testuser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
0x816c3448 4 0x4c0 0x12019f File \Device\Tcp
0x815e34b0 4 0x4c4 0x12019f File \Device\Tcp
0x815e3718 4 0x4c8 0x12019f File \Device\Tcp
0x816324d0 4 0x4cc 0x12019f File \Device\Tcp
0x816383c8 4 0x4d0 0x12019f File \Device\Tcp
0x8160be20 4 0x4d4 0x12019f File \Device\Tcp
0x8166c358 4 0x4d8 0x12019f File \Device\Tcp
0x815e3f90 4 0x4dc 0x12019f File \Device\Tcp
0x816423b8 4 0x4e0 0x12019f File \Device\Tcp
0x81688b90 4 0x4e4 0x12019f File \Device\Tcp
0x81623c30 4 0x4e8 0x12019f File \Device\Tcp
0x816f3c98 4 0x4ec 0x12019f File \Device\Tcp
0x816f3a70 4 0x4f0 0x12019f File \Device\Tcp
0x816f37f8 4 0x4f4 0x12019f File \Device\Tcp
0x816f3580 4 0x4f8 0x12019f File \Device\Tcp
0x8163af90 4 0x4fc 0x12019f File \Device\Tcp
0x8163ad68 4 0x500 0x12019f File \Device\Tcp
0x8163aaf0 4 0x504 0x12019f File \Device\Tcp
0x8163a878 4 0x508 0x12019f File \Device\Tcp
0x8163a600 4 0x50c 0x12019f File \Device\Tcp
0x8163a388 4 0x510 0x12019f File \Device\Tcp
0x816cbe00 4 0x514 0x12019f File \Device\Tcp
0x816cbbd8 4 0x518 0x12019f File \Device\Tcp
0x816cb960 4 0x51c 0x12019f File \Device\Tcp
0x816cb6e8 4 0x520 0x12019f File \Device\Tcp
0x816cb470 4 0x524 0x12019f File \Device\Tcp
0x815edf10 4 0x528 0x12019f File \Device\Tcp
0x815edce8 4 0x52c 0x12019f File \Device\Tcp
0x815eda70 4 0x530 0x12019f File \Device\Tcp
0x815ed7f8 4 0x534 0x12019f File \Device\Tcp
0x815ed580 4 0x538 0x12019f File \Device\Tcp
0x815ed308 4 0x53c 0x12019f File \Device\Tcp
0x816f1db0 4 0x540 0x12019f File \Device\Tcp
0x816f1b38 4 0x544 0x12019f File \Device\Tcp
0x816f18c0 4 0x548 0x12019f File \Device\Tcp
0x816f1648 4 0x54c 0x12019f File \Device\Tcp
0x816f13d0 4 0x550 0x12019f File \Device\Tcp
0x8155fe80 4 0x554 0x12019f File \Device\Tcp
0x8155fc08 4 0x558 0x12019f File \Device\Tcp
0x8155f990 4 0x55c 0x12019f File \Device\Tcp
0x8155f718 4 0x560 0x12019f File \Device\Tcp
0x8155f4a0 4 0x564 0x12019f File \Device\Tcp
0x8163df90 4 0x568 0x12019f File \Device\Tcp
0x8163dd18 4 0x56c 0x12019f File \Device\Tcp
0x8163daa0 4 0x570 0x12019f File \Device\Tcp
0x8163d828 4 0x574 0x12019f File \Device\Tcp
0x8163d5b0 4 0x578 0x12019f File \Device\Tcp
0x8163d338 4 0x57c 0x12019f File \Device\Tcp
0x8163be00 4 0x580 0x12019f File \Device\Tcp
0x8163bbd8 4 0x584 0x12019f File \Device\Tcp
0x8163b960 4 0x588 0x12019f File \Device\Tcp
0x8163b5f0 4 0x58c 0x12019f File \Device\NetbiosSmb
0x8163b4d8 4 0x590 0x12019f File \Device\NetbiosSmb
0x8161cd58 4 0x594 0x12019f File \Device\NetBT_Tcpip_{18DD0775-33B7-4F93-9D30-4475914B6CEF}
0x815e7dc8 4 0x598 0x120116 File \Device\Mup
0x81646220 4 0x59c 0x12019f File \Device\NetBT_Tcpip_{18DD0775-33B7-4F93-9D30-4475914B6CEF}
0x816f7278 4 0x5a0 0x1f03ff Thread TID 1504 PID 4
0x81691f90 4 0x5a4 0x12019f File \Device\NetBT_Tcpip_{18DD0775-33B7-4F93-9D30-4475914B6CEF}
0x816f74f8 4 0x5a8 0x20 File \Device\WebDavRedirector
0x815ee268 4 0x5ac 0x1f01ff File \Device\Udp
0x8164fd18 4 0x5b0 0x1f01ff File \Device\Udp
0xe1c20248 4 0x5b4 0x2 Key MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\RNG
0x816fa270 4 0x5b8 0x12019f File \Device\NamedPipe\
0x815eb6b8 4 0x5bc 0x1f01ff File \Device\Udp
0x8156c3e8 4 0x5c0 0x1f01ff File \Device\Udp
0x81613bf8 4 0x5c4 0x1f01ff File \Device\RawIp\255
0xe1c2b030 4 0x5c8 0x20f01ff Token
0xe1c0d860 4 0x5cc 0xf001f Section
0xe1c2c9e0 4 0x5d0 0x1f0001 Port
0x8156f7d0 4 0x5d4 0x12019f File \Device\Tcp
0x8166d450 4 0x5d8 0x180 File \Device\NetbiosSmb
0x8156fa98 4 0x5dc 0x0 File \Device\NetbiosSmb
0x8157af90 4 0x5e0 0x12019f File \Device\Tcp
0x8156f3c0 4 0x5e4 0x0 File \Device\NetbiosSmb
0x8157ac48 4 0x5e8 0x180 File \Device\NetbiosSmb
0x8157a3d0 4 0x5ec 0x12019f File \Device\Tcp
0x8157a690 4 0x5f0 0x0 File \Device\NetbiosSmb
0x8168dd78 4 0x5f4 0x12019f File \Device\Tcp
0x8157a1f8 4 0x5f8 0x0 File \Device\NetbiosSmb
0x816fa1d8 4 0x5fc 0x1200a0 File \Device\Udp
0xe15bd338 4 0x6fc 0x20019 Key MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MULTIFUNCTIONADAPTER
0xe15bef78 4 0x70c 0x20019 Key MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MULTIFUNCTIONADAPTER
0xe1006e20 288 0x4 0xf0003 KeyedEvent CritSecOutOfMemoryEvent
0x81623028 288 0x8 0x100020 File \Device\HarddiskVolume1\WINDOWS
0xe15fc4c8 288 0xc 0x1f0001 Port SmApiPort
0xe16172d0 288 0x10 0x1f0001 Port
0xe10003b8 288 0x14 0xf000f Directory GLOBAL??
0xe1403cb8 288 0x18 0xf000f Directory Sessions
0x817110f0 288 0x1c 0x100001 File \Device\HarddiskVolume1\WINDOWS\system32
0xe14f61c8 288 0x20 0xf0001 SymbolicLink KnownDllPath
0xe14f3230 288 0x24 0xf000f Directory KnownDlls
0x816ca9c8 288 0x28 0x1f0003 Event
0x816c9698 288 0x2c 0x1f0003 Event UniqueSessionIdEvent
0x816f53b8 288 0x30 0x1f0fff Process csrss.exe(388)
0x816f53b8 288 0x34 0x400 Process csrss.exe(388)
0xe161aae0 288 0x38 0x1f0001 Port
0xe14ca670 288 0x3c 0x1f0001 Port
0xe14bc528 288 0x40 0x1f0001 Port
0x816f57e0 288 0x48 0x1f0fff Process winlogon.exe(412)
0xe1006e20 388 0x4 0xf0003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 388 0x8 0x3 Directory KnownDlls
0x816942d8 388 0xc 0x100020 File \Device\HarddiskVolume1\WINDOWS\system32
0xe1447b48 388 0x10 0xf000f Directory BNOLINKS
0x816f57e0 388 0x14 0x1f0fff Process winlogon.exe(412)
0xe14c4680 388 0x18 0xf0001 SymbolicLink 0
0xe1447980 388 0x1c 0xf000f Directory 0
0xe14478a8 388 0x20 0xf000f Directory DosDevices
0xe14038f8 388 0x24 0xf000f Directory Windows
0xe1445b28 388 0x28 0xf001f Section
0xe14477d0 388 0x2c 0xf000f Directory BaseNamedObjects
0x815d2220 388 0x30 0x100003 Semaphore
0xe144b9f0 388 0x34 0xf000f Directory Restricted
0xe13fd178 388 0x38 0x4 Section NlsSectionUnicode
0xe144bc30 388 0x3c 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS
0xe14f3688 388 0x40 0x4 Section NlsSectionLocale
0xe14f36f0 388 0x44 0x4 Section NlsSectionCType
0xe14499a8 388 0x48 0x4 Section NlsSectionSortkey
0xe144bbe8 388 0x4c 0x4 Section NlsSectionSortTbls
0xe1449a60 388 0x50 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE
0xe1449ac8 388 0x54 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS
0x81653858 388 0x58 0x100003 Semaphore
0x81620220 388 0x5c 0x100003 Semaphore
0xe1449b30 388 0x60 0x20f003f Key MACHINE
0x815d11f0 388 0x64 0x1f0003 Event
0x81716d98 388 0x68 0x1f0003 Event
0x8169b4f0 388 0x6c 0x1f0003 Event
0x8174ded0 388 0x70 0x1f0003 Event
0x81692208 388 0x74 0x1f0003 Event
0xe1617a20 388 0x78 0x1f0001 Port
0x815cada8 388 0x7c 0x1f03ff Thread TID 396 PID 388
0xe14477d0 388 0x80 0x2000f Directory BaseNamedObjects
0x816c6880 388 0x84 0x1f0003 Event TermSrvReadyEvent
0x816fb558 388 0x88 0x1f03ff Thread TID 400 PID 388
0xe14bfe60 388 0x8c 0x1f0001 Port ApiPort
0xe14c5f68 388 0x90 0x1f0001 Port SbApiPort
0x815ca980 388 0x94 0x1f03ff Thread TID 404 PID 388
0x8169b2a0 388 0x98 0x21f0003 Event
0x81621c10 388 0x9c 0x1f03ff Thread TID 408 PID 388
0xe14df730 388 0xa0 0x1f0001 Port
0x81649558 388 0xa4 0x1f03ff Thread TID 416 PID 412
0xe161a8d8 388 0xa8 0x1f0001 Port
0x81649da8 388 0xac 0x1f03ff Thread TID 424 PID 388
0x81649980 388 0xb0 0x1f03ff Thread TID 428 PID 388
0x815f41b0 388 0xb4 0x21f0003 Event
0x815c7da8 388 0xb8 0x1f03ff Thread TID 432 PID 388
0x8170ced8 388 0xbc 0x21f0003 Event
0x8168f820 388 0xc0 0x1f0003 Event WinSta0_DesktopSwitch
0x81692240 388 0xc4 0x100001 File \Device\0000002a
0x815ff720 388 0xc8 0x100001 File \Device\0000002b
0x816de758 388 0xcc 0x100001 File \Device\00000041
0x815f6250 388 0xd0 0x100001 File \Device\00000040
0xe16c4358 388 0xd4 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRIORITYCONTROL
0x815fdbf0 388 0xd8 0xf0003 WindowStation WinSta0
0x81644558 388 0xdc 0x1f03ff Thread TID 496 PID 412
0xe1648978 388 0xe0 0x20019 Key MACHINE\SYSTEM\SETUP
0x816046f0 388 0xe4 0x1f03ff Thread TID 580 PID 528
0x8170bda8 388 0xe8 0x1f03ff Thread TID 500 PID 412
0x815dda00 388 0xec 0x1f03ff Thread TID 504 PID 412
0x815d1da8 388 0xf0 0x1f03ff Thread TID 508 PID 412
0x815ffda8 388 0xf4 0x1f03ff Thread TID 512 PID 412
0x8153e020 388 0xf8 0x1f0fff Process services.exe(516)
0x81670248 388 0xfc 0x1f03ff Thread TID 520 PID 516
0x815fc2d0 388 0x100 0x1f03ff Thread TID 524 PID 412
0x816f28f8 388 0x104 0x1f03ff Thread TID 1288 PID 1284
0x8161f160 388 0x108 0x100001 File \Device\KsecDD
0x81636180 388 0x10c 0x1f0fff Process lsass.exe(528)
0x81610da8 388 0x110 0x1f03ff Thread TID 660 PID 516
0xe17cfb00 388 0x114 0x1f0001 Port
0xe17cf8e0 388 0x118 0x1f0001 Port
0x8169ddc0 388 0x11c 0x21f0003 Event
0x8162d200 388 0x120 0x1f03ff Thread TID 536 PID 388
0x817077d8 388 0x124 0x21f0003 Event
0x81691c30 388 0x128 0x1f03ff Thread TID 540 PID 516
0x816ac480 388 0x12c 0x1f03ff Thread TID 548 PID 528
0x81695da8 388 0x130 0x1f03ff Thread TID 544 PID 528
0x816d5970 388 0x134 0x1f03ff Thread TID 552 PID 528
0x816754f0 388 0x138 0x1f03ff Thread TID 556 PID 528
0x8160ada8 388 0x13c 0x1f03ff Thread TID 560 PID 528
0x815cbc10 388 0x140 0x1f03ff Thread TID 728 PID 412
0x816406f0 388 0x144 0x1f03ff Thread TID 572 PID 412
0x815e2cb0 388 0x148 0x1f03ff Thread TID 576 PID 528
0x8164d620 388 0x14c 0x1f03ff Thread TID 584 PID 516
0x81648558 388 0x150 0x1f03ff Thread TID 588 PID 516
0x816066f0 388 0x154 0x1f03ff Thread TID 596 PID 528
0x81606b18 388 0x158 0x1f03ff Thread TID 600 PID 528
0x81671da8 388 0x15c 0x1f03ff Thread TID 604 PID 528
0x816172c8 388 0x160 0x1f03ff Thread TID 608 PID 528
0x815e52c8 388 0x164 0x1f03ff Thread TID 612 PID 528
0x8160eda8 388 0x168 0x1f03ff Thread TID 616 PID 528
0x815dada8 388 0x16c 0x1f03ff Thread TID 620 PID 528
0x817002e0 388 0x170 0x1f03ff Thread TID 624 PID 528
0x81624a20 388 0x174 0x1f03ff Thread TID 1464 PID 1284
0x815d8558 388 0x178 0x1f03ff Thread TID 652 PID 516
0x8166b678 388 0x17c 0x1f03ff Thread TID 656 PID 516
0x816959b0 388 0x180 0x1f03ff Thread TID 640 PID 528
0x81699da8 388 0x184 0x1f03ff Thread TID 648 PID 516
0xe1854548 388 0x188 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\CODEPAGE
0x81628320 388 0x18c 0x1f03ff Thread TID 664 PID 516
0x8162fda8 388 0x190 0x1f03ff Thread TID 668 PID 528
0x81630c90 388 0x194 0x1f03ff Thread TID 672 PID 516
0x81671398 388 0x198 0x1f0fff Process svchost.exe(676)
0x816706a8 388 0x19c 0x1f03ff Thread TID 680 PID 676
0xe185d6e8 388 0x1a0 0x1f0001 Port
0x816e1838 388 0x1a4 0x1f03ff Thread TID 688 PID 516
0x8166ec88 388 0x1a8 0x1f03ff Thread TID 708 PID 412
0x816c9c48 388 0x1ac 0x1f03ff Thread TID 692 PID 676
0x815fd878 388 0x1b0 0x1f03ff Thread TID 696 PID 676
0x81714c40 388 0x1b4 0x1f03ff Thread TID 700 PID 676
0x815fdda8 388 0x1b8 0x1f03ff Thread TID 704 PID 676
0x815f6da8 388 0x1bc 0x1f03ff Thread TID 712 PID 412
0x8170c798 388 0x1c0 0x1f03ff Thread TID 716 PID 412
0x815e8da8 388 0x1c4 0x1f03ff Thread TID 724 PID 516
0x81625da8 388 0x1c8 0x1f03ff Thread TID 732 PID 528
0x815f5da0 388 0x1cc 0x1f0fff Process svchost.exe(736)
0x81611cc8 388 0x1d0 0x1f03ff Thread TID 740 PID 736
0xe189a458 388 0x1d4 0x1f0001 Port
0x8166e3b8 388 0x1d8 0x1f03ff Thread TID 748 PID 736
0x817008a8 388 0x1dc 0x1f03ff Thread TID 744 PID 736
0x81619020 388 0x1e0 0x1f03ff Thread TID 752 PID 736
0x816192f8 388 0x1e4 0x1f03ff Thread TID 756 PID 736
0x81645558 388 0x1e8 0x1f03ff Thread TID 760 PID 736
0x816c5538 388 0x1ec 0x1f03ff Thread TID 764 PID 736
0x81601da8 388 0x1f0 0x1f03ff Thread TID 768 PID 736
0x8162ad78 388 0x1f4 0x1f0fff Process svchost.exe(800)
0x8162ab00 388 0x1f8 0x1f03ff Thread TID 804 PID 800
0x81638da8 388 0x1fc 0x1f03ff Thread TID 808 PID 676
0xe18a3e28 388 0x200 0x1f0001 Port
0x81608598 388 0x204 0x1f03ff Thread TID 816 PID 800
0x8169b858 388 0x208 0x1f03ff Thread TID 812 PID 800
0x81608298 388 0x20c 0x1f03ff Thread TID 820 PID 800
0x815c4be0 388 0x210 0x1f03ff Thread TID 824 PID 516
0xe18a5130 388 0x214 0x1f0001 Port
0x81709b78 388 0x218 0x1f0fff Process svchost.exe(876)
0x815f4a58 388 0x21c 0x1f03ff Thread TID 840 PID 800
0x81699838 388 0x220 0x1f0fff Process svchost.exe(844)
0x81699550 388 0x224 0x1f03ff Thread TID 848 PID 844
0x81633a20 388 0x228 0x1f03ff Thread TID 868 PID 516
0x81668460 388 0x22c 0x1f03ff Thread TID 936 PID 876
0x8166fa50 388 0x230 0x1f03ff Thread TID 872 PID 516
0x817098c0 388 0x234 0x1f03ff Thread TID 880 PID 876
0x816fbda8 388 0x238 0x1f03ff Thread TID 892 PID 800
0xe18a9b78 388 0x23c 0x1f0001 Port
0x816764f0 388 0x240 0x1f03ff Thread TID 896 PID 800
0x8160c810 388 0x244 0x1f03ff Thread TID 904 PID 844
0x8160caf0 388 0x248 0x1f03ff Thread TID 900 PID 844
0x81609ae0 388 0x24c 0x1f03ff Thread TID 916 PID 800
0x816689a8 388 0x250 0x1f03ff Thread TID 920 PID 844
0x81669320 388 0x254 0x1f03ff Thread TID 1140 PID 800
0x8167a508 388 0x258 0x1f03ff Thread TID 1392 PID 1284
0x81679788 388 0x25c 0x1f0fff Process ctfmon.exe(1412)
0x815dc660 388 0x260 0x1f03ff Thread TID 1056 PID 800
0x816f3da8 388 0x264 0x1f03ff Thread TID 1416 PID 1412
0x815535a0 388 0x268 0x1f03ff Thread TID 1508 PID 876
0x815f0b38 388 0x26c 0x1f03ff Thread TID 968 PID 876
0x816f7b30 388 0x270 0x1f03ff Thread TID 1500 PID 876
0x815f88b8 388 0x274 0x1f03ff Thread TID 976 PID 800
0x8161eda8 388 0x278 0x1f03ff Thread TID 984 PID 412
0x81623da8 388 0x27c 0x1f03ff Thread TID 1360 PID 1268
0xe1d02a90 388 0x280 0x1f0001 Port
0x81683968 388 0x284 0x1f03ff Thread TID 992 PID 412
0x816c7788 388 0x288 0x1f03ff Thread TID 996 PID 412
0x8167fb70 388 0x28c 0x1f03ff Thread TID 1008 PID 528
0x81620590 388 0x290 0x1f03ff Thread TID 1020 PID 528
0x81624320 388 0x294 0x1f03ff Thread TID 1476 PID 800
0x81690740 388 0x298 0x1f03ff Thread TID 1040 PID 412
0x81573540 388 0x29c 0x1f03ff Thread TID 1348 PID 1284
0x81690250 388 0x2a0 0x1f03ff Thread TID 1048 PID 800
0x816904c8 388 0x2a4 0x1f03ff Thread TID 1044 PID 800
0x81669958 388 0x2a8 0x1f03ff Thread TID 1132 PID 516
0xe1ac6990 388 0x2ac 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\CONTROL PANEL\INTERNATIONAL
0xe1a97910 388 0x2b0 0x20006 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\CONTROL PANEL\INTERNATIONAL
0x816738d0 388 0x2b4 0x1f03ff Thread TID 1128 PID 800
0x81701da8 388 0x2b8 0x1f03ff Thread TID 1144 PID 800
0x81669608 388 0x2bc 0x1f03ff Thread TID 1136 PID 800
0x816ee640 388 0x2c0 0x1f03ff Thread TID 1100 PID 412
0x816eeb30 388 0x2c4 0x1f03ff Thread TID 1092 PID 388
0x81622b30 388 0x2c8 0x1f03ff Thread TID 1452 PID 736
0x81669c38 388 0x2cc 0x1f03ff Thread TID 1116 PID 412
0x81701820 388 0x2d0 0x1f03ff Thread TID 1148 PID 800
0x815c7a18 388 0x2d4 0x1f03ff Thread TID 1156 PID 800
0x815c7020 388 0x2d8 0x1f03ff Thread TID 1152 PID 800
0x815c77a0 388 0x2dc 0x1f03ff Thread TID 1160 PID 800
0x815c7358 388 0x2e0 0x1f03ff Thread TID 1164 PID 800
0x8164ad18 388 0x2e4 0x1f03ff Thread TID 1168 PID 800
0x8164a810 388 0x2e8 0x1f0fff Process spoolsv.exe(1172)
0x8164a488 388 0x2ec 0x1f03ff Thread TID 1176 PID 1172
0xe16765f0 388 0x2f0 0x1f0001 Port
0xe16769d0 388 0x2f4 0xf0007 Section
0x816eb540 388 0x2f8 0x21f0003 Event
0x815b8da8 388 0x2fc 0x1f03ff Thread TID 1184 PID 1172
0x815746a8 388 0x300 0x1f03ff Thread TID 1180 PID 1172
0x815b8b30 388 0x304 0x1f03ff Thread TID 1188 PID 1172
0x815b88b8 388 0x308 0x1f03ff Thread TID 1192 PID 1172
0x815b8578 388 0x30c 0x1f03ff Thread TID 1196 PID 1172
0x8169f8b8 388 0x310 0x1f03ff Thread TID 1588 PID 800
0x815e6840 388 0x314 0x1f03ff Thread TID 1204 PID 800
0x815e64f8 388 0x318 0x1f03ff Thread TID 1208 PID 800
0x8163fba8 388 0x31c 0x1f03ff Thread TID 1212 PID 800
0x8163f848 388 0x320 0x1f03ff Thread TID 1216 PID 800
0x8163f358 388 0x324 0x1f03ff Thread TID 1224 PID 528
0x815e9b38 388 0x328 0x1f03ff Thread TID 1336 PID 1284
0x81602c70 388 0x32c 0x1f0fff Process userinit.exe(1268)
0x815e98b8 388 0x330 0x1f03ff Thread TID 1252 PID 412
0x81602928 388 0x334 0x1f03ff Thread TID 1272 PID 1268
0x815e9600 388 0x338 0x1f03ff Thread TID 1264 PID 412
0xe167dec0 388 0x33c 0x1f0001 Port
0x816f2b70 388 0x340 0x1f0fff Process explorer.exe(1284)
0xe167c930 388 0x344 0x1f0001 Port
0x815cd7b0 388 0x348 0x1f03ff Thread TID 1296 PID 1284
0x816f2568 388 0x34c 0x1f03ff Thread TID 1292 PID 1284
0x815cd4d8 388 0x350 0x1f03ff Thread TID 1300 PID 1284
0x816f6da8 388 0x354 0x1f03ff Thread TID 1304 PID 1284
0x816f6ae0 388 0x358 0x1f03ff Thread TID 1308 PID 1284
0x816f6800 388 0x35c 0x1f03ff Thread TID 1312 PID 1284
0x816f6470 388 0x360 0x1f03ff Thread TID 1316 PID 1284
0x815ce350 388 0x364 0x1f03ff Thread TID 1320 PID 516
0x815e0da8 388 0x368 0x1f03ff Thread TID 1328 PID 1284
0x815fb4a8 388 0x36c 0x1f03ff Thread TID 1444 PID 1284
0x81574da8 388 0x370 0x1f03ff Thread TID 1424 PID 800
0x815fb720 388 0x374 0x1f03ff Thread TID 1440 PID 736
0x815fbc10 388 0x378 0x1f03ff Thread TID 1432 PID 516
0x81622da8 388 0x37c 0x1f03ff Thread TID 1448 PID 676
0x81553328 388 0x380 0x1f03ff Thread TID 1512 PID 876
0x81579c78 388 0x384 0x1f03ff Thread TID 1516 PID 876
0x815793d0 388 0x388 0x1f03ff Thread TID 1524 PID 800
0x8167eda8 388 0x38c 0x1f03ff Thread TID 1528 PID 800
0x8167e5a8 388 0x390 0x1f03ff Thread TID 1536 PID 800
0x81685da8 388 0x394 0x1f03ff Thread TID 1540 PID 800
0x816858b8 388 0x398 0x1f03ff Thread TID 1548 PID 800
0x81685640 388 0x39c 0x1f03ff Thread TID 1552 PID 528
0x8164bda8 388 0x3a0 0x1f03ff Thread TID 1652 PID 412
0x8164fda8 388 0x3a4 0x1f03ff Thread TID 1592 PID 800
0x816033b8 388 0x3ac 0x1f03ff Thread TID 1664 PID 800
0x8164f3d0 388 0x3b0 0x1f03ff Thread TID 1604 PID 800
0x815cc960 388 0x3b4 0x1f03ff Thread TID 1608 PID 800
0x815cc6e8 388 0x3b8 0x1f03ff Thread TID 1612 PID 800
0x815cc470 388 0x3bc 0x1f03ff Thread TID 1616 PID 736
0x81605b30 388 0x3c0 0x1f03ff Thread TID 1624 PID 800
0x816058b8 388 0x3c4 0x1f03ff Thread TID 1628 PID 800
0x815ccda8 388 0x3c8 0x1f03ff Thread TID 1632 PID 800
0x81605640 388 0x3cc 0x1f03ff Thread TID 1636 PID 516
0x81605328 388 0x3d0 0x1f03ff Thread TID 1640 PID 736
0x815ebda8 388 0x3d4 0x1f03ff Thread TID 1644 PID 800
0x8164bb00 388 0x3d8 0x1f03ff Thread TID 1656 PID 412
0x8156c8a8 388 0x3dc 0x1f03ff Thread TID 1668 PID 528
0x81613680 388 0x3e0 0x1f03ff Thread TID 1672 PID 528
0x816131d0 388 0x3e4 0x1f03ff Thread TID 1676 PID 528
0x81614cb0 388 0x3e8 0x1f03ff Thread TID 1680 PID 528
0x816149b8 388 0x3ec 0x1f03ff Thread TID 1684 PID 800
0x81614200 388 0x3f0 0x1f03ff Thread TID 1688 PID 800
0x8166d4e0 388 0x3f4 0x1f03ff Thread TID 1692 PID 800
0x8168d9f8 388 0x3f8 0x1f03ff Thread TID 1696 PID 800
0x815ef3b8 388 0x3fc 0x1f03ff Thread TID 1704 PID 516
0x816fcce8 388 0x400 0x1f03ff Thread TID 1708 PID 736
0x816fc898 388 0x404 0x1f03ff Thread TID 1712 PID 516
0x816fc620 388 0x408 0x1f03ff Thread TID 1716 PID 844
0x814f78d0 388 0x40c 0x1f03ff Thread TID 1732 PID 844
0x814f71a8 388 0x410 0x1f03ff Thread TID 1736 PID 800
0xe1006e20 412 0x4 0xf0003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 412 0x8 0x3 Directory KnownDlls
0x81615e10 412 0xc 0x1f0001 Mutant _Satori_81_MutexObject_S-1-5-18
0x8170d1f8 412 0x10 0x100003 Semaphore
0xe14038f8 412 0x14 0xf000f Directory Windows
0xe16176f8 412 0x18 0x21f0001 Port
0x81609220 412 0x1c 0x100003 Semaphore
0xe1617580 412 0x20 0x20f003f Key MACHINE
0x8167d2c8 412 0x24 0x1f0003 Event crypt32LogoffEvent
0x815ff898 412 0x28 0x21f0003 Event
0xe14477d0 412 0x2c 0x2000f Directory BaseNamedObjects
0x817cb720 412 0x30 0x1f0003 Event userenv: User Profile setup event
0x81665fe0 412 0x34 0x1f0001 Mutant userenv: machine policy mutex
0x81648208 412 0x38 0x1f0001 Mutant userenv: Machine Registry policy mutex
0x81618128 412 0x3c 0x1f0003 Event userenv: Machine Group Policy has been applied
0x815d4128 412 0x40 0x1f0003 Event userenv: Machine Group Policy ForcedRefresh Needs Foreground Processing
0x8161d240 412 0x44 0x1f0003 Event userenv: Machine Group Policy Processing is done
0x815d81a0 412 0x48 0x1f0003 Event userenv: Machine Policy Foreground Done Event
0x817c8308 412 0x4c 0x1f0001 Mutant userenv: user policy mutex
0x81633118 412 0x50 0x1f0001 Mutant userenv: User Registry policy mutex
0x81609128 412 0x54 0x1f0003 Event userenv: User Group Policy has been applied
0x815f2128 412 0x58 0x1f0003 Event userenv: User Group Policy ForcedRefresh Needs Foreground Processing
0x8162e128 412 0x5c 0x1f0003 Event userenv: User Group Policy Processing is done
0x815f7310 412 0x60 0x1f0003 Event userenv: User Policy Foreground Done Event
0x8160b118 412 0x64 0x1f0003 Event
0x81692120 412 0x68 0x1f0001 Mutant
0x816da350 412 0x6c 0x1f0003 Event
0x817c8c58 412 0x70 0x1f0001 Mutant
0x816da320 412 0x74 0x1f0003 Event
0x817131d0 412 0x78 0x1f0001 Mutant
0x816d78c8 412 0x7c 0x1f0001 Mutant
0x81611318 412 0x80 0x1f0003 Event
0x815d42e0 412 0x84 0x1f0001 Mutant
0x816112e8 412 0x88 0x1f0003 Event
0x81645900 412 0x8c 0x1f0003 Event
0xe161df50 412 0x90 0x20f003f Key MACHINE\SOFTWARE\CLASSES
0x816801a0 412 0x94 0x1f0003 Event WinlogonTSSynchronizeEvent
0x816e26f0 412 0x98 0x12019f File \Device\NamedPipe\TerminalServer\AutoReconnect
0x8174d888 412 0x9c 0x1f0003 Event TS-WPAAE
0x816458d0 412 0xa0 0x1f0003 Event
0x816e2350 412 0xa4 0x120089 File \Device\HarddiskVolume1\WINDOWS\system32\kbd101.dll
0x8162a930 412 0xa8 0x1f0003 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0x816af390 412 0xac 0x120089 File \Device\HarddiskVolume1\WINDOWS\system32\kbd106.dll
0x8160a990 412 0xb0 0x120089 File \Device\HarddiskVolume1\WINDOWS\system32\kbdnec.dll
0x815fdbf0 412 0xb4 0xf037f WindowStation WinSta0
0xe1648b18 412 0xb8 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE
0xe1648b80 412 0xbc 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS
0xe1623ae0 412 0xc0 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS
0x817cb768 412 0xc4 0xf01ff Desktop Winlogon
0x815fdbf0 412 0xc8 0xf037f WindowStation WinSta0
0x816841d8 412 0xcc 0xf01ff Desktop Disconnect
0x816db158 412 0xd0 0xf01ff Desktop Default
0x815d8aa0 412 0xd4 0x1f0001 Mutant SingleSesMutex
0x815d8ea8 412 0xd8 0x1f0003 Event ReconEvent
0x81649558 412 0xdc 0x1f03ff Thread TID 416 PID 412
0xe164b188 412 0xe0 0x20f003f Key USER\.DEFAULT
0x8177f3b0 412 0xe4 0x1f0001 Mutant winlogon: Logon UserProfileMapping Mutex
0x815e1db0 412 0xe8 0x1f0003 Event
0x81718b90 412 0xec 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815d18f0 412 0xf0 0x1f0003 Event
0xe1447ad0 412 0xf4 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0xe16c43c0 412 0xf8 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x81647590 412 0xfc 0x1f0003 Event NetworkProviderLoad
0x81608e98 412 0x100 0x1f0003 Event
0xe1648590 412 0x104 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPT32CHAIN
0x81718e98 412 0x108 0x100001 File \Device\KsecDD
0xe16484a0 412 0x10c 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPTNET
0x8161e9f8 412 0x110 0x1f0001 Mutant WPA_PR_MUTEX
0x8160c440 412 0x114 0x1f0003 Event
0x815e6dd0 412 0x11c 0x100003 Semaphore
0xe17ef740 412 0x120 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCLGNTFY
0x816ae7d0 412 0x128 0x21f0003 Event
0x816ee448 412 0x12c 0x1f0003 Event
0xe14cab60 412 0x130 0x1f0001 Port sclogonrpc
0xe17c19b8 412 0x134 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA
0x81710438 412 0x13c 0x1f0003 Event
0x8161ae70 412 0x140 0x1f0003 Event
0x8162c8d8 412 0x144 0x1f0003 Event
0x8162c648 412 0x148 0x1f0003 Event
0x81649558 412 0x14c 0x1f03ff Thread TID 416 PID 412
0xe14ca578 412 0x150 0x1f0001 Port IUserProfile
0x816403f8 412 0x154 0x1f0003 Event
0x81644558 412 0x158 0x1f03ff Thread TID 496 PID 412
0x8164d358 412 0x15c 0x1f0003 Event
0x8170bda8 412 0x160 0x1f03ff Thread TID 500 PID 412
0x816233e8 412 0x164 0x1f0001 Mutant ShimCacheMutex
0xe17ef118 412 0x168 0xf0007 Section ShimSharedMemory
0x8167f020 412 0x16c 0x1f0003 Timer
0x816063c8 412 0x170 0x21f0003 Event
0x815dda00 412 0x174 0x1f03ff Thread TID 504 PID 412
0x816d9cc8 412 0x178 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x81683648 412 0x17c 0x1f0003 IoCompletion
0x81716778 412 0x180 0x1f0003 IoCompletion
0x81717898 412 0x184 0x1f0003 IoCompletion
0x81716778 412 0x188 0x1f0003 IoCompletion
0x816dba68 412 0x18c 0x12019f File \Device\NamedPipe\InitShutdown
0x816c98b0 412 0x190 0x12019f File \Device\NamedPipe\InitShutdown
0x81646e98 412 0x194 0x1f0003 Event
0x815ffda8 412 0x198 0x1f03ff Thread TID 512 PID 412
0x8160cd98 412 0x19c 0x100003 Semaphore
0x815fc2d0 412 0x1a0 0x1f03ff Thread TID 524 PID 412
0x81701358 412 0x1a4 0x1f0003 Timer
0x8153e020 412 0x1a8 0x1f0fff Process services.exe(516)
0x81648d50 412 0x1ac 0x1f0003 Event
0xe17d58d0 412 0x1b0 0x1f0001 Port
0x81636180 412 0x1b4 0x1f0fff Process lsass.exe(528)
0xe17d8fb8 412 0x1b8 0x2001f Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
0x81602880 412 0x1bc 0x1f0003 Event
0x815df4d8 412 0x1c0 0x1f0003 Event
0x815cbc10 412 0x1c4 0x1f03ff Thread TID 728 PID 412
0x81648d20 412 0x1c8 0x1f0003 Event
0x815e8570 412 0x1cc 0x1f0003 Event WFP_IDLE_TRIGGER
0x815e8530 412 0x1d0 0x1f0003 Event
0x815e8500 412 0x1d4 0x1f0003 Event
0xe181cc00 412 0x1d8 0x2001f Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
0x815e85a8 412 0x1dc 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\dllcache
0x81671d00 412 0x1e0 0x100003 Event
0xe1853c58 412 0x1e4 0x1f0001 Port
0x81671af0 412 0x1e8 0x1f0003 Event
0x8166b648 412 0x1ec 0x1f0003 Event
0x815d5c10 412 0x1f0 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32
0x815d5b78 412 0x1f4 0x160001 File \Device\HarddiskVolume1\WINDOWS\AppPatch
0xe1857728 412 0x1f8 0x1f0001 Port
0x81610ce0 412 0x1fc 0x1f0003 Event Microsoft Smart Card Resource Manager Started
0x815d56b8 412 0x200 0x1f0003 Event
0x815d5628 412 0x204 0x12019f File \Device\NamedPipe\lsarpc
0xe185b390 412 0x208 0x1 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\CREDENTIALS
0x815d5ae8 412 0x20c 0x1f0003 Event msgina: ReturnToWelcome
0x8161a938 412 0x210 0x1f0003 Event
0x816f5678 412 0x214 0x1f0003 Event msgina: ShutdownEvent
0x816f5260 412 0x218 0x1f0001 Mutant msgina: InteractiveLogonMutex
0x81649c90 412 0x21c 0x1f0001 Mutant msgina: InteractiveLogonRequestMutex
0x815e8828 412 0x220 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_adm
0x816c9ef8 412 0x224 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm
0x815fdca0 412 0x228 0x160001 File \Device\HarddiskVolume1\WINDOWS\Help
0x81638700 412 0x22c 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_aut
0x816385d8 412 0x230 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut
0x815da508 412 0x234 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin
0x815da3e0 412 0x238 0x160001 File \Device\HarddiskVolume1\WINDOWS\Fonts
0x815da348 412 0x23c 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\drivers
0x815da2b0 412 0x240 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\servsupp
0x815f6628 412 0x244 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar
0x815f6470 412 0x248 0x160001 File \Device\HarddiskVolume1\Program Files\microsoft frontpage\version3.0\bin
0x8166af28 412 0x24c 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin
0x8166ae90 412 0x250 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\1041
0x8166ad68 412 0x254 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi
0x8166acd0 412 0x258 0x160001 File \Device\HarddiskVolume1\WINDOWS
0x81631028 412 0x25c 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\DAO
0x816312f8 412 0x260 0x160001 File \Device\HarddiskVolume1\Program Files\Windows Media Player
0x816311d0 412 0x264 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\System\msadc
0x816b0028 412 0x268 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\System\ado
0x816b02e0 412 0x26c 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\System\Ole DB
0x816b01b8 412 0x270 0x160001 File \Device\HarddiskVolume1\WINDOWS\inf
0x816b0120 412 0x274 0x160001 File \Device\HarddiskVolume1\WINDOWS\system
0x81695320 412 0x278 0x160001 File \Device\HarddiskVolume1\WINDOWS\msagent
0x816951f8 412 0x27c 0x160001 File \Device\HarddiskVolume1\WINDOWS\msagent\intl
0x81689130 412 0x280 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\inetsrv
0x815d5028 412 0x284 0x160001 File \Device\HarddiskVolume1\Program Files\MSN Gaming Zone\Windows
0x815d5348 412 0x288 0x160001 File \Device\HarddiskVolume1\WINDOWS\PCHealth\HelpCtr\Binaries
0x815d52b0 412 0x28c 0x160001 File \Device\HarddiskVolume1\Program Files\NetMeeting
0x815d51c8 412 0x290 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\drivers\disdn
0x816317c0 412 0x294 0x160001 File \Device\HarddiskVolume1\WINDOWS\ime\CHTIME\Applets
0x81631670 412 0x298 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\wbem
0x816315d8 412 0x29c 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\IME\CINTLGNT
0x816314b0 412 0x2a0 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\Com
0x815d45e8 412 0x2a4 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\Setup
0x815d44c0 412 0x2a8 0x160001 File \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1
0x815d4428 412 0x2ac 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Triedit
0x81705aa0 412 0x2b0 0x160001 File \Device\HarddiskVolume1\Program Files\Windows NT
0x81705a08 412 0x2b4 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\System
0x81705970 412 0x2b8 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\1033
0x81705888 412 0x2bc 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\1041
0x816778d8 412 0x2c0 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\scripts
0x81677788 412 0x2c4 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\scripts
0x816775d0 412 0x2c8 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\usmt
0x816274a8 412 0x2cc 0x160001 File \Device\HarddiskVolume1\WINDOWS\ime\IMKR6_1\Dicts
0x816271e0 412 0x2d0 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\mui\0411
0x816272f0 412 0x2d4 0x160001 File \Device\HarddiskVolume1\Program Files\Internet Explorer
0x815f2958 412 0x2d8 0x160001 File \Device\HarddiskVolume1\WINDOWS\ime\IMJP8_1\APPLETS
0x815f2830 412 0x2dc 0x160001 File \Device\HarddiskVolume1\WINDOWS\ime\IMKR6_1\Applets
0x815f2708 412 0x2e0 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\xircom
0x8166abb8 412 0x2e4 0x160001 File \Device\HarddiskVolume1\Program Files\Internet Explorer\Connection Wizard
0x8166aad0 412 0x2e8 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\MSInfo
0x8166a9a8 412 0x2ec 0x160001 File \Device\HarddiskVolume1\WINDOWS\ime\IMKR6_1
0x8166a910 412 0x2f0 0x160001 File \Device\HarddiskVolume1\WINDOWS\ime\SHARED
0x81668f90 412 0x2f4 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\IME\PINTLGNT
0x81668e68 412 0x2f8 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon\1033
0x8162ef40 412 0x2fc 0x160001 File \Device\HarddiskVolume1\WINDOWS\Resources\Themes\Luna
0x8162eea8 412 0x300 0x160001 File \Device\HarddiskVolume1\Program Files\Movie Maker
0x8162ee10 412 0x304 0x160001 File \Device\HarddiskVolume1\WINDOWS\ime
0x8162ed78 412 0x308 0x160001 File \Device\HarddiskVolume1\WINDOWS\srchasst
0x8166bcb0 412 0x30c 0x160001 File \Device\HarddiskVolume1\Program Files\Outlook Express
0x8166bc18 412 0x310 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\oobe
0x8166baf0 412 0x314 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\MSSoap\Binaries
0x8168e930 412 0x318 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\MSSoap\Binaries\Resources\1033
0x8168e7b8 412 0x31c 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\npp
0x8168e690 412 0x320 0x160001 File \Device\HarddiskVolume1\WINDOWS\ime\SHARED\RES
0x816255a8 412 0x324 0x160001 File \Device\HarddiskVolume1\Program Files\Windows NT\Pinball
0x8177b248 412 0x328 0x160001 File \Device\HarddiskVolume1\WINDOWS\ime\CHSIME\APPLETS
0x815fc930 412 0x32c 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\Restore
0x815fc898 412 0x330 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033
0x815fc720 412 0x334 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Speech
0x815fc5f8 412 0x338 0x160001 File \Device\HarddiskVolume1\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
0x816ce7c8 412 0x33c 0x160001 File \Device\HarddiskVolume1\WINDOWS\Resources\Themes\Luna\Shell\Homestead
0x816ce6a0 412 0x340 0x160001 File \Device\HarddiskVolume1\WINDOWS\Resources\Themes\Luna\Shell\Metallic
0x8167b448 412 0x344 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\wbem\snmp
0x8167b388 412 0x348 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\SpeechEngines\Microsoft
0x8167b2f0 412 0x34c 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Speech\1041
0x8167b1c8 412 0x350 0x160001 File \Device\HarddiskVolume1\WINDOWS\peernet
0x81702e18 412 0x354 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\spool\drivers\color
0x81702c10 412 0x358 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\IME\TINTLGNT
0x81702b78 412 0x35c 0x160001 File \Device\HarddiskVolume1\WINDOWS\Help\Tours\mmTour
0x81693370 412 0x360 0x160001 File \Device\HarddiskVolume1\WINDOWS\PCHealth\UploadLB\Binaries
0x81640078 412 0x364 0x160001 File \Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\VGX
0x816460e0 412 0x368 0x160001 File \Device\HarddiskVolume1\WINDOWS\system32\wbem\xml
0x81703e30 412 0x36c 0x160001 File \Device\HarddiskVolume1\Program Files\Windows NT\Accessories
0x81703d08 412 0x370 0x160001 File \Device\HarddiskVolume1\Program Files\xerox\nwwia
0x8166ef30 412 0x374 0x1f0003 Event
0xe187cc08 412 0x378 0x20019 Key MACHINE\SYSTEM\SETUP
0x8166ef00 412 0x37c 0x1f0003 Event
0x8166ef68 412 0x380 0x160001 File \Device\HarddiskVolume1\WINDOWS\WinSxS
0x8166ec88 412 0x384 0x1f03ff Thread TID 708 PID 412
0x8166ec18 412 0x388 0x1f0003 Event
0x81705688 412 0x38c 0x1f0003 Event
0x81705658 412 0x390 0x1f0003 Event
0x81705628 412 0x394 0x1f0003 Event
0x817055f8 412 0x398 0x1f0003 Event
0x81705430 412 0x39c 0x1f0003 Event
0x8162a8c0 412 0x3a0 0x1f0003 Event
0x8162a6f8 412 0x3a4 0x1f0003 Event
0x8162a530 412 0x3a8 0x1f0003 Event
0x8162a500 412 0x3ac 0x1f0003 Event
0x8162a4d0 412 0x3b0 0x1f0003 Event
0x8166e848 412 0x3b4 0x1f0003 Event
0x8166e818 412 0x3b8 0x1f0003 Event
0x8166e7e8 412 0x3bc 0x1f0003 Event
0x8166e7b8 412 0x3c0 0x1f0003 Event
0x8166e788 412 0x3c4 0x1f0003 Event
0x8168fb30 412 0x3c8 0x1f0003 Event
0x8168fb00 412 0x3cc 0x1f0003 Event
0x8168fad0 412 0x3d0 0x1f0003 Event
0x8168faa0 412 0x3d4 0x1f0003 Event
0x8168fa70 412 0x3d8 0x1f0003 Event
0x81699288 412 0x3dc 0x1f0003 Event
0x81699258 412 0x3e0 0x1f0003 Event
0x81699228 412 0x3e4 0x1f0003 Event
0x816991f8 412 0x3e8 0x1f0003 Event
0x816991c8 412 0x3ec 0x1f0003 Event
0x81643708 412 0x3f0 0x1f0003 Event
0x816436d8 412 0x3f4 0x1f0003 Event
0x816436a8 412 0x3f8 0x1f0003 Event
0x81643678 412 0x3fc 0x1f0003 Event
0x81643648 412 0x400 0x1f0003 Event
0x81629820 412 0x404 0x1f0003 Event
0x816297f0 412 0x408 0x1f0003 Event
0x816297c0 412 0x40c 0x1f0003 Event
0x81629790 412 0x410 0x1f0003 Event
0x81629760 412 0x414 0x1f0003 Event
0x8162e3a8 412 0x418 0x1f0003 Event
0x8162e378 412 0x41c 0x1f0003 Event
0x8162e348 412 0x420 0x1f0003 Event
0x8162e318 412 0x424 0x1f0003 Event
0x8162e2e8 412 0x428 0x1f0003 Event
0x8162f4c8 412 0x42c 0x1f0003 Event
0x8162f498 412 0x430 0x1f0003 Event
0x8162f468 412 0x434 0x1f0003 Event
0x8162f438 412 0x438 0x1f0003 Event
0x8162f408 412 0x43c 0x1f0003 Event
0x81631968 412 0x440 0x1f0003 Event
0x81631938 412 0x444 0x1f0003 Event
0x81631908 412 0x448 0x1f0003 Event
0x816318d8 412 0x44c 0x1f0003 Event
0x816318a8 412 0x450 0x1f0003 Event
0x81635848 412 0x454 0x1f0003 Event
0x81635818 412 0x458 0x1f0003 Event
0x816357e8 412 0x45c 0x1f0003 Event
0x816357b8 412 0x460 0x1f0003 Event
0x81635788 412 0x464 0x1f0003 Event
0x816104c8 412 0x468 0x1f0003 Event
0x81610498 412 0x46c 0x1f0003 Event
0x81610468 412 0x470 0x1f0003 Event
0x81610438 412 0x474 0x1f0003 Event
0x81610408 412 0x478 0x1f0003 Event
0x815f2b00 412 0x47c 0x1f0003 Event
0x815f2ad0 412 0x480 0x1f0003 Event
0x815f2aa0 412 0x484 0x1f0003 Event
0x815f2a70 412 0x488 0x1f0003 Event
0x815f2a40 412 0x48c 0x1f0003 Event
0x81635cc0 412 0x490 0x1f0003 Event
0x81635c90 412 0x494 0x1f0003 Event
0x81635c60 412 0x498 0x1f0003 Event
0x81635c30 412 0x49c 0x1f0003 Event
0x81635c00 412 0x4a0 0x1f0003 Event
0x81630568 412 0x4a4 0x1f0003 Event
0x81630538 412 0x4a8 0x1f0003 Event
0x81630508 412 0x4ac 0x1f0003 Event
0x816304d8 412 0x4b0 0x1f0003 Event
0x816304a8 412 0x4b4 0x1f0003 Event
0x8162f940 412 0x4b8 0x1f0003 Event
0x8162f910 412 0x4bc 0x1f0003 Event
0x8162f8e0 412 0x4c0 0x1f0003 Event
0x8162f8b0 412 0x4c4 0x1f0003 Event
0x8162f880 412 0x4c8 0x1f0003 Event
0x815fcad8 412 0x4cc 0x1f0003 Event
0x815fcaa8 412 0x4d0 0x1f0003 Event
0x815fca78 412 0x4d4 0x1f0003 Event
0x815fca48 412 0x4d8 0x1f0003 Event
0x815fca18 412 0x4dc 0x1f0003 Event
0x815fe3d0 412 0x4e0 0x1f0003 Event
0x815fe3a0 412 0x4e4 0x1f0003 Event
0x815fe370 412 0x4e8 0x1f0003 Event
0x8166ec88 412 0x4ec 0x1f03ff Thread TID 708 PID 412
0x815dd600 412 0x4f0 0x12019f File \Device\NamedPipe\SfcApi
0x815de7e8 412 0x4f4 0x12019f File \Device\NamedPipe\SfcApi
0x815f6da8 412 0x4f8 0x1f03ff Thread TID 712 PID 412
0x8170c798 412 0x4fc 0x1f03ff Thread TID 716 PID 412
0xe18be188 412 0x500 0x1f0001 Port
0xe1882b70 412 0x504 0x1f0001 Port
0xe18c36d0 412 0x508 0x1f0001 Port
0xe187e188 412 0x50c 0x20f003f Key USER
0xe18bb388 412 0x510 0x4 Section
0x815c4fa0 412 0x514 0x1f0003 Event ThemesStartEvent
0x815f0f30 412 0x518 0x100003 Event
0x8162a930 412 0x51c 0x1f0003 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0xe18835a8 412 0x520 0x1f0001 Port
0x815f8bc0 412 0x524 0x1f0003 Event
0x815fecc0 412 0x52c 0x21f0003 Event
0xe1897e68 412 0x530 0x1f0001 Port
0x816f4db0 412 0x534 0x1f0003 Event
0x815e7110 412 0x538 0x1f0003 Semaphore shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
0xe1679878 412 0x540 0x4 Section mmGlobalPnpInfo
0x816239a8 412 0x544 0x1f0003 Event SENS Started Event
0x816c3780 412 0x548 0x12019f File \Device\NamedPipe\winlogonrpc
0xe1aa65b8 412 0x54c 0x1f0001 Port
0x81632378 412 0x550 0x1f0003 Event
0x816ee500 412 0x554 0x1f0003 Event
0x81615f40 412 0x558 0x12019f File \Device\NamedPipe\winlogonrpc
0x81632340 412 0x55c 0x100003 Semaphore
0xe17c2f60 412 0x560 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81692380 412 0x564 0x1f0003 Event DINPUTWINMM
0x816c33a8 412 0x56c 0x1f0001 Mutant
0x8161e9a8 412 0x570 0x1f0001 Mutant WPA_RT_MUTEX
0x8161e958 412 0x574 0x1f0001 Mutant WPA_LT_MUTEX
0x8161e908 412 0x578 0x1f0001 Mutant WPA_HWID_MUTEX
0x8161e8b8 412 0x57c 0x1f0001 Mutant WPA_LICSTORE_MUTEX
0x8161e518 412 0x580 0x1f0003 Event
0x8161e588 412 0x584 0x1f0003 Event
0x8161e4e8 412 0x588 0x1f0003 Event
0x8161ea58 412 0x58c 0x1f0003 Semaphore
0x8161e6c8 412 0x590 0x100003 Event
0xe16483b0 412 0x594 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\HWORDER
0x8160c408 412 0x598 0x100003 Semaphore
0x8160c3d0 412 0x59c 0x100003 Semaphore
0xe1ac6de0 412 0x5a0 0xc Token
0x81683d80 412 0x5a4 0x1f0003 Event jjCSCSharedFillEvent_UM_KM
0x81683d40 412 0x5a8 0x1f0003 Event jjCSCSessEvent_UM_KM_0
0x81683d00 412 0x5ac 0x1f0003 Event WkssvcToAgentStartEvent
0x81683cc0 412 0x5b0 0x1f0003 Event WkssvcToAgentStopEvent
0x81683c80 412 0x5b4 0x1f0003 Event AgentToWkssvcEvent
0x81683c40 412 0x5b8 0x1f0003 Event AgentExistsEvent
0x81683c00 412 0x5bc 0x1f0003 Event
0x81683968 412 0x5c0 0x1f03ff Thread TID 992 PID 412
0x81550678 412 0x5c4 0x100003 Semaphore
0x8179b178 412 0x5c8 0x12019f File \Device\WMIDataDevice
0x8161e748 412 0x5cc 0x1f0003 Event
0x8170f690 412 0x5d0 0xa84 WmiGuid
0x816c8700 412 0x5d4 0x12019f File \Device\WMIDataDevice
0x81694738 412 0x5d8 0x1f0003 Event
0x816f57e0 412 0x5dc 0x1f0fff Process winlogon.exe(412)
0x81694708 412 0x5e0 0x1f0003 Event
0x816946d8 412 0x5e4 0x1f0003 Event
0xe166ed48 412 0x5e8 0xc Token
0x816c7448 412 0x5f0 0x1f0003 Event
0x815d1da8 412 0x5f4 0x1f03ff Thread TID 508 PID 412
0x816c73f8 412 0x5f8 0x100003 Event
0x816c73c8 412 0x5fc 0x1f0003 Event
0x81683860 412 0x600 0x12019f File \Device\NamedPipe\lsarpc
0x816ee640 412 0x604 0x1f03ff Thread TID 1100 PID 412
0x81669c38 412 0x608 0x1f03ff Thread TID 1116 PID 412
0x81615e58 412 0x60c 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x81680838 412 0x610 0x1f0001 Mutant
0x815f6808 412 0x614 0x1f0003 Event CscCacheInitCompleteEvent
0xe1d05030 412 0x618 0xc Token
0x816f45d8 412 0x620 0x21f0003 Event
0x816c5c28 412 0x624 0x12019f File \Device\NamedPipe\samr
0x81620a38 412 0x628 0x1f0003 Event
0xe1bccd38 412 0x62c 0x1f0001 Port
0x815508b8 412 0x630 0x1f0003 Event
0xe1bfeb08 412 0x634 0xf01ff Token
0x815e75b0 412 0x638 0x1f0003 Event
0xe1bfeb08 412 0x63c 0xf01ff Token
0x81690740 412 0x640 0x1f03ff Thread TID 1040 PID 412
0x816c6880 412 0x644 0x1f0003 Event TermSrvReadyEvent
0x81692ab8 412 0x648 0x1f0003 Event
0x815e77b0 412 0x64c 0x1f0003 Event
0xe1c65020 412 0x650 0xf003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004
0x815d5480 412 0x654 0x21f0003 Event
0x816374d8 412 0x658 0x1f0003 Event
0xe1d02d70 412 0x65c 0xf003f Key USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM
0xe1d02d08 412 0x660 0xf003f Key USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICACHE
0xe1bfeb08 412 0x664 0xf01ff Token
0x816db158 412 0x66c 0xf01ff Desktop Default
0x816ad9f8 412 0x670 0x1f0003 Event WlballoonLogoffNotificationEventName
0x816ee640 412 0x674 0x1f03ff Thread TID 1100 PID 412
0x816ae760 412 0x678 0x1f0003 Event
0x815ebd78 412 0x67c 0x1f0003 Event
0x816ad9f8 412 0x680 0x100000 Event WlballoonLogoffNotificationEventName
0x816ad9b8 412 0x684 0x1f0003 Event 000000000000850b_WlballoonKerberosNotificationEventName
0x815506b0 412 0x688 0x100003 Semaphore
0x816eee30 412 0x68c 0x120116 File \Device\Tcp
0x816eef58 412 0x690 0x1200a0 File \Device\Tcp
0x81673d18 412 0x694 0x1200a0 File \Device\Ip
0x81673c80 412 0x698 0x100003 File \Device\Ip
0x81673be8 412 0x69c 0x1200a0 File \Device\Ip
0x81673ba8 412 0x6a0 0x100003 Semaphore
0x816eefe8 412 0x6a4 0x100003 Semaphore
0xe1c98a00 412 0x6a8 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe1d03e40 412 0x6ac 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe1649270 412 0x6b0 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe1649208 412 0x6b4 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x816eeac0 412 0x6b8 0x100003 Semaphore
0x816eeaf8 412 0x6bc 0x100003 Semaphore
0xe166fd90 412 0x6c0 0x600fe Token
0x815e98b8 412 0x6c4 0x1f03ff Thread TID 1252 PID 412
0x81574aa0 412 0x6c8 0x100003 Semaphore
0xe17ef890 412 0x6d0 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
0x815e73a8 412 0x6d4 0x100003 Semaphore
0x815e9528 412 0x6d8 0x100003 Semaphore
0x815e94f0 412 0x6dc 0x100003 Semaphore
0x815e9480 412 0x6e0 0x100003 Semaphore
0x815e94b8 412 0x6e4 0x100003 Semaphore
0x815e9448 412 0x6e8 0x100003 Semaphore
0x815e9410 412 0x6ec 0x100003 Semaphore
0x815e93d8 412 0x6f0 0x100003 Semaphore
0x815e93a0 412 0x6f4 0x100003 Semaphore
0x815e9368 412 0x6f8 0x100003 Semaphore
0x81615e10 412 0x6fc 0x1f0001 Mutant _Satori_81_MutexObject_S-1-5-18
0xe17c1e98 412 0x700 0xf0007 Section FileView__Satori_PropMgrGlobal_Satori_81___00005bcc_S-1-5-18
0xe17c1d08 412 0x704 0xf0007 Section Imejp.ConfigrationIO_3_Satori_81__S-1-5-18
0x817100d0 412 0x70c 0x100020 File \Device\HarddiskVolume1\WINDOWS\system32
0x816406f0 412 0x710 0x1f03ff Thread TID 572 PID 412
0xe17c1d08 412 0x714 0xf0007 Section Imejp.ConfigrationIO_3_Satori_81__S-1-5-18
0x81615dc0 412 0x718 0x1f0001 Mutant _Satori_81_Satori_KnlDict_DicWriteMutex_S-1-5-18
0xe19e2b90 412 0x71c 0xf0007 Section SatoriKnlDict_MemoryDictionary_S-1-5-18
0x816023e8 412 0x720 0x1f0003 Event
0x81602ef8 412 0x724 0x12019f File \Device\HarddiskVolume1\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\IMJP8_1\imjp81u.dic
0xe167abc8 412 0x728 0xf0007 Section
0xe17ef548 412 0x72c 0xf0007 Section SatoriCodeDictionarySharedMemory_S-1-5-18
0xe17c1e98 412 0x730 0xf0007 Section FileView__Satori_PropMgrGlobal_Satori_81___00005bcc_S-1-5-18
0x81615e10 412 0x734 0x1f0001 Mutant _Satori_81_MutexObject_S-1-5-18
0xe17c1d08 412 0x738 0xf0007 Section Imejp.ConfigrationIO_3_Satori_81__S-1-5-18
0xe18f04f0 412 0x73c 0xf0007 Section FileView__Satori_GlobalFlag_Satori_81___00000008_S-1-5-18
0x81617750 412 0x740 0x1f0001 Mutant Mutex__Satori_GlobalFlag_Satori_81__S-1-5-18
0xe1c2c538 412 0x744 0x1f0001 Port
0x815eb678 412 0x78c 0x21f0003 Event
0x815eb648 412 0x794 0x1f0003 Event
0x815e9600 412 0x798 0x1f03ff Thread TID 1264 PID 412
0xe1c25700 412 0x79c 0x1f0001 Port
0x815eb580 412 0x7a0 0x1f0003 Event
0xe183d030 412 0x7a4 0x1f0001 Port OLE33A18106ECA44AADB0958A275163
0x815c96b8 412 0x7a8 0x1f0003 Event
0x8164bda8 412 0x7ac 0x1f03ff Thread TID 1652 PID 412
0x8164bd78 412 0x7b4 0x1f0003 Event
0x815e9600 412 0x7bc 0x1f03ff Thread TID 1264 PID 412
0x816031f0 412 0x7c0 0x1f0003 Event
0xe1c27780 412 0x7c8 0x1f0001 Port
0xe1006e20 516 0x4 0xf0003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 516 0x8 0x3 Directory KnownDlls
0x816d8d08 516 0xc 0x100020 File \Device\HarddiskVolume1\WINDOWS\system32
0x816ae2c8 516 0x10 0x100003 Semaphore
0xe14038f8 516 0x14 0xf000f Directory Windows
0xe17e8548 516 0x18 0x21f0001 Port
0x816731c0 516 0x1c 0x100003 Semaphore
0x817064e8 516 0x20 0x1f0001 Mutant SHIMLIB_LOG_MUTEX
0xe14477d0 516 0x24 0x2000f Directory BaseNamedObjects
0xe17c1780 516 0x28 0x20f003f Key MACHINE
0x816d8b20 516 0x2c 0xf037f WindowStation Service-0x0-3e7$
0x81632c20 516 0x30 0x21f0003 Event
0x815f6970 516 0x34 0xf01ff Desktop Default
0x816d8b20 516 0x38 0xf037f WindowStation Service-0x0-3e7$
0xe17d2de8 516 0x3c 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE
0x817cb720 516 0x40 0x1f0003 Event userenv: User Profile setup event
0xe17c1190 516 0x44 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS
0xe17d02b0 516 0x48 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS
0xe17d0248 516 0x4c 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\ENUM
0xe17d01e0 516 0x50 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\SERVICES
0xe17d00d0 516 0x54 0xf003f Key MACHINE\SOFTWARE\POLICIES
0xe17d28c8 516 0x58 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\CLASS
0xe17d2860 516 0x5c 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PERHWIDSTORAGE
0x81627110 516 0x60 0x1f0003 Event
0x816bd178 516 0x64 0x1f0001 Mutant
0x81709298 516 0x68 0x1f0003 Event
0x816cae18 516 0x6c 0x1f0001 Mutant
0x816ab8b0 516 0x70 0x1f0003 Event
0x816cadd8 516 0x74 0x1f0001 Mutant
0x816bd148 516 0x78 0x1f0003 Event
0x8162a320 516 0x7c 0x1f0001 Mutant
0x816cada8 516 0x80 0x1f0003 Event
0x8162a2e0 516 0x84 0x1f0001 Mutant
0x8162a2b0 516 0x88 0x1f0003 Event
0x8170d5b8 516 0x8c 0x1f0001 Mutant
0x8170d588 516 0x90 0x1f0003 Event
0x8170d548 516 0x94 0x1f0001 Mutant
0x8154da20 516 0x98 0x1f0003 Event
0x8154d9e0 516 0x9c 0x1f0001 Mutant
0x8154d9b0 516 0xa0 0x1f0003 Event
0x817042d0 516 0xa4 0x1f0001 Mutant
0x817042a0 516 0xa8 0x1f0003 Event
0x81704260 516 0xac 0x1f0001 Mutant
0x817caed8 516 0xb0 0x1f0003 Event
0x817cae98 516 0xb4 0x1f0001 Mutant
0x817cae68 516 0xb8 0x1f0003 Event
0x815dd1d8 516 0xbc 0x1f0001 Mutant
0x815dd1a8 516 0xc0 0x1f0003 Event
0x815dd168 516 0xc4 0x1f0001 Mutant
0x8161a170 516 0xc8 0x1f0003 Event
0x8161a130 516 0xcc 0x1f0001 Mutant
0x8161a100 516 0xd0 0x1f0003 Event
0x8161a0c0 516 0xd4 0x1f0001 Mutant
0x816d0240 516 0xd8 0x1f0003 Event
0x816d0200 516 0xdc 0x1f0001 Mutant
0x816d01d0 516 0xe0 0x1f0003 Event
0x816d0190 516 0xe4 0x1f0001 Mutant
0x81693c18 516 0xe8 0x1f0003 Event
0x81693bd8 516 0xec 0x1f0001 Mutant
0x81693ba8 516 0xf0 0x1f0003 Event
0x81693b68 516 0xf4 0x1f0001 Mutant
0x816f31f8 516 0xf8 0x1f0003 Event
0x816f31b8 516 0xfc 0x1f0001 Mutant
0x816f3188 516 0x100 0x1f0003 Event
0x816f3148 516 0x104 0x1f0001 Mutant
0x815cb1f8 516 0x108 0x1f0003 Event
0x815cb1b8 516 0x10c 0x1f0001 Mutant
0x815cb188 516 0x110 0x1f0003 Event
0x815cb148 516 0x114 0x1f0001 Mutant
0x8153cc80 516 0x118 0x1f0003 Event
0x8153cc40 516 0x11c 0x1f0001 Mutant
0x8153cc10 516 0x120 0x1f0003 Event
0x8153cbd0 516 0x124 0x1f0001 Mutant
0x81611450 516 0x128 0x1f0003 Event
0x81611410 516 0x12c 0x1f0001 Mutant
0x816113e0 516 0x130 0x1f0003 Event
0x816113a0 516 0x134 0x1f0001 Mutant
0x8174f868 516 0x138 0x1f0003 Event
0x8174f828 516 0x13c 0x1f0001 Mutant
0x8174f7f8 516 0x140 0x1f0003 Event
0x8174f7b8 516 0x144 0x1f0001 Mutant
0x8174f788 516 0x148 0x1f0003 Event
0x81773bf0 516 0x14c 0x1f0001 Mutant
0x81773bc0 516 0x150 0x1f0003 Event
0x81773b80 516 0x154 0x1f0001 Mutant
0x81773b50 516 0x158 0x1f0003 Event
0x81773d58 516 0x15c 0x1f0001 Mutant
0x81773d28 516 0x160 0x1f0003 Event SC_AutoStartComplete
0xe17d3020 516 0x164 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\ORDER
0x81773b20 516 0x168 0x1f0003 Event
0x81773ce8 516 0x16c 0x21f0003 Event
0x815d4f40 516 0x170 0x1f0003 Timer
0x81691c30 516 0x174 0x1f03ff Thread TID 540 PID 516
0x81719558 516 0x178 0x1f0003 IoCompletion
0x8164d620 516 0x17c 0x1f03ff Thread TID 584 PID 516
0x816704c0 516 0x180 0x1f0003 Timer
0x81648558 516 0x184 0x1f03ff Thread TID 588 PID 516
0x8164d5b0 516 0x188 0x1f0003 Event SvcctrlStartEvent_A3752DX
0x81606678 516 0x18c 0x100003 Semaphore
0x81648518 516 0x190 0x1f0001 Mutant
0x815e29f0 516 0x194 0x100003 Semaphore
0x815e2a60 516 0x198 0x100003 Semaphore
0x815e2a98 516 0x19c 0x100003 Semaphore
0x81671d30 516 0x1a0 0x100003 Semaphore
0x81611670 516 0x1a4 0x100003 Semaphore
0xe1852d80 516 0x1a8 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\SERVICEGROUPORDER
0x8171cb80 516 0x1ac 0x1f0003 Event
0x816e0310 516 0x1b0 0x1f0003 Event
0x81643fc0 516 0x1b4 0x1f0003 Event
0x817085c8 516 0x1b8 0x1f0003 Event
0x81670248 516 0x1bc 0x1f03ff Thread TID 520 PID 516
0x81710c68 516 0x1c0 0x1f0003 IoCompletion
0x81710d50 516 0x1c4 0x1f0003 IoCompletion
0x81710c68 516 0x1c8 0x1f0003 IoCompletion
0x81699cf0 516 0x1cc 0x1f0003 Event ScNetDrvMsg
0x81630138 516 0x1d0 0x1f0003 Event
0xe1854a30 516 0x1d4 0x1f0001 Port ntsvcs
0x81630168 516 0x1d8 0x1f0003 Event
0x81630108 516 0x1dc 0x1f0003 Event
0x815d8558 516 0x1e0 0x1f03ff Thread TID 652 PID 516
0x8177b748 516 0x1e4 0x12019f File \Device\NamedPipe\ntsvcs
0x8161a9b0 516 0x1e8 0x12019f File \Device\NamedPipe\ntsvcs
0x815d8488 516 0x1ec 0x1f0003 Event
0x8166b678 516 0x1f0 0x1f03ff Thread TID 656 PID 516
0xe1857670 516 0x1f4 0x1f0001 Port
0x8166b618 516 0x1f8 0x1f0003 Event
0x81610da8 516 0x1fc 0x1f03ff Thread TID 660 PID 516
0xe18575a8 516 0x200 0x1f0001 Port
0x8166b5a8 516 0x204 0x100003 Event
0x81640328 516 0x208 0x12019f File \Device\NamedPipe\scerpc
0x81610d18 516 0x20c 0x100001 File \Device\KsecDD
0x815d5a08 516 0x210 0x12019f File \Device\NamedPipe\scerpc
0x816f5220 516 0x214 0x1f0003 Event
0x815d5980 516 0x218 0x1f0003 Event
0x81649c50 516 0x21c 0x1f0003 Event
0x81628320 516 0x220 0x1f03ff Thread TID 664 PID 516
0x81699da8 516 0x224 0x1f03ff Thread TID 648 PID 516
0x816282b0 516 0x228 0x1f0003 Event
0x81628280 516 0x22c 0x1f0003 Event
0xe185ddc8 516 0x230 0x1f0001 Port
0xe185cd80 516 0x234 0x1f0001 Port
0x81628250 516 0x238 0x1f0003 Event
0xe185ccc8 516 0x23c 0x1f0001 Port
0x8162fd38 516 0x240 0x1f0003 Event
0x8162fd08 516 0x244 0x1f0003 Event
0x8162fcd8 516 0x248 0x1f0003 Event
0x816f5780 516 0x24c 0x1f0003 Event
0x816f5750 516 0x250 0x1f0003 Event
0x81640240 516 0x254 0x12019f File \Device\NamedPipe\lsarpc
0x8162fd78 516 0x258 0x1f0003 Event WBEM_ESS_OPEN_FOR_BUSINESS
0x81630c90 516 0x25c 0x1f03ff Thread TID 672 PID 516
0x81630bc0 516 0x260 0x1a019f File \Device\NamedPipe\net\NtControlPipe1
0xe185b1a8 516 0x264 0x2 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\SERVICECURRENT
0x816233e8 516 0x268 0x120001 Mutant ShimCacheMutex
0xe17ef118 516 0x26c 0x2 Section ShimSharedMemory
0x81671398 516 0x270 0x1f0fff Process svchost.exe(676)
0xe1861d88 516 0x274 0x1f0001 Port
0xe187d660 516 0x278 0x2001b Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG
0x81610c10 516 0x27c 0x1a019f File \Device\NamedPipe\net\NtControlPipe2
0x816e1748 516 0x280 0x12019f File \Device\NamedPipe\net\NtControlPipe2
0x8162f380 516 0x284 0x1f0003 Event
0x816e1838 516 0x288 0x1f03ff Thread TID 688 PID 516
0xe1861a60 516 0x28c 0x1f0001 Port
0xe187d4c8 516 0x290 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME
0xe1883c98 516 0x294 0xf01ff Token
0x815f6bb0 516 0x298 0x1f0003 Event
0x815fdd30 516 0x29c 0x100003 Semaphore
0x81629c00 516 0x2a0 0x1f0003 Event
0x81714bc8 516 0x2a4 0x100003 Semaphore
0x8160e908 516 0x2a8 0x12019f File \Device\HarddiskVolume1\WINDOWS\system32\config\AppEvent.Evt
0xe187a420 516 0x2ac 0x17 Section
0x8160e898 516 0x2b0 0x100003 Semaphore
0x815f3868 516 0x2b4 0x100003 Semaphore
0x815f37d8 516 0x2b8 0x12019f File \Device\HarddiskVolume1\WINDOWS\system32\config\Internet.evt
0xe187e5d0 516 0x2bc 0x17 Section
0x815f93c8 516 0x2c0 0x100003 Semaphore
0x815f9390 516 0x2c4 0x100003 Semaphore
0x815f9300 516 0x2c8 0x12019f File \Device\HarddiskVolume1\WINDOWS\system32\config\SecEvent.Evt
0xe187e470 516 0x2cc 0x17 Section
0x8162e780 516 0x2d0 0x100003 Semaphore
0x8162e748 516 0x2d4 0x100003 Semaphore
0x81629c38 516 0x2d8 0x12019f File \Device\HarddiskVolume1\WINDOWS\system32\config\SysEvent.Evt
0xe187e310 516 0x2dc 0x17 Section
0x815f33f0 516 0x2e0 0x100003 Semaphore
0x815f33b8 516 0x2e4 0x100003 Semaphore
0x815e8da8 516 0x2e8 0x1f03ff Thread TID 724 PID 516
0x815f3310 516 0x2ec 0x1f0003 Event
0x8161a3d0 516 0x2f0 0x1f0003 Event
0xe1866280 516 0x2f4 0x1f0001 Port ErrorLogPort
0x815fe7b0 516 0x2f8 0x100003 Event
0xe18961b0 516 0x2fc 0x1f0001 Port
0xe1872f68 516 0x300 0x1f0001 Port
0xe1883b40 516 0x304 0x1f0001 Port
0xe187e668 516 0x308 0x20f003f Key USER
0xe1887608 516 0x30c 0xf003f Key USER\S-1-5-20
0x81601508 516 0x310 0x1a019f File \Device\NamedPipe\net\NtControlPipe4
0x815f8c60 516 0x314 0x1a019f File \Device\NamedPipe\net\NtControlPipe3
0x815f5da0 516 0x318 0x1f0fff Process svchost.exe(736)
0xe189b4d0 516 0x31c 0x1f0001 Port
0x8169b7c8 516 0x320 0x1a019f File \Device\NamedPipe\net\NtControlPipe0
0x8162ad78 516 0x324 0x1f0fff Process svchost.exe(800)
0xe18a5d98 516 0x328 0x1f0001 Port
0x815c4be0 516 0x32c 0x1f03ff Thread TID 824 PID 516
0x815c4e78 516 0x330 0x1f0003 Event
0xe18a48b0 516 0x334 0x1f0001 Port
0xe18a60d8 516 0x338 0xf01ff Token
0xe1bc3768 516 0x33c 0x1f0001 Port
0x815c49d0 516 0x340 0x1f0003 Event
0x815c49a0 516 0x344 0x1f0003 Event
0x815c4970 516 0x348 0x1f0003 Event PnP_No_Pending_Install_Events
0x815c4930 516 0x34c 0x1f0003 Event
0x815e5ac0 516 0x350 0x1f0001 Mutant PnP_Init_Mutex
0xe18a4bf0 516 0x354 0xf003f Key USER\S-1-5-20
0xe18a5a08 516 0x358 0xf003f Key USER\S-1-5-19
0xe18a5700 516 0x35c 0xf01ff Token
0x81773d28 516 0x360 0x100000 Event SC_AutoStartComplete
0x816cf850 516 0x364 0x1a019f File \Device\NamedPipe\net\NtControlPipe5
0x81699838 516 0x368 0x1f0fff Process svchost.exe(844)
0xe18a63d8 516 0x36c 0x1f0001 Port
0x81709b78 516 0x370 0x1f0fff Process svchost.exe(876)
0x816197e8 516 0x374 0x1a019f File \Device\NamedPipe\net\NtControlPipe6
0xe19e3920 516 0x378 0x1f0001 Port
0x81669bd0 516 0x37c 0x1f0003 Event
0x81550780 516 0x380 0x100003 Event
0x81669958 516 0x384 0x1f03ff Thread TID 1132 PID 516
0x8164a810 516 0x388 0x1f0fff Process spoolsv.exe(1172)
0x8164ac48 516 0x38c 0x1a019f File \Device\NamedPipe\net\NtControlPipe7
0x815ce5e8 516 0x390 0x1f0003 Event
0xe1bd03c0 516 0x394 0x1f0001 Port
0xe18459e8 516 0x398 0x1f0001 Port
0x815ce350 516 0x39c 0x1f03ff Thread TID 1320 PID 516
0x815fbc10 516 0x3a0 0x1f03ff Thread TID 1432 PID 516
0xe1d8c678 516 0x3a4 0x1f0001 Port
0x815cccc8 516 0x3a8 0x1f0003 Event
0xe167a358 516 0x3ac 0xf01ff Token
0x816f3318 516 0x3b0 0x1f0003 Event
0x81605640 516 0x3b4 0x1f03ff Thread TID 1636 PID 516
0x8156f938 516 0x3b8 0x1f0003 Event
0x8168d368 516 0x3bc 0x12019f File \Device\NamedPipe\srvsvc
0x815efe70 516 0x3c0 0x1f0003 Event
0x815ef3b8 516 0x3c4 0x1f03ff Thread TID 1704 PID 516
0x816fcb10 516 0x3c8 0x1f0003 Event
0x816fc898 516 0x3cc 0x1f03ff Thread TID 1712 PID 516
0xe1006e20 528 0x4 0xf0003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 528 0x8 0x3 Directory KnownDlls
0x8170c2f8 528 0xc 0x100020 File \Device\HarddiskVolume1\WINDOWS\system32
0x817a2260 528 0x10 0x100003 Semaphore
0xe14038f8 528 0x14 0xf000f Directory Windows
0xe17cf998 528 0x18 0x21f0001 Port
0x816daaa8 528 0x1c 0x100003 Semaphore
0xe14477d0 528 0x20 0x2000f Directory BaseNamedObjects
0x817064e8 528 0x24 0x1f0001 Mutant SHIMLIB_LOG_MUTEX
0xe17d3eb0 528 0x28 0x20f003f Key MACHINE
0x816d8b20 528 0x2c 0xf016e WindowStation Service-0x0-3e7$
0x8170f600 528 0x30 0x12019f File \Device\NamedPipe\lsass
0x815f6970 528 0x34 0xf00cf Desktop Default
0x816d8b20 528 0x38 0xf016e WindowStation Service-0x0-3e7$
0x815f80d0 528 0x3c 0x1f0003 Event
0x81698bb0 528 0x40 0x1f0003 Semaphore
0xe17d3f50 528 0x44 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\HWORDER
0x8167f1b8 528 0x48 0x100003 Semaphore
0x8167f180 528 0x4c 0x100003 Semaphore
0x8167f120 528 0x50 0x1f0003 Event
0x8167f150 528 0x54 0x1f0003 Event
0x8167f0e8 528 0x58 0x100003 Semaphore
0x816923b0 528 0x5c 0x100003 Semaphore
0xe17d3898 528 0x60 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81692380 528 0x64 0x1f0003 Event DINPUTWINMM
0x815fd568 528 0x68 0x100001 File \Device\KsecDD
0x815d48d0 528 0x6c 0x1f0003 Event
0x815d48a0 528 0x70 0x1f0003 Event
0xe17d2478 528 0x74 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x8162a930 528 0x78 0x1f0003 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0x817cb720 528 0x7c 0x1f0003 Event userenv: User Profile setup event
0x816d9ec0 528 0x80 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x81695d38 528 0x84 0x1f0003 Event
0xe17d2298 528 0x88 0x2001f Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\SSPICACHE\MSAPSSPC.DLL
0xe17d3220 528 0x8c 0x2001f Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\SSPICACHE\DIGEST.DLL
0x815f8130 528 0x90 0x1f0003 Timer
0xe17d31a0 528 0x94 0x2001f Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\SSPICACHE\MSNSSPC.DLL
0x815d4738 528 0x98 0x21f0003 Event
0x816ac480 528 0x9c 0x1f03ff Thread TID 548 PID 528
0x815c4f00 528 0xa0 0x12019f File \Device\NamedPipe\net\NtControlPipe0
0x81718140 528 0xa4 0x1f0003 IoCompletion
0x815f73c8 528 0xa8 0x1f0003 Timer
0x816754f0 528 0xac 0x1f03ff Thread TID 556 PID 528
0xe17d2318 528 0xb0 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA
0x816754c0 528 0xb4 0x1f0003 Event
0x815ff6e0 528 0xb8 0x21f0003 Semaphore
0x81675458 528 0xbc 0x1f0003 Event
0xe14c0e58 528 0xc0 0x1f0001 Port SeLsaCommandPort
0x81695510 528 0xc4 0x2 Event SeLsaInitEvent
0xe17d2f68 528 0xc8 0x1f0001 Port
0xe17d59c8 528 0xcc 0x1f0001 Port
0x8160ad30 528 0xd0 0x100003 Semaphore
0x815ff5f0 528 0xd4 0x100003 Semaphore
0x815ff5b8 528 0xd8 0x100003 Semaphore
0x815ff580 528 0xdc 0x100003 Semaphore
0x815ff548 528 0xe0 0x100003 Semaphore
0x815ff510 528 0xe4 0x100003 Semaphore
0x815ff4e0 528 0xe8 0x1f0003 Event
0x815ff4a8 528 0xec 0x100003 Semaphore
0x815ff470 528 0xf0 0x100003 Semaphore
0xe17d5c38 528 0xf4 0x6001d Key MACHINE\SECURITY
0xe17d30f0 528 0xf8 0x3001f Key MACHINE\SECURITY\RXACT
0x815ff440 528 0xfc 0x1f0003 Event
0x815ff410 528 0x100 0x1f0003 Event
0x816e0020 528 0x104 0x1f0003 Event
0x817085f8 528 0x108 0xa84 WmiGuid
0x81648b20 528 0x10c 0xa84 WmiGuid
0xe17d69f0 528 0x110 0x2001f Key MACHINE\SECURITY\POLICY
0x8167b8f8 528 0x114 0x100003 Semaphore
0x81712620 528 0x118 0x100003 Semaphore
0x815d6cf8 528 0x11c 0x100003 Semaphore
0x816406b8 528 0x120 0x100003 Semaphore
0x815d5d60 528 0x124 0x1f0003 Event
0x815fdaf0 528 0x128 0x1f0003 Timer
0xe15255f8 528 0x12c 0x11 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\AUDIT\PERUSERAUDITING\SYSTEM
0x815e1898 528 0x130 0x100003 Semaphore
0x815e17e8 528 0x134 0x100003 Semaphore
0x81640648 528 0x138 0x100003 Semaphore
0xe181c030 528 0x13c 0xf01ff Token
0x815e1820 528 0x140 0x100003 Semaphore
0x8166fdb8 528 0x144 0x100003 Semaphore
0x8166fd80 528 0x148 0x100003 Semaphore
0x8166fd48 528 0x14c 0x100003 Semaphore
0x8166fd10 528 0x150 0x100003 Semaphore
0x8161f800 528 0x154 0x1f0003 Event
0xe184a868 528 0x158 0xf0007 Section Debug.Memory.210
0xe184a988 528 0x15c 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\KERBEROS
0x815e2cb0 528 0x160 0x1f03ff Thread TID 576 PID 528
0x816042d8 528 0x164 0x100003 Semaphore
0x816d3028 528 0x168 0x12019f File \Device\WMIDataDevice
0x815e2c50 528 0x16c 0x1f0003 Event
0x816b27a0 528 0x170 0xa84 WmiGuid
0x816d9170 528 0x174 0x12019f File \Device\WMIDataDevice
0x815d7b30 528 0x178 0x1f0003 Event
0x81636180 528 0x17c 0x1f0fff Process lsass.exe(528)
0x815d7b00 528 0x180 0x1f0003 Event
0x815d7ad0 528 0x184 0x1f0003 Event
0x8161f758 528 0x188 0x100003 Semaphore
0xe184a8b0 528 0x18c 0x2001f Key MACHINE\SECURITY\POLICY
0x816046b8 528 0x190 0x100003 Semaphore
0x81604680 528 0x194 0x100003 Semaphore
0x81640b28 528 0x198 0x100003 Semaphore
0xe184a510 528 0x19c 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\KERBEROS\SIDCACHE
0x81640af0 528 0x1a0 0x100003 Semaphore
0x81640ab8 528 0x1a4 0x100003 Semaphore
0x81640a80 528 0x1a8 0x100003 Semaphore
0x816257f8 528 0x1ac 0x100003 Semaphore
0x816257c0 528 0x1b0 0x100003 Semaphore
0xe181cfb8 528 0x1b4 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\KERBEROS\DOMAINS
0x815e2c80 528 0x1b8 0x1f0003 Event
0x815e2990 528 0x1bc 0x100003 Semaphore
0x815e2958 528 0x1c0 0x100003 Semaphore
0x8153e020 528 0x1c4 0x478 Process services.exe(516)
0x815e2928 528 0x1c8 0x1f0003 Event
0xe181cee8 528 0x1cc 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x815e28c0 528 0x1d0 0x1f0003 Event
0xe181ce80 528 0x1d4 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x816d8f00 528 0x1d8 0x1200a0 File \Device\Tcp
0x81604cd0 528 0x1dc 0x120116 File \Device\Tcp
0x81604c08 528 0x1e0 0x1200a0 File \Device\Ip
0x81604b70 528 0x1e4 0x100003 File \Device\Ip
0x81604ad8 528 0x1e8 0x1200a0 File \Device\Ip
0x81604a68 528 0x1ec 0x100003 Semaphore
0x8164d898 528 0x1f0 0x100003 Event
0x81625750 528 0x1f4 0x100003 Semaphore
0xe181ce18 528 0x1f8 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe181cf50 528 0x1fc 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe184a498 528 0x200 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe184a360 528 0x204 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0xe184cfb8 528 0x208 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA
0x8174f658 528 0x20c 0xa84 WmiGuid
0xe184cea8 528 0x210 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\MSV1_0
0x816a35f8 528 0x214 0x100003 Semaphore
0x81604648 528 0x218 0x100003 Semaphore
0x8161f790 528 0x21c 0x100003 Semaphore
0x81648908 528 0x220 0x100003 Semaphore
0x816488d0 528 0x224 0x100003 Semaphore
0x81648f10 528 0x228 0x100003 Semaphore
0x81648ed8 528 0x22c 0x100003 Semaphore
0x81648ea0 528 0x230 0x100003 Semaphore
0xe181ccd0 528 0x234 0x2001f Key MACHINE\SECURITY\POLICY
0x81648e28 528 0x238 0x100003 Semaphore
0xe181c990 528 0x23c 0x600fe Token
0x81648df0 528 0x240 0x100003 Semaphore
0x81604aa0 528 0x244 0x1f0003 Event
0x8164c648 528 0x248 0x120196 File \Device\HarddiskVolume1\WINDOWS\Debug\PASSWD.LOG
0x8170a320 528 0x24c 0x100003 Semaphore
0x81648d80 528 0x250 0x100003 Semaphore
0x815e8388 528 0x254 0x100003 Semaphore
0x815e8350 528 0x258 0x100003 Semaphore
0x81649400 528 0x25c 0x1f0003 Event
0x81649430 528 0x260 0x1f0003 Event
0x816493c8 528 0x264 0x100003 Semaphore
0x815e8a28 528 0x268 0x100003 Semaphore
0x815e89f0 528 0x26c 0x100003 Semaphore
0x815e89b8 528 0x270 0x100003 Semaphore
0x8167d2c8 528 0x274 0x1f0003 Event crypt32LogoffEvent
0x816caf60 528 0x278 0x100003 Event
0x815e2ad0 528 0x27c 0x1f0003 Event
0xe181cc68 528 0x280 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\SECURITYPROVIDERS\WDIGEST
0x81719340 528 0x284 0x1f0003 IoCompletion
0x817aa420 528 0x288 0x1f0003 IoCompletion
0x81719340 528 0x28c 0x1f0003 IoCompletion
0x816494c8 528 0x290 0x12019f File \Device\NamedPipe\lsass
0x816caea0 528 0x294 0x12019f File \Device\NamedPipe\lsass
0x816caf30 528 0x298 0x1f0003 Event
0x816066f0 528 0x29c 0x1f03ff Thread TID 596 PID 528
0xe14c1558 528 0x2a0 0x1f0001 Port audit
0x816cae68 528 0x2a4 0x1f0003 Event
0x81606b18 528 0x2a8 0x1f03ff Thread TID 600 PID 528
0xe184c2c8 528 0x2ac 0x1f0001 Port securityevent
0x81606648 528 0x2b0 0x1f0003 Event
0x81671da8 528 0x2b4 0x1f03ff Thread TID 604 PID 528
0x816172c8 528 0x2b8 0x1f03ff Thread TID 608 PID 528
0x81617238 528 0x2bc 0x12019f File \Device\KsecDD
0xe1852030 528 0x2c0 0x1f0001 Port LsaAuthenticationPort
0x815e52c8 528 0x2c4 0x1f03ff Thread TID 612 PID 528
0x815e5218 528 0x2c8 0x1f0003 Event
0x81636180 528 0x2cc 0x478 Process lsass.exe(528)
0xe1853f50 528 0x2d0 0x1f0001 Port
0xe1853e98 528 0x2d4 0x1f0001 Port
0x816f57e0 528 0x2d8 0x478 Process winlogon.exe(412)
0x81606aa0 528 0x2dc 0x21f0003 Semaphore
0x815fd620 528 0x2e0 0x1f0003 Event LSA_RPC_SERVER_ACTIVE
0x8160ed10 528 0x2e4 0x1f0003 Event
0xe181c320 528 0x2e8 0x11 Key MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROTECT\PROVIDERS\DF9D8CD0-1501-11D1-8C7A-00C04FC297EB
0x816df2a8 528 0x2ec 0x1f0003 Event
0xe1853d40 528 0x2f0 0x1f0001 Port protected_storage
0x816df278 528 0x2f4 0x1f0003 Event
0x817002e0 528 0x2f8 0x1f03ff Thread TID 624 PID 528
0x816d55e8 528 0x2fc 0x12019f File \Device\NamedPipe\protected_storage
0x816df1e8 528 0x300 0x12019f File \Device\NamedPipe\protected_storage
0xe1853ba0 528 0x304 0x1f0001 Port
0x816f57e0 528 0x308 0x478 Process winlogon.exe(412)
0x815e84d0 528 0x30c 0x1f0003 Event
0xe18547e8 528 0x310 0x1f0001 Port
0x81636180 528 0x314 0x478 Process lsass.exe(528)
0xe184c090 528 0x318 0x1f0001 Port
0x81636180 528 0x31c 0x478 Process lsass.exe(528)
0x815e84d0 528 0x320 0x1f0003 Event
0x815e84d0 528 0x324 0x1f0003 Event
0x815ffa18 528 0x328 0x100003 Semaphore
0x815ff9e0 528 0x32c 0x100003 Semaphore
0x816df1b0 528 0x330 0x1f0003 Event
0x816109c0 528 0x334 0x1f0003 Event
0x81610988 528 0x338 0x100003 Semaphore
0x816ad220 528 0x33c 0x100003 Semaphore
0xe1852d18 528 0x340 0x2001f Key MACHINE\SAM\SAM
0xe1852148 528 0x344 0x3001f Key MACHINE\SAM\SAM\RXACT
0xe1855f90 528 0x348 0x2001f Key MACHINE\SAM\SAM\DOMAINS\BUILTIN
0xe1854730 528 0x34c 0x2001f Key MACHINE\SAM\SAM\DOMAINS\ACCOUNT
0xe146cca8 528 0x350 0xf01ff Token
0x815d55f0 528 0x354 0x1f0003 Event
0x816ad150 528 0x358 0x1f0003 Event
0x81621fe0 528 0x35c 0x1f0001 Mutant
0x81621fb0 528 0x360 0x1f0003 Event
0x81621f70 528 0x364 0x1f0001 Mutant
0x81621f40 528 0x368 0x1f0003 Event
0x81621f00 528 0x36c 0x1f0001 Mutant
0x81645020 528 0x370 0x1f0003 Event
0xe1bc7178 528 0x374 0x1f0001 Port
0x815d4c60 528 0x378 0x1f0003 Event
0x816d9538 528 0x37c 0x12019f File \Device\NamedPipe\lsarpc
0x815d4c30 528 0x380 0x1f0003 Event
0x815d4c00 528 0x384 0x1f0003 Event
0x816959b0 528 0x388 0x1f03ff Thread TID 640 PID 528
0x81643ff0 528 0x38c 0x1f0003 Event
0xe1856c58 528 0x390 0x1f0001 Port
0x8164c568 528 0x394 0xa84 WmiGuid
0x816301a8 528 0x398 0x100002 Event SAM_SERVICE_STARTED
0x816f57b0 528 0x39c 0x1f0003 Event
0x8162fda8 528 0x3a0 0x1f03ff Thread TID 668 PID 528
0xe185dd10 528 0x3a4 0x1f0001 Port
0x816a2d98 528 0x3a8 0x12019f File \Device\NamedPipe\lsass
0x816f56d0 528 0x3ac 0x1f0003 Event
0x8162f1d0 528 0x3b0 0x12019f File \Device\NamedPipe\lsass
0x8160eda8 528 0x3b4 0x1f03ff Thread TID 616 PID 528
0x8162f088 528 0x3b8 0x1f0003 Event
0xe18601a8 528 0x3bc 0x1f0001 Port
0x81671398 528 0x3c0 0x478 Process svchost.exe(676)
0xe18600f0 528 0x3c4 0x1f0001 Port
0xe18603f8 528 0x3c8 0x1f0001 Port
0x81671398 528 0x3cc 0x478 Process svchost.exe(676)
0xe1883f68 528 0x3d0 0x1f0001 Port
0x8153e020 528 0x3d4 0x478 Process services.exe(516)
0xe1888710 528 0x3d8 0x1f0001 Port
0xe1882c38 528 0x3dc 0xf01ff Token
0x816f57e0 528 0x3e0 0x478 Process winlogon.exe(412)
0x815f5da0 528 0x3e4 0x478 Process svchost.exe(736)
0x81639240 528 0x3e8 0x1f0003 Event
0xe187e0c8 528 0x3ec 0x2020019 Key USER
0x816081c8 528 0x3f0 0x1f0003 Event
0x81695da8 528 0x3f4 0x1f03ff Thread TID 544 PID 528
0x815c4ec8 528 0x3f8 0x1f0003 Event
0x815df9c8 528 0x3fc 0x100003 Event
0x81550138 528 0x400 0x12019f File \Device\NamedPipe\lsass
0xe18a5b40 528 0x404 0x1f0001 Port
0xe189b3d8 528 0x408 0x1f0001 Port
0x8170fcf0 528 0x40c 0x1f0003 Event
0x81625da8 528 0x410 0x1f03ff Thread TID 732 PID 528
0xe18a9da8 528 0x414 0xf01ff Token
0xe18a9c98 528 0x418 0x1f0001 Port
0x8162ad78 528 0x41c 0x478 Process svchost.exe(800)
0x817096f8 528 0x420 0x1f0003 Event
0x8162b700 528 0x424 0x12019f File \Device\NamedPipe\lsass
0x81683760 528 0x428 0x1f0003 Event
0x81620a08 528 0x42c 0x1f0003 Event
0x8167fe08 528 0x430 0x1f0003 Event
0x8167fb70 528 0x434 0x1f03ff Thread TID 1008 PID 528
0xe1bc3a48 528 0x438 0x1f0001 Port
0x816209d8 528 0x43c 0x21f0003 Event
0xe1bccc80 528 0x440 0x1f0001 Port
0x816f57e0 528 0x444 0x478 Process winlogon.exe(412)
0x816208f8 528 0x448 0x12019f File \Device\NamedPipe\lsass
0xe1bfe5e8 528 0x44c 0xf01ff Token
0x81620860 528 0x450 0x12019f File \Device\NamedPipe\lsass
0x8162d920 528 0x454 0x1f0003 Event
0x81692860 528 0x458 0x1f0003 Event
0xe1ac4278 528 0x45c 0x1f0001 Port
0x8162ad78 528 0x460 0x478 Process svchost.exe(800)
0xe166cc30 528 0x464 0x1f0001 Port
0x8162ad78 528 0x468 0x478 Process svchost.exe(800)
0xe167a020 528 0x46c 0x1f0001 Port
0x81643d00 528 0x470 0x12019f File \Device\NamedPipe\lsass
0x8162ad78 528 0x474 0x478 Process svchost.exe(800)
0xe167af00 528 0x478 0x1f0001 Port
0x817c6bd0 528 0x47c 0x478 Process System(4)
0x815e6ef0 528 0x480 0x21f0003 Semaphore
0xe183b020 528 0x484 0x1f0001 Port
0x816f2b70 528 0x488 0x478 Process explorer.exe(1284)
0x816f6338 528 0x48c 0x1f0003 Event
0x81617d50 528 0x490 0x1f0003 Event
0x81630340 528 0x494 0x12019f File \Device\NamedPipe\lsass
0xe17bd3e0 528 0x498 0x1f0001 Port
0x81602c70 528 0x49c 0x478 Process userinit.exe(1268)
0x816754f0 528 0x4a0 0x1f03ff Thread TID 556 PID 528
0x81550d28 528 0x4a4 0x100003 Event
0x81616660 528 0x4a8 0x100003 Event
0x8167ecc8 528 0x4ac 0x12019f File \Device\IPSEC
0x816f76c8 528 0x4b0 0xa84 WmiGuid
0x8162b7f0 528 0x4b4 0x1f0003 Event
0x816d5970 528 0x4b8 0x1f03ff Thread TID 552 PID 528
0x81610a60 528 0x4bc 0x1f0003 Event
0x81685640 528 0x4c0 0x1f03ff Thread TID 1552 PID 528
0x81709b78 528 0x4c4 0x478 Process svchost.exe(876)
0x81550588 528 0x4c8 0x1f0003 Event
0x816f52d8 528 0x4cc 0x1f0003 Event IPSEC_POLICY_CHANGE_EVENT
0x816727a0 528 0x4d0 0x1f0003 Event
0x816be2a8 528 0x4d4 0x1f0003 Event
0x816be278 528 0x4d8 0x1f0003 Event
0x816be248 528 0x4dc 0x1f0003 Event IPSEC_POLICY_CHANGE_NOTIFY
0x816be208 528 0x4e0 0x1f0003 Event
0x816be1d8 528 0x4e4 0x1f0003 Event IPSEC_GP_REFRESH_EVENT
0x81685640 528 0x4e8 0x1f03ff Thread TID 1552 PID 528
0x81689478 528 0x4ec 0x1f0003 Event
0x81689718 528 0x4f0 0x1f0003 Event
0x816894e0 528 0x4f4 0x1f01ff File \Device\Afd\Endpoint
0x816896e8 528 0x4f8 0x1f0003 Event
0x815d1ac0 528 0x4fc 0x1200a0 File \Device\Tcp
0x8162ad78 528 0x500 0x478 Process svchost.exe(800)
0xe1c20ca8 528 0x504 0x1f0001 Port
0x81689898 528 0x508 0x1f0003 Event
0x816852c0 528 0x50c 0x1f0003 Event PS_SERVICE_STARTED
0x8168b368 528 0x510 0x1f0003 Event
0x815ccd38 528 0x514 0x1f0003 Event
0x815cc270 528 0x518 0x1f0003 Event
0x815c98a0 528 0x51c 0x1f0003 Event
0x815c9870 528 0x520 0x1f0003 Event
0x815c9970 528 0x524 0x12019f File \Device\IPSEC
0xe1c26020 528 0x528 0x11 Key MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\IPSEC
0x816fa300 528 0x52c 0x1f0003 Event
0xe1c25928 528 0x530 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\NETWORKACCESSPROTECTION\NAPCLIENT
0xe1c26210 528 0x534 0xf01ff Token
0x8167eae8 528 0x538 0x1f0003 Event
0x815cc440 528 0x53c 0x1f0003 Event
0x8163f358 528 0x540 0x1f03ff Thread TID 1224 PID 528
0x815eb750 528 0x544 0x1f01ff File \Device\Afd\Endpoint
0x815eb6b8 528 0x548 0x1f01ff File \Device\Udp
0x8156cb50 528 0x54c 0x1f0003 Event
0xe1c27298 528 0x550 0x1f0001 Port
0x8156c668 528 0x554 0x1f0003 Event
0x8156c8a8 528 0x558 0x1f03ff Thread TID 1668 PID 528
0xe1c27160 528 0x55c 0x10 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH
0x8156c878 528 0x560 0x1f0003 Event
0x8156c8a8 528 0x564 0x1f03ff Thread TID 1668 PID 528
0x8156c848 528 0x568 0x1f0003 Event
0x8156c7b8 528 0x56c 0x1f01ff File \Device\Afd\Endpoint
0x8156c5d8 528 0x570 0x1f01ff File \Device\Afd\Endpoint
0x8156c3e8 528 0x574 0x1f01ff File \Device\Udp
0x8156cb20 528 0x578 0x1f0003 Event
0x8156c8a8 528 0x57c 0x1f03ff Thread TID 1668 PID 528
0x8156c1d0 528 0x580 0x1f0003 Event
0x81613f90 528 0x584 0x1f0003 Event
0x81613fc0 528 0x588 0x100003 Event
0x81613d68 528 0x58c 0x1f01ff File \Device\Afd\Endpoint
0x81613bf8 528 0x590 0x1f01ff File \Device\RawIp\255
0x81613680 528 0x594 0x1f03ff Thread TID 1672 PID 528
0x81613650 528 0x598 0x1f0003 Event
0x816131d0 528 0x59c 0x1f03ff Thread TID 1676 PID 528
0x81614f28 528 0x5a0 0x1f0003 Timer
0x81614cb0 528 0x5a4 0x1f03ff Thread TID 1680 PID 528
0xe1006e20 676 0x4 0xf0003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 676 0x8 0x3 Directory KnownDlls
0x816498c0 676 0xc 0x100020 File \Device\HarddiskVolume1\WINDOWS\system32
0x815d4c90 676 0x10 0x100003 Semaphore
0xe14038f8 676 0x14 0xf000f Directory Windows
0xe185dad0 676 0x18 0x21f0001 Port
0x815e28f0 676 0x1c 0x100003 Semaphore
0xe14477d0 676 0x20 0x2000f Directory BaseNamedObjects
0x817064e8 676 0x24 0x1f0001 Mutant SHIMLIB_LOG_MUTEX
0xe185a108 676 0x28 0x20f003f Key MACHINE
0x816d8b20 676 0x2c 0xf016e WindowStation Service-0x0-3e7$
0x815ca098 676 0x30 0x21f0003 Event
0x815f6970 676 0x34 0xf00cf Desktop Default
0x816d8b20 676 0x38 0xf016e WindowStation Service-0x0-3e7$
0x816ad258 676 0x3c 0x100003 Semaphore
0x815ca828 676 0x40 0x1f0003 Event
0x816109f0 676 0x44 0x100003 Semaphore
0xe185c798 676 0x48 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81692380 676 0x4c 0x1f0003 Event DINPUTWINMM
0x816fb4c8 676 0x50 0x100001 File \Device\KsecDD
0x8167dbd8 676 0x54 0x1f0003 Event
0x8167dba8 676 0x58 0x1f0003 Event
0xe185a170 676 0x5c 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x8162a930 676 0x60 0x1f0003 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0x817cb720 676 0x64 0x1f0003 Event userenv: User Profile setup event
0x815ca890 676 0x68 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0xe185d890 676 0x6c 0x8 Token
0x815d4e18 676 0x70 0x1f0003 Event
0x81648db8 676 0x74 0x100003 Semaphore
0x815e2a28 676 0x78 0x100003 Semaphore
0x81606a68 676 0x7c 0x100003 Semaphore
0x81695938 676 0x80 0x100003 Semaphore
0x81675cc0 676 0x84 0x100003 Semaphore
0x81675c88 676 0x88 0x100003 Semaphore
0x81675c50 676 0x8c 0x100003 Semaphore
0x81675c18 676 0x90 0x100003 Semaphore
0x81675be0 676 0x94 0x100003 Semaphore
0x81675ba8 676 0x98 0x100003 Semaphore
0x81675b70 676 0x9c 0x100003 Semaphore
0x81675b38 676 0xa0 0x100003 Semaphore
0x81675ad8 676 0xa4 0x1f0003 Event
0x81675b08 676 0xa8 0x1f0003 Event
0x81675aa8 676 0xac 0x1f0003 Event
0x81675a78 676 0xb0 0x1f0003 Event
0x816706a8 676 0xb4 0x1f03ff Thread TID 680 PID 676
0x81675a48 676 0xb8 0x1f0003 Event
0x816dbe30 676 0xbc 0x12019f File \Device\NamedPipe\net\NtControlPipe1
0xe185d590 676 0xc0 0x1f0001 Port
0x81638da8 676 0xc4 0x1f03ff Thread TID 808 PID 676
0x8162f2c0 676 0xc8 0x1f0003 Event
0x8162aa70 676 0xcc 0x1f0003 Event
0x8162f2f0 676 0xd0 0x1f0003 Event
0x8162f290 676 0xd4 0x1f0003 Event
0x81712978 676 0xd8 0x1f0003 IoCompletion
0x817130f0 676 0xdc 0x1f0003 IoCompletion
0x81712978 676 0xe0 0x1f0003 IoCompletion
0xe1861d20 676 0xe4 0x20f003f Key MACHINE\SOFTWARE\CLASSES
0xe1861fb8 676 0xe8 0x20019 Key MACHINE\SOFTWARE\CLASSES\CLSID
0xe1860c18 676 0xec 0x20019 Key MACHINE\SOFTWARE\CLASSES\APPID
0x8162f260 676 0xf0 0x1f0003 Event
0x8162f148 676 0xf4 0x1f0003 Event
0x8162f118 676 0xf8 0x1f0003 Event
0x8162f0e8 676 0xfc 0x1f0003 Event
0x81638490 676 0x100 0x100000 File \Device\Dfs
0xe1861b30 676 0x104 0x1f0001 Port
0x816c9ec0 676 0x108 0x1f0003 Event
0xe1861940 676 0x10c 0x1f0001 Port
0xe1860088 676 0x110 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\OLE
0xe18619f8 676 0x114 0x10 Key MACHINE\SOFTWARE\MICROSOFT\OLE
0x815d3280 676 0x118 0x1f0003 Timer
0x816c9f88 676 0x11c 0x21f0003 Event
0x816c9c48 676 0x120 0x1f03ff Thread TID 692 PID 676
0x81713780 676 0x124 0x1f0003 IoCompletion
0x815fd780 676 0x128 0x1f0003 Timer
0x81714c40 676 0x12c 0x1f03ff Thread TID 700 PID 676
0xe1860390 676 0x130 0x20019 Key MACHINE\SOFTWARE\POLICIES
0x81714b98 676 0x134 0x1f0003 Event
0xe1860328 676 0x138 0x10 Key MACHINE\SOFTWARE\POLICIES
0xe1855ce8 676 0x13c 0x1f0001 Port actkernel
0x81714b30 676 0x140 0x1f0003 Event
0x815fdda8 676 0x144 0x1f03ff Thread TID 704 PID 676
0x815f5da0 676 0x148 0x1f0fff Process svchost.exe(736)
0xe18a1370 676 0x14c 0xf0007 Section RotHintTable
0xe18a3ee0 676 0x150 0x1f0001 Port
0x81639270 676 0x154 0x1f0003 Event
0x816dce30 676 0x158 0x12019f File \Device\NamedPipe\lsarpc
0x815d3e90 676 0x15c 0x1f0001 Mutant {A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}
0xe18a4b10 676 0x160 0xf0007 Section {A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
0xe1d9f438 676 0x164 0xf01ff Token
0xe1d9fe30 676 0x168 0xf003f Key MACHINE\SOFTWARE\CLASSES
0xe1d9fdc8 676 0x16c 0xf003f Key MACHINE\SOFTWARE\CLASSES
0x816164c8 676 0x170 0x1f0003 Event
0xe1bfa818 676 0x174 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81616498 676 0x178 0x1f0003 Event
0xe1bfa7b0 676 0x17c 0x10 Key USER
0x81616468 676 0x180 0x1f0003 Event
0xe1bfa748 676 0x184 0xf003f Key MACHINE\SOFTWARE\CLASSES
0x81616438 676 0x188 0x1f0003 Event
0xe1bfa6e0 676 0x18c 0x10 Key USER
0x81616408 676 0x190 0x1f0003 Event
0xe1d9f3c0 676 0x194 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81679758 676 0x198 0x1f0003 Event
0xe1bfc638 676 0x19c 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81679728 676 0x1a0 0x1f0003 Event
0xe1d9f320 676 0x1a4 0xf003f Key MACHINE\SOFTWARE\CLASSES\CLSID
0x816796f8 676 0x1a8 0x1f0003 Event
0xe1bfc598 676 0x1ac 0xf003f Key MACHINE\SOFTWARE\CLASSES
0x816796c8 676 0x1b0 0x1f0003 Event
0xe1d9f280 676 0x1b4 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81679698 676 0x1b8 0x1f0003 Event
0xe1bfc4f8 676 0x1bc 0x10 Key USER
0x81679668 676 0x1c0 0x1f0003 Event
0xe1d9f1e0 676 0x1c4 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81679638 676 0x1c8 0x1f0003 Event
0xe1bf6020 676 0x1cc 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81679608 676 0x1d0 0x1f0003 Event
0xe1d9f140 676 0x1d4 0xf003f Key MACHINE\SOFTWARE\CLASSES\CLSID
0x816795d8 676 0x1d8 0x1f0003 Event
0x815fb348 676 0x1dc 0x1f0003 Event
0x81622da8 676 0x1e0 0x1f03ff Thread TID 1448 PID 676
0xe1bf68e8 676 0x1e4 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe1006e20 736 0x4 0x20003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 736 0x8 0x3 Directory KnownDlls
0x816d0708 736 0xc 0x100020 File \Device\HarddiskVolume1\WINDOWS\system32
0x815e8b60 736 0x10 0x100003 Semaphore
0xe14038f8 736 0x14 0xf000f Directory Windows
0xe1896508 736 0x18 0x21f0001 Port
0x815500b8 736 0x1c 0x100003 Semaphore
0xe14477d0 736 0x20 0x2000f Directory BaseNamedObjects
0x817064e8 736 0x24 0x1f0001 Mutant SHIMLIB_LOG_MUTEX
0xe18873e8 736 0x28 0x2020019 Key MACHINE
0x8170c6b0 736 0x2c 0xf037f WindowStation Service-0x0-3e4$
0x81625cc8 736 0x30 0x21f0003 Event
0x81625c20 736 0x34 0xf01ff Desktop Default
0x8170c6b0 736 0x38 0xf037f WindowStation Service-0x0-3e4$
0x81611c00 736 0x3c 0x100003 Semaphore
0x81646900 736 0x40 0x1f0003 Event
0x81611bc8 736 0x44 0x100003 Semaphore
0xe18978d8 736 0x48 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81611a68 736 0x4c 0x1f0003 Event
0x81646968 736 0x50 0x100001 File \Device\KsecDD
0x81712ee0 736 0x54 0x1f0003 Event
0xe18967a8 736 0x58 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x8162a930 736 0x5c 0x100002 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0x8179b140 736 0x60 0x1f0003 Event
0x81611b38 736 0x64 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x81700be8 736 0x68 0x1f0003 Event
0x81700bb8 736 0x6c 0x1f0003 Event
0x81611aa0 736 0x70 0x12019f File \Device\NamedPipe\net\NtControlPipe3
0x81700b88 736 0x74 0x1f0003 Event
0x81611cc8 736 0x78 0x1f03ff Thread TID 740 PID 736
0x81700b20 736 0x7c 0x1f0003 Event
0xe18838c0 736 0x80 0x1f0001 Port
0x817008a8 736 0x84 0x1f03ff Thread TID 744 PID 736
0x81700758 736 0x88 0x1f0003 Event
0x817007e8 736 0x8c 0x1f0003 Event
0x81700788 736 0x90 0x1f0003 Event
0x81700728 736 0x94 0x1f0003 Event
0x81644268 736 0x98 0x1f0003 IoCompletion
0x815dc1f0 736 0x9c 0x1f0003 IoCompletion
0x81644268 736 0xa0 0x1f0003 IoCompletion
0xe1896440 736 0xa4 0x20f003f Key USER\S-1-5-20_CLASSES
0xe1896148 736 0xa8 0x20019 Key MACHINE\SOFTWARE\CLASSES\CLSID
0x817006f8 736 0xac 0x1f0003 Event
0xe18a0f08 736 0xb0 0x20019 Key MACHINE\SOFTWARE\CLASSES\APPID
0x8166e700 736 0xb4 0x1f0003 Event
0x8166e690 736 0xb8 0x1f0003 Event
0x8166e660 736 0xbc 0x1f0003 Event
0x815fe7e8 736 0xc0 0x100000 File \Device\Dfs
0xe18a0e50 736 0xc4 0x1f0001 Port
0xe189ffb8 736 0xc8 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\OLE
0x81778b48 736 0xcc 0x1f0003 Event
0x81778b18 736 0xd0 0x1f0003 Event
0xe18965c0 736 0xd4 0x10 Key MACHINE\SOFTWARE\MICROSOFT\OLE
0x8177b3c8 736 0xd8 0x1f0003 Timer
0x8177b398 736 0xdc 0x21f0003 Event
0x8166e3b8 736 0xe0 0x1f03ff Thread TID 748 PID 736
0x815e6240 736 0xe4 0x1f0003 IoCompletion
0x8177a4f0 736 0xe8 0x1f0003 Timer
0x816192f8 736 0xec 0x1f03ff Thread TID 756 PID 736
0xe18a0de8 736 0xf0 0x20019 Key MACHINE\SOFTWARE\POLICIES
0x817795e8 736 0xf4 0x1f0003 Event
0xe189ff50 736 0xf8 0x10 Key MACHINE\SOFTWARE\POLICIES
0x81779580 736 0xfc 0x1f0003 Event
0xe189fe20 736 0x100 0x1f0001 Port epmapper
0x81779550 736 0x104 0x1f0003 Event
0x81645558 736 0x108 0x1f03ff Thread TID 760 PID 736
0x81778c58 736 0x10c 0x1f0003 Event
0x817008a8 736 0x110 0x1f03ff Thread TID 744 PID 736
0xe18a0d80 736 0x114 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x81778c28 736 0x118 0x1f0003 Event
0xe18a0d18 736 0x11c 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x81672728 736 0x120 0x1f0003 Event
0x81611980 736 0x124 0x1200a0 File \Device\Tcp
0x8167dd70 736 0x128 0x1f01ff File \Device\Afd\Endpoint
0x815d61f0 736 0x12c 0x1f0003 Event
0x815d61c0 736 0x130 0x1f0003 Event
0x816c5538 736 0x134 0x1f03ff Thread TID 764 PID 736
0xe18a0970 736 0x138 0x1f0001 Port
0xe18a0b18 736 0x13c 0x1f0001 Port
0x815d60e0 736 0x140 0x1f01ff File \Device\Afd\Endpoint
0x816c5300 736 0x144 0x1f0003 Event
0x81601da8 736 0x148 0x1f03ff Thread TID 768 PID 736
0x816c5230 736 0x14c 0x160089 File \Device\NamedPipe\Winsock2\CatalogChangeListener-2e0-0
0x816c51a0 736 0x150 0x1f0003 Event
0x81601cc8 736 0x154 0x1f01ff File \Device\Afd\Endpoint
0x81601da8 736 0x158 0x1f03ff Thread TID 768 PID 736
0x81601b78 736 0x15c 0x1f0003 Event
0x81601ae8 736 0x160 0x1f01ff File \Device\Afd\Endpoint
0x8164db68 736 0x164 0x1200a0 File \Device\Ip
0x8164dc90 736 0x168 0x1200a0 File \Device\Tcp
0x8164dad0 736 0x16c 0x1200a0 File \Device\Ip
0x816c5168 736 0x170 0x100003 Semaphore
0x817795b0 736 0x174 0x100003 Semaphore
0xe18a0cb0 736 0x178 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe189fed8 736 0x17c 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe18a0c48 736 0x180 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe18a0588 736 0x184 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x8164d9d0 736 0x188 0x1200a0 File \Device\Tcp
0x816015a8 736 0x18c 0x1f0003 Event ScmCreatedEvent
0x816017a0 736 0x190 0x1f0003 Event
0x81601808 736 0x194 0x1f01ff File \Device\Afd\Endpoint
0x8162aaa0 736 0x198 0x1f0003 Event
0xe189f838 736 0x19c 0x1f0001 Port
0xe18a4ea8 736 0x1a0 0x1f0001 Port
0x816393a0 736 0x1a4 0x1f0003 Event
0xe18a4c68 736 0x1a8 0xf01ff Token
0xe18c4ef0 736 0x1ac 0x1f0001 Port
0xe1a1d030 736 0x1b0 0xf01ff Token
0xe1670570 736 0x1b4 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe16705d8 736 0x1b8 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x8164c950 736 0x1bc 0x1f0003 Event
0xe17e8120 736 0x1c0 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x8164c920 736 0x1c4 0x1f0003 Event
0xe1bd1d58 736 0x1c8 0x10 Key USER
0x8164c8f0 736 0x1cc 0x1f0003 Event
0xe1bd1cf0 736 0x1d0 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x8164c8c0 736 0x1d4 0x1f0003 Event
0xe1bd1c88 736 0x1d8 0x10 Key USER
0x81701d78 736 0x1dc 0x1f0003 Event
0xe1bd1c20 736 0x1e0 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81701d48 736 0x1e4 0x1f0003 Event
0xe1bcfd60 736 0x1e8 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81701d18 736 0x1ec 0x1f0003 Event
0xe1bcfcf8 736 0x1f0 0x20019 Key MACHINE\SOFTWARE\CLASSES\CLSID
0x81701ce8 736 0x1f4 0x1f0003 Event
0xe1bcfc90 736 0x1f8 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x81701cb8 736 0x1fc 0x1f0003 Event
0xe1bcfc28 736 0x200 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81701c88 736 0x204 0x1f0003 Event
0xe1bcfbc0 736 0x208 0x10 Key USER
0x81701c58 736 0x20c 0x1f0003 Event
0xe1bcfb58 736 0x210 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81701c28 736 0x214 0x1f0003 Event
0xe1bcfaf0 736 0x218 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81701bf8 736 0x21c 0x1f0003 Event
0xe1bcfa88 736 0x220 0x20019 Key MACHINE\SOFTWARE\CLASSES\CLSID
0x81701bc8 736 0x224 0x1f0003 Event
0x815c7710 736 0x228 0x12019f File \Device\NamedPipe\epmapper
0x815c7628 736 0x22c 0x12019f File \Device\NamedPipe\epmapper
0x81701b78 736 0x230 0x1f0003 Event
0x81701b48 736 0x234 0x1f0003 Event
0x81701b18 736 0x238 0x1f0003 Event
0x81701ae8 736 0x23c 0x1f0003 Event
0x81701ab8 736 0x240 0x1f0003 Event
0xe183be48 736 0x244 0x1f0001 Port
0xe183b970 736 0x248 0xf01ff Token
0x815cd468 736 0x24c 0x1f0003 Event
0x815cd318 736 0x250 0x1f0003 Event
0x815cd348 736 0x254 0x1f0003 Event
0x815cd2e8 736 0x258 0x1f0003 Event
0xe1844368 736 0x25c 0xc Token
0xe18447e8 736 0x260 0x1f0001 Port
0x815e4ca8 736 0x264 0x1f0003 Event
0xe1aa6500 736 0x268 0x1f0001 Port
0x815e3e88 736 0x26c 0x1f0003 Event
0x815e3e48 736 0x270 0x1f0001 Mutant NETMAN
0x816163c0 736 0x274 0x1f0003 Event
0x81623a98 736 0x278 0x1f0003 Event
0x81623a68 736 0x27c 0x1f0003 Event RPCSS_REGEVENT:{BA126AE5-2166-11D1-B1D0-00805FC1270E}
0xe1bfa880 736 0x280 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe17e7de0 736 0x284 0x1f0001 Port
0x816192f8 736 0x288 0x1f03ff Thread TID 756 PID 736
0x816f12c8 736 0x28c 0x1f0003 Event
0x81673660 736 0x290 0x1f0003 Event
0x816192f8 736 0x294 0x1f03ff Thread TID 756 PID 736
0x815e3f08 736 0x298 0x1f0003 Event
0xe1d93540 736 0x29c 0x1f0001 Port
0xe1d94de8 736 0x2a0 0x1f0001 Port
0x8163b768 736 0x2a4 0x1f0003 Event
0x815fb720 736 0x2a8 0x1f03ff Thread TID 1440 PID 736
0x8163b6f8 736 0x2ac 0x1f0003 Event
0xe1bf4f08 736 0x2b0 0x1f0001 Port
0x815fb318 736 0x2b4 0x1f0003 Event
0x815fb378 736 0x2b8 0x1f0003 Event
0x81622b30 736 0x2bc 0x1f03ff Thread TID 1452 PID 736
0x81624de0 736 0x2c0 0x1f0003 Event
0xe1c26c00 736 0x2c4 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x815e3e48 736 0x2c8 0x1f0001 Mutant NETMAN
0x8169f590 736 0x2cc 0x1f0003 Event
0xe1bf6950 736 0x2d0 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x8167e538 736 0x2d4 0x1f0003 Event
0x8167e8d0 736 0x2d8 0x1f0003 Event
0x8167e2c8 736 0x2dc 0x1f0003 Event
0x81685b48 736 0x2e0 0x1f0003 Event
0x815ec368 736 0x2e4 0x1f0003 Event
0x815cc470 736 0x2e8 0x1f03ff Thread TID 1616 PID 736
0x816055a0 736 0x2ec 0x1f0003 Event
0x8169f380 736 0x2f0 0x1f0003 Event
0x81605328 736 0x2f4 0x1f03ff Thread TID 1640 PID 736
0xe1c25648 736 0x2f8 0x1f0001 Port
0xe1c25408 736 0x2fc 0xf01ff Token
0xe1c26c78 736 0x300 0xc Token
0x8169fc08 736 0x304 0x1f0003 Event
0xe1c26148 736 0x30c 0x1f0001 Port
0x8164bad0 736 0x310 0x1f0003 Event
0x816fcf60 736 0x314 0x1f0003 Event
0x816fcce8 736 0x318 0x1f03ff Thread TID 1708 PID 736
0xe1c2d848 736 0x324 0x1f0001 Port
0xe1006e20 800 0x4 0xf0003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 800 0x8 0x3 Directory KnownDlls
0x81601470 800 0xc 0x100020 File \Device\HarddiskVolume1\WINDOWS\system32
0x8164da60 800 0x10 0x100003 Semaphore
0xe14038f8 800 0x14 0xf000f Directory Windows
0xe18a1f68 800 0x18 0x21f0001 Port
0x8162a9f8 800 0x1c 0x100003 Semaphore
0xe14477d0 800 0x20 0x2000f Directory BaseNamedObjects
0x817064e8 800 0x24 0x1f0001 Mutant SHIMLIB_LOG_MUTEX
0xe189fbd8 800 0x28 0x20f003f Key MACHINE
0x816d8b20 800 0x2c 0xf016e WindowStation Service-0x0-3e7$
0x815d3df0 800 0x30 0x21f0003 Event
0x815f6970 800 0x34 0xf00cf Desktop Default
0x816d8b20 800 0x38 0xf016e WindowStation Service-0x0-3e7$
0x815d3c68 800 0x3c 0x100003 Semaphore
0x81638a70 800 0x40 0x1f0003 Event
0x815d3c30 800 0x44 0x100003 Semaphore
0xe18a04a8 800 0x48 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81692380 800 0x4c 0x1f0003 Event DINPUTWINMM
0x816013d8 800 0x50 0x100001 File \Device\KsecDD
0x815d3a38 800 0x54 0x1f0003 Event
0x815d3a08 800 0x58 0x1f0003 Event
0xe189fb00 800 0x5c 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x8162a930 800 0x60 0x1f0003 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0x817cb720 800 0x64 0x1f0003 Event userenv: User Profile setup event
0x81638ad8 800 0x68 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0xe18a1030 800 0x6c 0x8 Token
0x81639760 800 0x70 0x1f0003 Event
0x81639728 800 0x74 0x100003 Semaphore
0x816396f0 800 0x78 0x100003 Semaphore
0x816396b8 800 0x7c 0x100003 Semaphore
0x81639680 800 0x80 0x100003 Semaphore
0x81639648 800 0x84 0x100003 Semaphore
0x81639610 800 0x88 0x100003 Semaphore
0x816395d8 800 0x8c 0x100003 Semaphore
0x816395a0 800 0x90 0x100003 Semaphore
0x81639568 800 0x94 0x100003 Semaphore
0x81639530 800 0x98 0x100003 Semaphore
0x816394f8 800 0x9c 0x100003 Semaphore
0x816394c0 800 0xa0 0x100003 Semaphore
0x81639460 800 0xa4 0x1f0003 Event
0x81639490 800 0xa8 0x1f0003 Event
0x81639430 800 0xac 0x1f0003 Event
0x81639400 800 0xb0 0x1f0003 Event
0x8162ab00 800 0xb4 0x1f03ff Thread TID 804 PID 800
0xe18a1e70 800 0xb8 0x1f0001 Port
0x816393d0 800 0xbc 0x1f0003 Event
0x817110a0 800 0xc0 0x1f0003 IoCompletion
0x81639e58 800 0xc4 0x12019f File \Device\NamedPipe\net\NtControlPipe4
0x8169bbf0 800 0xc8 0x1f0003 IoCompletion
0x817110a0 800 0xcc 0x1f0003 IoCompletion
0xe18a49d8 800 0xd0 0x1f0001 Port
0x8169bb90 800 0xd4 0x1f0003 Event
0x8169b770 800 0xd8 0x1f0003 Event
0x8169b740 800 0xdc 0x1f0003 Event
0xe18a5c58 800 0xe0 0x1f0001 Port ThemeApiPort
0x8169b710 800 0xe4 0x1f0003 Event
0x8169b6e0 800 0xe8 0x1f0003 Event
0x81608810 800 0xec 0x1f0003 Timer
0x8169b6b0 800 0xf0 0x21f0003 Event
0x81608598 800 0xf4 0x1f03ff Thread TID 816 PID 800
0x81608510 800 0xf8 0x1f0003 IoCompletion
0x81608228 800 0xfc 0x1f0003 Event
0x8169b858 800 0x100 0x1f03ff Thread TID 812 PID 800
0x815c4a90 800 0x104 0x1f0003 Event
0x81608298 800 0x108 0x1f03ff Thread TID 820 PID 800
0x815f4e88 800 0x10c 0x1200a0 File \Device\Tcp
0x815e5e40 800 0x110 0x1200a0 File \Device\Ip
0x81699ac0 800 0x114 0x120116 File \Device\Tcp
0x815e5da8 800 0x118 0x100003 File \Device\Ip
0x81621800 800 0x11c 0x1200a0 File \Device\Ip
0x815c4ba8 800 0x120 0x100003 Semaphore
0x81633910 800 0x124 0x100003 Semaphore
0xe18ad6f0 800 0x128 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe18ad460 800 0x12c 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe18a6350 800 0x130 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe18bb688 800 0x134 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x816217c8 800 0x138 0x1f0003 Event
0x815f4a58 800 0x13c 0x1f03ff Thread TID 840 PID 800
0x81612378 800 0x140 0x1f0003 Event
0xe18bb588 800 0x144 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x8166f6d0 800 0x148 0x1f0003 Event
0xe18bcc78 800 0x14c 0xf003f Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x81619c90 800 0x150 0x1f0003 Event
0x815f4a58 800 0x154 0x1f03ff Thread TID 840 PID 800
0xe18bb6f0 800 0x158 0xf Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\DHCP\PARAMETERS
0xe18a97c8 800 0x15c 0xf Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe18bcc10 800 0x160 0xf Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\DHCP\PARAMETERS\OPTIONS
0xe18a9760 800 0x164 0xf Key MACHINE\SYSTEM\CONTROLSET001\SERVICES
0x816198d8 800 0x168 0x1f0003 Timer
0x816198a8 800 0x16c 0x1f0003 Event
0x81619878 800 0x170 0x1f0003 Event
0x81612438 800 0x174 0x1f0003 Event DHCPNEWIPADDRESS
0x817096f8 800 0x178 0x1f0003 Event
0xe18bc458 800 0x17c 0x1f0001 Port
0x81676478 800 0x180 0x1f0003 Event
0xe18be990 800 0x184 0x2001f Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\DNSREGISTEREDADAPTERS
0x81676448 800 0x188 0x1f0003 Event
0x81676418 800 0x18c 0x1f0003 Event
0x816fbda8 800 0x190 0x1f03ff Thread TID 892 PID 800
0x816fb810 800 0x194 0x1f0003 Event
0x816fbb98 800 0x198 0x100003 File \Device\Ip
0x816763c0 800 0x19c 0x1f0003 Semaphore
0xe18a9690 800 0x1a0 0xf Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{18DD0775-33B7-4F93-9D30-4475914B6CEF}
0xe18bb388 800 0x1a4 0xf001f Section
0x816767d8 800 0x1a8 0x1f0003 Event
0xe18a5320 800 0x1ac 0x1f0001 Port dhcpcsvc
0x81676788 800 0x1b0 0x1f0003 Event
0x816764f0 800 0x1b4 0x1f03ff Thread TID 896 PID 800
0x816f57e0 800 0x1b8 0x478 Process winlogon.exe(412)
0xe18be4e8 800 0x1bc 0x1f0001 Port
0x816f57e0 800 0x1c0 0x478 Process winlogon.exe(412)
0x816f57e0 800 0x1c4 0x100000 Process winlogon.exe(412)
0x81609d78 800 0x1c8 0x1f0003 Timer
0x81609ae0 800 0x1cc 0x1f03ff Thread TID 916 PID 800
0xe18c4e38 800 0x1d0 0x1f0001 Port
0x816f57e0 800 0x1d4 0x47a Process winlogon.exe(412)
0x815faff0 800 0x1d8 0x1f0003 Event
0x81639ef0 800 0x1dc 0x21f0003 Event
0x81609a78 800 0x1e0 0x100003 Event
0x8167d2c8 800 0x1e4 0x1f0003 Event crypt32LogoffEvent
0x815f8590 800 0x1e8 0x100003 Event
0xe18c3ac8 800 0x1ec 0xf0007 Section AtlDebugAllocator_FileMappingNameStatic3_320
0x81675e18 800 0x1f0 0x12019f File \Device\WMIDataDevice
0x81550d58 800 0x1f4 0x4 WmiGuid
0x81648f48 800 0x1f8 0xa84 WmiGuid
0x815f07c8 800 0x1fc 0x1f0003 Event
0x81676928 800 0x200 0x12019f File \Device\WMIDataDevice
0x8162ad78 800 0x204 0x1f0fff Process svchost.exe(800)
0x815f0798 800 0x208 0x1f0003 Event
0x815f0768 800 0x20c 0x1f0003 Event
0xe1d95490 800 0x210 0x1f0001 Port
0x816f2df8 800 0x214 0x100003 Event
0x816c33e8 800 0x218 0x21f0003 Semaphore
0x81573020 800 0x21c 0x4 WmiGuid
0xe1cda5f8 800 0x220 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\LANMANWORKSTATION\PARAMETERS
0x81624320 800 0x224 0x1f03ff Thread TID 1476 PID 800
0x81645020 800 0x228 0x1f0003 Event
0x816b7ae8 800 0x22c 0x1f0003 Event
0x8161a398 800 0x230 0x100003 Semaphore
0x8162b640 800 0x234 0x100003 Semaphore
0x8161c7c8 800 0x238 0x1f0003 Event
0x8161c680 800 0x23c 0x1f0003 Event
0x8161c648 800 0x240 0x100003 Semaphore
0x8167ffe8 800 0x244 0x100003 Semaphore
0xe19e3c48 800 0x248 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\TRACING\WZCTRACE
0x8161c618 800 0x24c 0x1f0003 Event
0x8167ff48 800 0x250 0x1f0003 Event
0x816098c8 800 0x254 0x1f0003 Event {4888D4DA-1222-4D45-AF7A-A09F6890622D}ShellHWDetection
0x8167ff18 800 0x258 0x1f0003 Event
0xe1ac61c0 800 0x25c 0x1f0001 Port
0x8167fe88 800 0x260 0x1f0003 Event
0x8167f5c0 800 0x264 0x1f0003 Event
0x8167fe58 800 0x268 0x1f0003 Event
0x816f7f70 800 0x26c 0x1f0003 Event
0xe1bd0e68 800 0x270 0x1f0001 Port
0x8162dcf0 800 0x274 0x1f0003 Event
0x8162dd60 800 0x278 0x100003 Semaphore
0x8162dcb8 800 0x27c 0x100003 Semaphore
0xe1bc32f0 800 0x280 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\TRACING\EAPOL
0x8162dc88 800 0x284 0x1f0003 Event
0x8162dbb0 800 0x288 0x1f0003 Event
0xe1aa45a8 800 0x28c 0xf003f Key MACHINE\SOFTWARE\CLASSES
0x816209a8 800 0x290 0x1f0003 Event
0x8162d7a0 800 0x294 0x100003 Semaphore
0x8162d768 800 0x298 0x100003 Semaphore
0xe1bc3700 800 0x29c 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\TRACING\EAPOLQEC
0x8162d738 800 0x2a0 0x1f0003 Event
0xe1bfce48 800 0x2a4 0xf003f Key MACHINE\SOFTWARE\CLASSES
0x816927d0 800 0x2a8 0x1f0003 Event
0x81690250 800 0x2ac 0x1f03ff Thread TID 1048 PID 800
0x81620828 800 0x2b0 0x1f0003 Event
0x816904c8 800 0x2b4 0x1f03ff Thread TID 1044 PID 800
0x8162d950 800 0x2b8 0x1f0003 Event
0x8161c800 800 0x2bc 0x12019f File \Device\NamedPipe\lsarpc
0xe1bff878 800 0x2c0 0x20f003f Key MACHINE\SOFTWARE\CLASSES
0x81605b30 800 0x2c4 0x1f03ff Thread TID 1624 PID 800
0x8170a5c0 800 0x2c8 0x1f0003 Event
0x8170a590 800 0x2cc 0x1f0003 Event
0x8161e778 800 0x2d0 0x1f0003 Event
0xe1bfceb0 800 0x2d4 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\NETWORKACCESSPROTECTION\NAPCLIENT
0x8170a540 800 0x2d8 0x1f0003 Event
0x8162da30 800 0x2dc 0x1f0003 Event
0xe1bff948 800 0x2e0 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x8162daa0 800 0x2e4 0x1f0003 Event
0xe1bff7a8 800 0x2e8 0x10 Key USER
0x81692890 800 0x2ec 0x1f0003 Event
0xe1bff670 800 0x2f0 0xf003f Key MACHINE\SOFTWARE\CLASSES
0x8170a4d8 800 0x2f4 0x1f0003 Event
0x81672e78 800 0x2f8 0x12019f File \Device\NamedPipe\wkssvc
0x81645080 800 0x2fc 0x100003 Event
0x81683cc0 800 0x300 0x1f0003 Event WkssvcToAgentStopEvent
0xe1bff5a0 800 0x304 0x10 Key USER
0x81550cf8 800 0x308 0x1f0003 Event
0xe1bff538 800 0x30c 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81550c90 800 0x310 0x1f0003 Event
0xe1bff468 800 0x314 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81550c28 800 0x318 0x1f0003 Event
0xe1bff400 800 0x31c 0xf003f Key MACHINE\SOFTWARE\CLASSES\CLSID
0x81550bc0 800 0x320 0x1f0003 Event
0xe1bff398 800 0x324 0xf003f Key MACHINE\SOFTWARE\CLASSES
0x81550b58 800 0x328 0x1f0003 Event
0xe1bff330 800 0x32c 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81550af0 800 0x330 0x1f0003 Event
0xe1bff2c8 800 0x334 0x10 Key USER
0x81550a88 800 0x338 0x1f0003 Event
0xe1bff260 800 0x33c 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81550a20 800 0x340 0x1f0003 Event
0xe1bff1f8 800 0x344 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x815509b8 800 0x348 0x1f0003 Event
0xe1bfe200 800 0x34c 0xf003f Key MACHINE\SOFTWARE\CLASSES\CLSID
0x81550950 800 0x350 0x1f0003 Event
0x81683c80 800 0x354 0x1f0003 Event AgentToWkssvcEvent
0xe1c65fb8 800 0x358 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x8167fa58 800 0x35c 0x1f0003 Event wkssvc: MUP finished initializing event
0x81683d00 800 0x360 0x1f0003 Event WkssvcToAgentStartEvent
0xe1bf5ec8 800 0x364 0x1f0001 Port
0x81649cd0 800 0x368 0x4 WmiGuid
0xe1c81db8 800 0x36c 0x20f003f Key USER\.DEFAULT
0xe1d94b70 800 0x370 0x1f0001 Port
0x816f4d78 800 0x374 0x100003 Semaphore
0x816f4fe8 800 0x378 0x100003 Semaphore
0xe1bfe198 800 0x37c 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\TRACING\EAPOLQECCB
0x81617818 800 0x380 0x1f0003 Event
0x816323f8 800 0x384 0x1f0003 Event
0x81617a18 800 0x388 0x1f0003 Event
0x81617b60 800 0x38c 0x1f0003 Event
0x81617ca8 800 0x390 0x1f0003 Event
0x815f6838 800 0x394 0x100003 Semaphore
0x815f67c0 800 0x398 0x100003 Semaphore
0x815d8bc8 800 0x39c 0x1f0003 Event
0x815d1938 800 0x3a0 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815d8b98 800 0x3a4 0x1f0003 Event
0xe1d02e58 800 0x3a8 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_PROTOCOL_LOCKDOWN
0xe1c81e20 800 0x3ac 0x2001f Key USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x815d8b38 800 0x3b0 0x1f0003 Event
0x8170a400 800 0x3b4 0xa84 WmiGuid
0x8161c890 800 0x3b8 0x4 WmiGuid
0x816909f0 800 0x3bc 0xa84 WmiGuid
0x816c4c20 800 0x3c0 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x81684460 800 0x3c4 0x1f0001 Mutant
0x815d8b08 800 0x3c8 0x1f0003 Event
0x815d8f30 800 0x3cc 0x1f0001 Mutant
0x816844f8 800 0x3d0 0x1f0003 Event
0x8168f938 800 0x3d4 0x1f0003 Event
0x81697e58 800 0x3d8 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x8168f8c8 800 0x3dc 0x1f0001 Mutant
0x8168f908 800 0x3e0 0x1f0003 Event
0x8168f898 800 0x3e4 0x1f0003 Event
0x8168f858 800 0x3e8 0x1f0001 Mutant
0x8160b8e8 800 0x3ec 0x1f0003 Event
0x8160b8a8 800 0x3f0 0x1f0001 Mutant
0x8163e668 800 0x3f4 0x1f0001 Mutant
0x815e1648 800 0x3f8 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x8163e580 800 0x3fc 0x1f0001 Mutant RasPbFile
0x8160b878 800 0x400 0x1f0003 Event
0x8163e638 800 0x404 0x1f0003 Event
0x8163e608 800 0x408 0x1f0003 Event
0x816f4608 800 0x40c 0x100003 Semaphore
0x8163e5d0 800 0x410 0x100003 Semaphore
0xe1d03ea8 800 0x414 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\TRACING\SVCHOST_RASTLS
0x8161d680 800 0x418 0x1f0003 Event
0xe17bb4f8 800 0x41c 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\TRACING\ONEEXSUP
0x816ae730 800 0x420 0x1f0003 Event
0x8162a120 800 0x424 0x1f0003 Event
0xe1bccdf0 800 0x428 0x1f0001 Port
0xe1bfeb08 800 0x42c 0xf01ff Token
0x8167b6e8 800 0x430 0x100003 Semaphore
0x8161aac0 800 0x434 0x100003 Semaphore
0xe1828b50 800 0x438 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\TRACING\SVCHOST_RASCHAP
0x815d2d00 800 0x43c 0x1f0003 Event
0x816466c0 800 0x440 0x100003 Event
0x81673568 800 0x444 0x1f0003 Event
0xe1bc4ec8 800 0x448 0x1f0001 Port
0x816ee608 800 0x44c 0x100003 Semaphore
0x816ee5d0 800 0x450 0x100003 Semaphore
0x816ee598 800 0x454 0x100003 Semaphore
0x816ee560 800 0x458 0x100003 Semaphore
0x816ee530 800 0x45c 0x1f0003 Event
0x8170b028 800 0x460 0x12019f File \Device\NamedPipe\winlogonrpc
0x81679788 800 0x464 0x478 Process ctfmon.exe(1412)
0xe1bfeb08 800 0x468 0xf01ff Token
0xe1bfeb08 800 0x46c 0xf01ff Token
0x816ff570 800 0x470 0xf037f WindowStation SAWinSta
0x8167b720 800 0x474 0x4 WmiGuid
0x816ee9a8 800 0x478 0x4 WmiGuid
0xe17e8030 800 0x47c 0x1f0001 Port wzcsvc
0x815fd3a8 800 0x480 0x1f0003 Event
0x816738d0 800 0x484 0x1f03ff Thread TID 1128 PID 800
0x81684730 800 0x488 0x100003 Semaphore
0x816846f8 800 0x48c 0x100003 Semaphore
0xe1bd1ae0 800 0x490 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\TRACING\WLPOLICY
0x816eedc8 800 0x494 0x1f0003 Event
0x81550648 800 0x498 0x1f0003 Event
0x8164cb10 800 0x49c 0x1f0003 Event
0x816098c8 800 0x4a0 0x100000 Event {4888D4DA-1222-4D45-AF7A-A09F6890622D}ShellHWDetection
0x81669608 800 0x4a4 0x1f03ff Thread TID 1136 PID 800
0xe17ef020 800 0x4a8 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe1846a98 800 0x4ac 0x1f0001 Port
0xe1bfe0e0 800 0x4b0 0x1f0001 Port OLE3225EF4D12CE42298A472CB3E2C0
0xe1d02890 800 0x4b4 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x8164cae0 800 0x4b8 0x1f0003 Event
0x81669320 800 0x4bc 0x1f03ff Thread TID 1140 PID 800
0x8164ca90 800 0x4c0 0x1f0003 Event
0x8164ca20 800 0x4c4 0x1f0003 Event
0xe18468e0 800 0x4c8 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe1aa47e8 800 0x4cc 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe1bcf950 800 0x4d0 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe1aa4780 800 0x4d4 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe1bcf8e8 800 0x4d8 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x81701790 800 0x4dc 0x1f0003 Event
0x815506f0 800 0x4e0 0x12019f File \Device\HarddiskVolume1\WINDOWS\SchedLgU.Txt
0x81701820 800 0x4e4 0x1f03ff Thread TID 1148 PID 800
0x81701480 800 0x4e8 0x1f0003 Event
0x816c11d0 800 0x4ec 0x120089 File \Device\HarddiskVolume1\WINDOWS\system32\kbd101.dll
0x817014e0 800 0x4f0 0x21f0003 Event
0x816ff938 800 0x4f4 0x120089 File \Device\HarddiskVolume1\WINDOWS\system32\kbd106.dll
0xe1847718 800 0x4f8 0xc Token
0x815e1e98 800 0x4fc 0x120089 File \Device\HarddiskVolume1\WINDOWS\system32\kbdnec.dll
0xe1846f00 800 0x500 0x1f0001 Port
0x817014b0 800 0x504 0x1f0003 Event
0x81680750 800 0x508 0xf01ff Desktop SADesktop
0x81701510 800 0x50c 0x1f0003 Event
0x816ffa78 800 0x510 0x1f0003 Event
0x81680680 800 0x514 0x1f0003 Timer
0x81701540 800 0x518 0x1f0003 Event
0x816ff9f8 800 0x51c 0x1f0003 Event
0xe1bfeb08 800 0x520 0xb Token
0x81701820 800 0x524 0x80 Thread TID 1148 PID 800
0x816434b0 800 0x528 0x12019f File \Device\NamedPipe\atsvc
0x816805f0 800 0x52c 0x12019f File \Device\NamedPipe\atsvc
0x816ff858 800 0x530 0x1f0003 Event
0x815c7020 800 0x534 0x1f03ff Thread TID 1152 PID 800
0x816ff9c8 800 0x538 0x1f0003 Event
0x815c7a18 800 0x53c 0x1f03ff Thread TID 1156 PID 800
0x816ff3f0 800 0x540 0x1f0003 Event
0x815c77a0 800 0x544 0x1f03ff Thread TID 1160 PID 800
0x816ff900 800 0x548 0x1f0003 Event
0x815c7358 800 0x54c 0x1f03ff Thread TID 1164 PID 800
0x815c72d8 800 0x550 0x1f0001 Mutant
0x815c72a8 800 0x554 0x1f0003 Event
0x8164aff0 800 0x558 0x1f0003 Event
0x8164afc0 800 0x55c 0x1f0003 Event
0x8164af90 800 0x560 0x1f0003 Event
0x8164ad18 800 0x564 0x1f03ff Thread TID 1168 PID 800
0x816ebdd0 800 0x568 0x21f0003 Event
0x8164a408 800 0x56c 0x1f0001 Mutant
0x816ebd70 800 0x570 0x1f0003 Event
0x816ebd40 800 0x574 0x1f0003 Event
0x816ebd10 800 0x578 0x1f0003 Event
0x816ebce0 800 0x57c 0x1f0003 Event PrefetchOverrideIdle
0x816ebca0 800 0x580 0x1f0003 Event PrefetchProcessingComplete
0x816ebc50 800 0x584 0x1f0001 Mutant
0xe1bcf9b8 800 0x588 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PREFETCHER
0x815e6b60 800 0x58c 0x1f0003 Event PrefetchTracesReady
0x816ebba0 800 0x590 0x1f0003 Event
0x8164ad18 800 0x594 0x1f03ff Thread TID 1168 PID 800
0x815f4470 800 0x598 0x100001 File \Device\HarddiskVolume1\WINDOWS\Tasks
0x8163fec0 800 0x59c 0x1f0003 Event
0x8163f848 800 0x5a0 0x1f03ff Thread TID 1216 PID 800
0x8163fb78 800 0x5a4 0x1f0003 Event SAConEvt
0x815b8500 800 0x5a8 0x100003 Semaphore
0x815b8840 800 0x5ac 0x100003 Semaphore
0x815b8468 800 0x5b0 0x100003 Semaphore
0x815743d0 800 0x5b4 0x100003 Semaphore
0xe1679878 800 0x5b8 0xf0007 Section mmGlobalPnpInfo
0x815e6bf8 800 0x5bc 0x21f0003 Event
0x815e6e88 800 0x5c0 0x1f0003 Event
0x815e6bc8 800 0x5c4 0x1f0003 Event
0x815e6b20 800 0x5c8 0x1f0003 Event PrefetchParametersChanged
0x815e6840 800 0x5cc 0x1f03ff Thread TID 1204 PID 800
0xe167ecf0 800 0x5d0 0x1f0001 Port AudioSrv
0x815e6790 800 0x5d4 0x1f0003 Event
0x815e64f8 800 0x5d8 0x1f03ff Thread TID 1208 PID 800
0xe1bfeb08 800 0x5dc 0xf01ff Token
0xe167f3f8 800 0x5e0 0x20f003f Key USER
0x815e63e8 800 0x5e4 0x1f0003 Event
0x8163fff0 800 0x5e8 0x1f0003 Event
0x815e6418 800 0x5ec 0x1f0003 Event
0x8163ff20 800 0x5f0 0x1f0003 Event
0x815e6840 800 0x5f4 0x1f03ff Thread TID 1204 PID 800
0x8163ff50 800 0x5f8 0x1f0003 Event
0x8163ff80 800 0x5fc 0x1f0003 Event
0x8163fef0 800 0x600 0x1f0003 Event
0x8163fe90 800 0x604 0x1f0003 Event
0xe167f4a8 800 0x608 0x1f0001 Port
0xe167fe20 800 0x60c 0x1f0001 Port
0x8163fe60 800 0x610 0x1f0003 Event
0x8163fba8 800 0x614 0x1f03ff Thread TID 1212 PID 800
0x815e6eb8 800 0x618 0x100003 Semaphore
0x8163ff20 800 0x61c 0x1f0003 Event
0x8163fef0 800 0x620 0x1f0003 Event
0x816ff5f0 800 0x624 0x20001 WmiGuid
0x816f7fa0 800 0x628 0x1f0003 Event
0x81579258 800 0x62c 0x1f0003 Event
0x815e6b90 800 0x630 0x100003 Semaphore
0xe167e0b0 800 0x634 0x1f0001 Port
0x81688158 800 0x638 0x100000 File \Device\LanmanRedirector
0x81627ae0 800 0x63c 0x100003 Semaphore
0x816ebe58 800 0x640 0x100000 File \Device\LanmanDatagramReceiver
0x81550608 800 0x644 0x100003 Semaphore
0x8163f778 800 0x648 0x12019f File \Device\NamedPipe\wkssvc
0x816023b8 800 0x64c 0x100003 Event
0x81602c70 800 0x650 0x478 Process userinit.exe(1268)
0xe166ddd0 800 0x654 0x1f0001 Port
0x8167a8e0 800 0x658 0x100003 Event
0x816f2b70 800 0x65c 0x478 Process explorer.exe(1284)
0xe168db50 800 0x660 0x1f0001 Port
0x816bea70 800 0x664 0x100003 Event
0xe1847ce0 800 0x668 0xc Token
0x8167e870 800 0x66c 0x1f0003 Event
0xe1845190 800 0x670 0x1f0001 Port
0x816f2b70 800 0x674 0x100068 Process explorer.exe(1284)
0x815e4b28 800 0x678 0x1f0001 Mutant
0x815e4b68 800 0x67c 0x1f0003 Event
0x815e0da8 800 0x680 0x1f03ff Thread TID 1328 PID 1284
0x81574da8 800 0x684 0x1f03ff Thread TID 1424 PID 800
0x815fab68 800 0x688 0x1f0003 Event
0xe1d8a9a8 800 0x68c 0x1f0001 Port
0xe1d946f8 800 0x690 0x1f0001 Port
0xe1c11768 800 0x694 0xc Token
0x815ed2d0 800 0x698 0x1f0003 Event
0x8167eda8 800 0x69c 0x1f03ff Thread TID 1528 PID 800
0x816b4ce8 800 0x6a0 0x12019f File \Device\NamedPipe\keysvc
0x816f7e88 800 0x6a4 0x12019f File \Device\NamedPipe\keysvc
0xe14bad38 800 0x6a8 0x1f0001 Port keysvc
0x81579648 800 0x6ac 0x1f0003 Event
0x815793d0 800 0x6b0 0x1f03ff Thread TID 1524 PID 800
0x815799c8 800 0x6b4 0x1f0001 Mutant 0CADFD67AF62496dB34264F000F5624A
0x81579978 800 0x6b8 0x1f0001 Mutant 4FCC0DEFE22C4f138FB9D5AF25FD9398
0x81579288 800 0x6bc 0x1f0003 Event
0x81579928 800 0x6c0 0x1f0001 Mutant 238FAD3109D3473aB4764B20B3731840
0x8167e5a8 800 0x6c4 0x1f03ff Thread TID 1536 PID 800
0x81579228 800 0x6c8 0x1f0003 Event
0x815792c0 800 0x6cc 0x12019f File \Device\NamedPipe\PCHHangRepExecPipe
0x8167e298 800 0x6d0 0x1f0003 Event
0xe1845ea0 800 0x6d4 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x8167e900 800 0x6d8 0x1f0003 Event
0x8167e8a0 800 0x6dc 0x1f0003 Event
0x8167ea50 800 0x6e0 0x12019f File \Device\NamedPipe\PCHFaultRepExecPipe
0xe1bf69b8 800 0x6e4 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x8167e2f8 800 0x6e8 0x1f0003 Event
0x8167e328 800 0x6ec 0x1f0003 Event
0xe18be120 800 0x6f0 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe1c1a998 800 0x6f4 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER
0xe1c1f7f0 800 0x6f8 0x20019 Key MACHINE\SOFTWARE\POLICIES
0x8167e4a8 800 0x6fc 0x100001 File \Device\HarddiskVolume1\WINDOWS\PCHealth\HelpCtr\BATCH
0x8167e268 800 0x700 0x1f0003 Event
0x8167e238 800 0x704 0x1f0003 Event
0x8167eb48 800 0x708 0x1f0003 Event
0x81685da8 800 0x70c 0x1f03ff Thread TID 1540 PID 800
0x81627bf8 800 0x710 0x100003 Semaphore
0x81627cd8 800 0x714 0x100003 Semaphore
0x816b2950 800 0x718 0xf01ff File \Device\LanmanServer
0x8167eb18 800 0x71c 0x1f0003 Event
0x8167eae8 800 0x720 0x1f0003 Event
0x81689bd8 800 0x724 0x100003 Event
0x815c9718 800 0x728 0x1f0003 Event
0x81689f30 800 0x72c 0x1f0003 Event
0x81689dd0 800 0x730 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815d1b50 800 0x734 0x21f0003 Event
0xe18c3ac8 800 0x738 0xf0007 Section AtlDebugAllocator_FileMappingNameStatic3_320
0xe18c3ac8 800 0x73c 0xf0007 Section AtlDebugAllocator_FileMappingNameStatic3_320
0x816727d0 800 0x740 0xa84 WmiGuid
0x815d1a88 800 0x744 0x1f0003 Event
0x816852f0 800 0x748 0xa84 WmiGuid
0x815ea320 800 0x74c 0x1f0003 IoCompletion
0x815c9eb8 800 0x750 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x816fb110 800 0x754 0x100003 Semaphore PowerProfileRegistrySemaphore
0xe1bf7ae0 800 0x758 0x1f0001 Port
0x814f76b8 800 0x75c 0x1f0003 Event
0xe14b34f0 800 0x760 0x1f0001 Port SECLOGON
0x815c96e8 800 0x764 0x1f0003 Event
0x8169f8b8 800 0x768 0x1f03ff Thread TID 1588 PID 800
0x8164b748 800 0x76c 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x8164b6b0 800 0x770 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x816239a8 800 0x774 0x1f0003 Event SENS Started Event
0x815c9600 800 0x778 0x1f0003 Event
0xe167f330 800 0x77c 0xf0007 Section SENS Information Cache
0xe1c12890 800 0x780 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe18c3ac8 800 0x784 0xf0007 Section AtlDebugAllocator_FileMappingNameStatic3_320
0x815c9590 800 0x788 0x1f0003 Event
0xe1c128f8 800 0x78c 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x816858b8 800 0x790 0x1f03ff Thread TID 1548 PID 800
0x81689758 800 0x794 0x1f0001 Mutant SRDataStore
0x815c95d0 800 0x798 0x1f0003 Event SRCounter
0x815c9b28 800 0x79c 0x1f0003 Event SRStopEvent
0x815c9b98 800 0x7a0 0x1f0003 Event SRInitEvent
0x815c9b58 800 0x7a4 0x1f0003 Event
0x815c9ae8 800 0x7a8 0x1f0003 Event SRIdleReqEvent
0x815c9e20 800 0x7ac 0x12019f File \Device\SystemRestore
0x81689758 800 0x7b0 0x100000 Mutant SRDataStore
0x8169fb78 800 0x7b4 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x815c9a10 800 0x7b8 0x1f0003 Event NetmanClassObjectRegistrationEvent
0x815eb5b8 800 0x7bc 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x8169f5f0 800 0x7c0 0x1f0003 Timer
0xe1c20bf0 800 0x7c4 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x8169f5c0 800 0x7c8 0x1f0003 Event
0x8169f790 800 0x7cc 0x100180 File \Device\HarddiskVolume1
0x81685c98 800 0x7d0 0x1f0003 Event
0xe1c21020 800 0x7d4 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe1c21b30 800 0x7d8 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x81685c68 800 0x7dc 0x1f0003 Event
0x815e8b30 800 0x7e0 0x1f0003 Event
0xe1c21b98 800 0x7e4 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\EVENTSYSTEM\{26C409CC-AE86-11D1-B616-00805FC79216}
0xe15b0598 800 0x7e8 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x815e8b00 800 0x7ec 0x1f0003 Event
0x8169f240 800 0x7f0 0x1f0003 Event
0x815e8ad0 800 0x7f4 0x1f0003 Event
0x815e8aa0 800 0x7f8 0x1f0003 Event
0x815e8a70 800 0x7fc 0x1f0003 Event
0x8160f368 800 0x804 0x1f0003 Event
0x8164fda8 800 0x808 0x1f03ff Thread TID 1592 PID 800
0x81685c30 800 0x80c 0x1f0003 Event W32TIME_NAMED_EVENT_SYSTIME_NOT_CORRECT
0x8160f298 800 0x810 0x1f0003 Event
0x8160f268 800 0x814 0x1f0003 Event
0x8160f238 800 0x818 0x1f0003 Event
0x8168b368 800 0x81c 0x1f0003 Event
0x8168b338 800 0x820 0x1f0003 Event
0x8169f828 800 0x824 0x12019f File \Device\NamedPipe\W32TIME
0x8169f500 800 0x828 0x12019f File \Device\NamedPipe\W32TIME
0x8168b278 800 0x82c 0x1f0003 Event
0x81618128 800 0x830 0x100000 Event userenv: Machine Group Policy has been applied
0x8164f3d0 800 0x834 0x1f03ff Thread TID 1604 PID 800
0x815cc230 800 0x838 0x1f0003 Event
0x815cc960 800 0x83c 0x1f03ff Thread TID 1608 PID 800
0x815cf2c8 800 0x840 0x1f0003 Event
0x815cc960 800 0x844 0x1f03ff Thread TID 1608 PID 800
0x8164fda8 800 0x848 0x1f03ff Thread TID 1592 PID 800
0x815ec278 800 0x84c 0x1f0003 Event
0x815cf238 800 0x850 0x1f01ff File \Device\Afd\Endpoint
0x815ee268 800 0x854 0x1f01ff File \Device\Udp
0x8164e250 800 0x858 0x1f0003 Event
0x815ec2a8 800 0x85c 0x1f0001 Mutant
0x815d9260 800 0x860 0x1f0003 Event
0x815d9290 800 0x864 0x1f0001 Mutant
0x815d9230 800 0x868 0x1f0003 Event
0x815cc6e8 800 0x86c 0x1f03ff Thread TID 1612 PID 800
0x81692c18 800 0x870 0x1f0003 Event
0xe1c21d68 800 0x874 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x8164f330 800 0x878 0x1f0003 Event WINMGMT_COREDLL_CANSHUTDOWN
0x815d9308 800 0x87c 0x100001 File \Device\HarddiskVolume1\WINDOWS\system32\wbem\mof
0x8164f2f0 800 0x880 0x1f0003 Event WINMGMT_PROVIDER_CANSHUTDOWN
0x8164f2b0 800 0x884 0x1f0003 Event WMI_SysEvent_LodCtr
0x8164f270 800 0x888 0x1f0003 Event WMI_SysEvent_UnLodCtr
0x8164f230 800 0x88c 0x1f0003 Event WMI_RevAdap_Set
0x8169f480 800 0x890 0x1f0003 Event WMI_RevAdap_ACK
0x8169f440 800 0x894 0x1f0003 Event WMI_ProcessIdleTasksStart
0x8169f400 800 0x898 0x1f0003 Event WMI_ProcessIdleTasksComplete
0xe14b4f68 800 0x89c 0x1f0001 Port senssvc
0xe1c21618 800 0x8a0 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x8169f350 800 0x8a4 0x1f0003 Event
0x816058b8 800 0x8a8 0x1f03ff Thread TID 1628 PID 800
0x8169f320 800 0x8ac 0x1f0003 Event
0x815c9f58 800 0x8b0 0x1f0001 WaitablePort TRKWKS_PORT
0x817bfcd0 800 0x8b4 0x1f0003 Event TRKWKS_EVENT
0x816855b0 800 0x8b8 0x12019f File \Device\NamedPipe\trkwks
0x81685440 800 0x8bc 0x12019f File \Device\NamedPipe\trkwks
0xe14b4af0 800 0x8c0 0x1f0001 Port trkwks
0x81692de0 800 0x8c4 0x1f0003 Event
0x815ccda8 800 0x8c8 0x1f03ff Thread TID 1632 PID 800
0x815ccd38 800 0x8cc 0x1f0003 Event
0xe15b0530 800 0x8d0 0x10 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH
0x815ccc98 800 0x8d4 0x1f0003 Event
0x81605b30 800 0x8d8 0x1f03ff Thread TID 1624 PID 800
0x81692db0 800 0x8dc 0x1f0003 Event
0x815ccc08 800 0x8e0 0x1f01ff File \Device\Afd\Endpoint
0x81605f90 800 0x8e4 0x1f01ff File \Device\Afd\Endpoint
0x8164fd18 800 0x8e8 0x1f01ff File \Device\Udp
0x81605dd0 800 0x8ec 0x1f0003 Event
0x8164fb70 800 0x8f0 0x1f0003 Event
0x8164fb40 800 0x8f4 0x1f0003 Event
0x81605b30 800 0x8f8 0x1f03ff Thread TID 1624 PID 800
0x8164f360 800 0x8fc 0x1f0003 Event
0x8164b580 800 0x900 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x8164b4e8 800 0x904 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x8164b618 800 0x908 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x8164b450 800 0x90c 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x8164b3b8 800 0x910 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x8164b320 800 0x914 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x8164b288 800 0x918 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81603f90 800 0x91c 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81603ef8 800 0x920 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81603e60 800 0x924 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81603dc8 800 0x928 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81603d30 800 0x92c 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81603c98 800 0x930 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81603c00 800 0x934 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81603b68 800 0x938 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81603ad0 800 0x93c 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81603a38 800 0x940 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x816039a0 800 0x944 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81603908 800 0x948 0x12019f File \Device\HarddiskVolume1\WINDOWS\WindowsUpdate.log
0x81692d70 800 0x94c 0x1f0001 Mutant WindowsUpdateTracingMutex
0xe1c27540 800 0x950 0xc Token
0xe1c0d8a8 800 0x954 0x1f0001 Port
0x8169fb40 800 0x958 0x1f0003 Event
0x81624320 800 0x95c 0x1f03ff Thread TID 1476 PID 800
0x816b1400 800 0x960 0x100081 File \Device\HarddiskVolume1\$Extend\$ObjId
0x8164b210 800 0x964 0x1f0003 Event
0x815e3548 800 0x968 0x13019f File \Device\HarddiskVolume1\System Volume Information\tracking.log
0xe1aa5550 800 0x96c 0x1f0001 Port srrpc
0x81613ff0 800 0x970 0x1f0003 Event
0xe1c2cbd8 800 0x974 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x815ebda8 800 0x978 0x1f03ff Thread TID 1644 PID 800
0x8162bc68 800 0x97c 0x100003 Semaphore
0x8162bca0 800 0x980 0x100003 Semaphore
0x8164ba20 800 0x984 0x1f0003 Event
0x8164b990 800 0x988 0x12019f File \Device\NamedPipe\srvsvc
0xe14b4538 800 0x98c 0x1f0001 Port XactSrvLpcPort
0x8164b828 800 0x990 0x12019f File \Device\NamedPipe\srvsvc
0xe1c2bda0 800 0x994 0x1f0001 Port
0x8164b958 800 0x998 0x21f0003 Event
0x81614778 800 0x99c 0x1f0003 Event
0x816033b8 800 0x9a0 0x1f03ff Thread TID 1664 PID 800
0x81614748 800 0x9a4 0x1f0003 Event
0xe1c260a8 800 0x9a8 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\EVENTSYSTEM\{26C409CC-AE86-11D1-B616-00805FC79216}\SUBSCRIPTIONS
0x815eb880 800 0x9ac 0x1f0003 Event
0x81614200 800 0x9b0 0x1f03ff Thread TID 1688 PID 800
0xe1c2b330 800 0x9b4 0x1f0001 Port
0x815eb818 800 0x9b8 0x1f0003 Event
0x815eb8e8 800 0x9bc 0x1f0003 Event
0x815eba20 800 0x9c0 0x1f0003 Event
0x815eb9b8 800 0x9c4 0x1f0003 Event
0x815eb950 800 0x9c8 0x1f0003 Event
0x815ebaf0 800 0x9cc 0x1f0003 Event
0x815ebda8 800 0x9d0 0x1f03ff Thread TID 1644 PID 800
0x815eba88 800 0x9d4 0x1f0003 Event
0x815cc2a8 800 0x9d8 0x1f01ff File \Device\Afd\Endpoint
0xe1c197a0 800 0x9dc 0x3 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINDOWSUPDATE\REPORTING
0x815ebc28 800 0x9e0 0x1f0003 Event
0xe1c259f8 800 0x9e4 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x815ebda8 800 0x9e8 0x4a Thread TID 1644 PID 800
0x815ebb58 800 0x9ec 0x1f0003 Event
0x815eb8b0 800 0x9f0 0x1f0003 Semaphore
0x815eb9e8 800 0x9f4 0x1f0003 Semaphore
0x815eb980 800 0x9f8 0x1f0003 Semaphore
0x815ebc88 800 0x9fc 0x1f0003 Event
0x815ebc58 800 0xa00 0x1f0003 Event
0x815c9a48 800 0xa04 0x12019f File \Device\NamedPipe\wkssvc
0x815eb260 800 0xa08 0x1f0003 Event
0xe1c25a60 800 0xa0c 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x81614718 800 0xa10 0x1f0003 Event
0x8168d290 800 0xa14 0x1f0003 Event
0x815efda8 800 0xa18 0x1f0003 Event
0x81608298 800 0xa1c 0x1f03ff Thread TID 820 PID 800
0x815efde0 800 0xa20 0x12019f File \Device\HarddiskVolume1\WINDOWS\SoftwareDistribution\ReportingEvents.log
0xe1c25b98 800 0xa24 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe1c25b30 800 0xa28 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe1c25ac8 800 0xa2c 0x3 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINDOWSUPDATE\REPORTING\EVENTCACHE\SUS
0xe1c25990 800 0xa30 0x20019 Key MACHINE\SOFTWARE\CLASSES
0x8164c7a8 800 0xa34 0x1f0003 Event
0x815ef078 800 0xa38 0x1f0003 Event
0xe1c25da0 800 0xa3c 0x3 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINDOWSUPDATE\REPORTING\EVENTCACHE\WU
0x8164c748 800 0xa40 0x1f0003 Event
0x8164c778 800 0xa44 0x1f0003 Event
0x8164c718 800 0xa48 0x1f0003 Event
0x8164c6e8 800 0xa4c 0x1f0003 Event
0x816fcff0 800 0xa50 0x1f0003 Event
0x816fcfc0 800 0xa54 0x1f0003 Event
0x816fcf90 800 0xa58 0x1f0003 Event
0xe1c25c00 800 0xa5c 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe1c25c68 800 0xa60 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\EVENTSYSTEM\{26C409CC-AE86-11D1-B616-00805FC79216}\EVENTCLASSES
0xe1c2e020 800 0xa64 0x1f0001 Port
0xe1c20358 800 0xa68 0x20019 Key MACHINE\SOFTWARE\CLASSES
0xe1c25d38 800 0xa6c 0x20019 Key MACHINE\SYSTEM\SETUP
0x814f7688 800 0xa70 0x1f0003 Event
0x816fc2a8 800 0xa74 0x100003 Event
0x815efb30 800 0xa78 0x1f0003 Event
0x81608298 800 0xa7c 0x1f03ff Thread TID 820 PID 800
0x816fcc78 800 0xa80 0x1f0003 Event
0x815ebd18 800 0xa84 0x1f0003 Event
0x814f71a8 800 0xa88 0x1f03ff Thread TID 1736 PID 800
0x815c9b58 800 0xa90 0x1f0003 Event
0x815dc660 800 0xa94 0x1f03ff Thread TID 1056 PID 800
0x815c9718 800 0xa98 0x1f0003 Event
0xe1006e20 844 0x4 0x20003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 844 0x8 0x3 Directory KnownDlls
0x816216f0 844 0xc 0x100020 File \Device\HarddiskVolume1\WINDOWS\system32
0x815c48d8 844 0x10 0x100003 Semaphore
0xe14038f8 844 0x14 0xf000f Directory Windows
0xe18a4340 844 0x18 0x21f0001 Port
0x81639208 844 0x1c 0x100003 Semaphore
0xe14477d0 844 0x20 0x2000f Directory BaseNamedObjects
0x817064e8 844 0x24 0x1f0001 Mutant SHIMLIB_LOG_MUTEX
0xe18a42a0 844 0x28 0x2020019 Key MACHINE
0x8170c6b0 844 0x2c 0xf006e WindowStation Service-0x0-3e4$
0x815df938 844 0x30 0x21f0003 Event
0x81625c20 844 0x34 0xf00cf Desktop Default
0x8170c6b0 844 0x38 0xf006e WindowStation Service-0x0-3e4$
0x81618fc8 844 0x3c 0x100003 Semaphore
0x81612728 844 0x40 0x1f0003 Event
0x81618f90 844 0x44 0x100003 Semaphore
0xe18a59a0 844 0x48 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81618f60 844 0x4c 0x1f0003 Event
0x816128a8 844 0x50 0x100001 File \Device\KsecDD
0x81618f30 844 0x54 0x1f0003 Event
0xe18a5d10 844 0x58 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x8162a930 844 0x5c 0x100002 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0x81618c88 844 0x60 0x1f0003 Event
0x816127b0 844 0x64 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x816188d8 844 0x68 0x1f0003 Event
0x816188a8 844 0x6c 0x1f0003 Event
0x81618d78 844 0x70 0x12019f File \Device\NamedPipe\net\NtControlPipe5
0x81633ff0 844 0x74 0x1f0003 Event
0x81699550 844 0x78 0x1f03ff Thread TID 848 PID 844
0x81633f88 844 0x7c 0x1f0003 Event
0xe18a46f8 844 0x80 0x1f0001 Port
0x815dfd98 844 0x84 0x1200a0 File \Device\Tcp
0x816199c8 844 0x88 0x1200a0 File \Device\Ip
0x816cec20 844 0x8c 0x1200a0 File \Device\Ip
0x81633c98 844 0x90 0x100003 Semaphore
0x8160ce38 844 0x94 0x100003 Semaphore
0xe18be5e0 844 0x98 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe18c2500 844 0x9c 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe18c3b78 844 0xa0 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe18c3b10 844 0xa4 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x81619990 844 0xa8 0x1f0003 Event
0xe1c2d900 844 0xac 0x1f0001 Port
0x8160cef8 844 0xb0 0x1f0003 Event
0xe18c3a40 844 0xb4 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x8160cdd0 844 0xb8 0x1f0003 Event
0xe18c39d8 844 0xbc 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x8160cd68 844 0xc0 0x1f0003 Event
0x8160ca88 844 0xc4 0x1f0003 Event
0x8160caf0 844 0xc8 0x1f03ff Thread TID 900 PID 844
0x8160c810 844 0xcc 0x1f03ff Thread TID 904 PID 844
0x81644918 844 0xd0 0x100001 File \Device\HarddiskVolume1\WINDOWS\system32\drivers\etc
0x815efae0 844 0xd4 0x1f0003 Event
0x816fc620 844 0xd8 0x1f03ff Thread TID 1716 PID 844
0xe18c20e0 844 0xdc 0x1f0001 Port DNSResolver
0x81609a28 844 0xe0 0x1f0003 Event
0x816689a8 844 0xe4 0x1f03ff Thread TID 920 PID 844
0x816fc278 844 0xe8 0x1f0003 Event
0x816fc620 844 0xec 0x1f03ff Thread TID 1716 PID 844
0x816afc40 844 0xf0 0x1200a0 File \Device\Tcp
0x816fa1d8 844 0xf4 0x1200a0 File \Device\Udp
0x816afe50 844 0xf8 0x1f01ff File \Device\Afd\Endpoint
0x816fcbf8 844 0xfc 0x1f0003 Event
0xe1c2e7b0 844 0x100 0x1f0001 Port
0x816fcb48 844 0x104 0x1f0003 Event
0x814f78d0 844 0x108 0x1f03ff Thread TID 1732 PID 844
0xe1c25e08 844 0x10c 0x10 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH
0x815ef190 844 0x110 0x1f0003 Event
0x814f78d0 844 0x114 0x1f03ff Thread TID 1732 PID 844
0x815ef160 844 0x118 0x1f0003 Event
0x816aa1d0 844 0x11c 0x1f01ff File \Device\Afd\Endpoint
0x814f78d0 844 0x120 0x1f03ff Thread TID 1732 PID 844
0xe1006e20 876 0x4 0x20003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 876 0x8 0x3 Directory KnownDlls
0x81619720 876 0xc 0x100020 File \Device\HarddiskVolume1\WINDOWS\system32
0x81644f58 876 0x10 0x100003 Semaphore
0xe14038f8 876 0x14 0xf000f Directory Windows
0xe18be240 876 0x18 0x21f0001 Port
0x81644f90 876 0x1c 0x100003 Semaphore
0xe14477d0 876 0x20 0x2000f Directory BaseNamedObjects
0x817064e8 876 0x24 0x1f0001 Mutant SHIMLIB_LOG_MUTEX
0x81553328 876 0x28 0x1f03ff Thread TID 1512 PID 876
0x81709e10 876 0x2c 0xf037f WindowStation Service-0x0-3e5$
0x81644ec8 876 0x30 0x21f0003 Event
0x81644e20 876 0x34 0xf01ff Desktop Default
0x81709e10 876 0x38 0xf037f WindowStation Service-0x0-3e5$
0x81644c58 876 0x3c 0x100003 Semaphore
0x816fbb10 876 0x40 0x1f0003 Event
0x81644c20 876 0x44 0x100003 Semaphore
0xe18a9c30 876 0x48 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81644bb0 876 0x4c 0x1f0003 Event
0x81676810 876 0x50 0x100001 File \Device\KsecDD
0x81644b80 876 0x54 0x1f0003 Event
0xe18bf438 876 0x58 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x8162a930 876 0x5c 0x100002 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0xe18bfda8 876 0x60 0x8 Token
0x81644af0 876 0x64 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815d2968 876 0x68 0x1f0003 Event
0x81644fe8 876 0x6c 0x100003 Semaphore
0x815d2930 876 0x70 0x100003 Semaphore
0x815d28f8 876 0x74 0x100003 Semaphore
0x815d28c0 876 0x78 0x100003 Semaphore
0x815d2888 876 0x7c 0x100003 Semaphore
0x815d2850 876 0x80 0x100003 Semaphore
0x815d2818 876 0x84 0x100003 Semaphore
0x815d27e0 876 0x88 0x100003 Semaphore
0x81609fe8 876 0x8c 0x100003 Semaphore
0x81609fb0 876 0x90 0x100003 Semaphore
0x81609f78 876 0x94 0x100003 Semaphore
0x81609f40 876 0x98 0x100003 Semaphore
0x81609ee0 876 0x9c 0x1f0003 Event
0x81609f10 876 0xa0 0x1f0003 Event
0x81609eb0 876 0xa4 0x1f0003 Event
0x81609e80 876 0xa8 0x1f0003 Event
0x817098c0 876 0xac 0x1f03ff Thread TID 880 PID 876
0xe18c3848 876 0xb0 0x1f0001 Port
0x81609e50 876 0xb4 0x1f0003 Event
0x815d2b58 876 0xb8 0x1f0003 IoCompletion
0x81633cf0 876 0xbc 0x12019f File \Device\NamedPipe\net\NtControlPipe6
0x815d2b10 876 0xc0 0x1f0003 IoCompletion
0x815d2b58 876 0xc4 0x1f0003 IoCompletion
0xe1a98bf8 876 0xc8 0x1f0001 Port
0x81639fc0 876 0xcc 0x1f0003 Event
0x816cea50 876 0xd0 0x1200a0 File \Device\Tcp
0x81668850 876 0xd4 0x1200a0 File \Device\Ip
0x816688e8 876 0xd8 0x1200a0 File \Device\Ip
0x8160cab8 876 0xdc 0x100003 Semaphore
0x81609aa8 876 0xe0 0x100003 Semaphore
0xe18c3668 876 0xe4 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe18c2320 876 0xe8 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe18c3970 876 0xec 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe19f0bf8 876 0xf0 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x81668818 876 0xf4 0x1f0003 Event
0x81615c18 876 0xf8 0x1f0003 Event
0x81615be8 876 0xfc 0x1f0003 Event
0x81615bb8 876 0x100 0x1f0003 Event
0x81615b88 876 0x104 0x1f0003 Event
0x81615b58 876 0x108 0x1f0003 Event
0x81615b28 876 0x10c 0x1f0003 Event
0x81668460 876 0x110 0x1f03ff Thread TID 936 PID 876
0x81668460 876 0x114 0x1f03ff Thread TID 936 PID 876
0x81615af8 876 0x118 0x1f0003 Event
0xe1900fb8 876 0x11c 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x81615a90 876 0x120 0x1f0003 Event
0xe1978690 876 0x124 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x815f0b38 876 0x128 0x1f03ff Thread TID 968 PID 876
0x8164cc40 876 0x12c 0x100003 File \Device\NetBt_Wins_Export
0x815f0a20 876 0x130 0x100003 File \Device\NetBt_Wins_Export
0x81553820 876 0x134 0x100000 File \Device\WebDavRedirector
0x815535a0 876 0x138 0x1f03ff Thread TID 1508 PID 876
0x816b77e8 876 0x13c 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815fbeb8 876 0x140 0x1f0003 Event
0x81624f28 876 0x144 0x1f0003 Event
0xe1d97e68 876 0x148 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_PROTOCOL_LOCKDOWN
0xe1bf6880 876 0x14c 0x2001f Key USER\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x816b59a8 876 0x150 0x12019f File \Device\WMIDataDevice
0x815faea8 876 0x154 0x1f0003 Event
0x81624e10 876 0x158 0xa84 WmiGuid
0x81624290 876 0x15c 0x12019f File \Device\WMIDataDevice
0x815fae78 876 0x160 0x1f0003 Event
0x81709b78 876 0x164 0x1f07fb Process svchost.exe(876)
0x81683020 876 0x168 0x1f0003 Event
0x81683080 876 0x16c 0x1f0003 Event
0x816073c8 876 0x170 0xa84 WmiGuid
0x81630080 876 0x174 0x100003 Event
0x815e7f90 876 0x178 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815e7e60 876 0x184 0x100000 File \Device\WebDavRedirector
0x815e7ef8 876 0x188 0x100000 File \Device\WebDavRedirector
0x815e74b0 876 0x18c 0x100002 Semaphore shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
0xe1c237a8 876 0x190 0x20019 Key USER\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x816072f0 876 0x194 0xa84 WmiGuid
0xe1bf5ca0 876 0x198 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0xe1a592f0 876 0x19c 0x20019 Key MACHINE\SOFTWARE\POLICIES
0xe1bc7368 876 0x1a0 0x20019 Key USER\S-1-5-19\SOFTWARE\POLICIES
0xe1bc7300 876 0x1a4 0x20019 Key USER\S-1-5-19\SOFTWARE
0xe1bc7298 876 0x1a8 0x20019 Key MACHINE\SOFTWARE
0xe1c1aae0 876 0x1ac 0x1f0001 Port
0x816f7638 876 0x1b0 0x12019f File \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
0x815d8108 876 0x1b4 0x1f0001 Mutant _!MSFTHISTORY!_
0x815fa030 876 0x1b8 0x1f0001 Mutant c:!documents and settings!localservice!local settings!temporary internet files!content.ie5!
0xe1bc7250 876 0x1bc 0xf0007 Section C:_Documents and Settings_LocalService_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768
0x816f75a0 876 0x1c0 0x12019f File \Device\HarddiskVolume1\Documents and Settings\LocalService\Cookies\index.dat
0x815cf030 876 0x1c4 0x1f0001 Mutant c:!documents and settings!localservice!cookies!
0xe1c1a950 876 0x1c8 0xf0007 Section C:_Documents and Settings_LocalService_Cookies_index.dat_16384
0x815538b8 876 0x1cc 0x12019f File \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
0x8169b260 876 0x1d0 0x1f0001 Mutant c:!documents and settings!localservice!local settings!history!history.ie5!
0xe1c1a8e8 876 0x1d4 0xf0007 Section C:_Documents and Settings_LocalService_Local Settings_History_History.IE5_index.dat_16384
0x816f7238 876 0x1d8 0x1f0001 Mutant
0x816d4ea0 876 0x1dc 0x1f0001 Mutant WininetStartupMutex
0x815f70a8 876 0x1e0 0x1f0003 Event
0x816b2aa0 876 0x1e4 0x1f0001 Mutant WininetProxyRegistryMutex
0x81627920 876 0x1e8 0x100003 Semaphore
0x81627c30 876 0x1ec 0x100003 Semaphore
0x81553298 876 0x1f0 0x100000 File \Device\WebDavRedirector
0x81579f90 876 0x1f4 0x12019f File \Device\NamedPipe\DAV RPC SERVICE
0x81579ef8 876 0x1f8 0x12019f File \Device\NamedPipe\DAV RPC SERVICE
0x816398e8 876 0x1fc 0x1f0003 Event
0x81579c78 876 0x200 0x1f03ff Thread TID 1516 PID 876
0xe1006e20 1172 0x4 0xf0003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 1172 0x8 0x3 Directory KnownDlls
0x81672c90 1172 0xc 0x100020 File \Device\HarddiskVolume1\WINDOWS\system32
0x81680408 1172 0x10 0x100003 Semaphore
0xe14038f8 1172 0x14 0xf000f Directory Windows
0xe1c65e18 1172 0x18 0x21f0001 Port
0x81669c00 1172 0x1c 0x100003 Semaphore
0xe14477d0 1172 0x20 0x2000f Directory BaseNamedObjects
0x817064e8 1172 0x24 0x1f0001 Mutant SHIMLIB_LOG_MUTEX
0xe17c1aa0 1172 0x28 0x20f003f Key MACHINE
0x815fdbf0 1172 0x2c 0xf037f WindowStation WinSta0
0x81573b98 1172 0x30 0x21f0003 Event
0x816db158 1172 0x34 0xf01ff Desktop Default
0x815fdbf0 1172 0x38 0xf037f WindowStation WinSta0
0x81573a30 1172 0x3c 0x100003 Semaphore
0x816eb5d0 1172 0x40 0x1f0003 Event
0x815739f8 1172 0x44 0x100003 Semaphore
0xe1679f90 1172 0x48 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81692380 1172 0x4c 0x1f0003 Event DINPUTWINMM
0x816fb150 1172 0x50 0x100001 File \Device\KsecDD
0x81573988 1172 0x54 0x1f0003 Event
0x81573958 1172 0x58 0x1f0003 Event
0xe1bcf5e8 1172 0x5c 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x8162a930 1172 0x60 0x1f0003 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0x817cb720 1172 0x64 0x1f0003 Event userenv: User Profile setup event
0x816a5e70 1172 0x68 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815ce158 1172 0x6c 0x12019f File \Device\NamedPipe\net\NtControlPipe7
0x81574c78 1172 0x70 0x1f0003 Event
0x81574b38 1172 0x74 0x1f0003 Event
0x81574b08 1172 0x78 0x1f0003 Event
0x81574ad8 1172 0x7c 0x1f0003 Event
0x8164a488 1172 0x80 0x1f03ff Thread TID 1176 PID 1172
0x81574a70 1172 0x84 0x1f0003 Event
0xe16764f8 1172 0x88 0x1f0001 Port
0x81574678 1172 0x8c 0x1f0003 Event
0xe1679df8 1172 0x90 0x20f003f Key MACHINE\SOFTWARE\CLASSES
0x81574648 1172 0x94 0x1f0003 Event
0x815746a8 1172 0x98 0x1f03ff Thread TID 1180 PID 1172
0x81574618 1172 0x9c 0x1f0003 Event RouterPreInitEvent
0x81621780 1172 0xa0 0x1f0003 IoCompletion
0x81692ef0 1172 0xa4 0x1f0003 IoCompletion
0x81621780 1172 0xa8 0x1f0003 IoCompletion
0x816f1158 1172 0xac 0x12019f File \Device\NamedPipe\spoolss
0x816f4160 1172 0xb0 0x12019f File \Device\NamedPipe\spoolss
0x81574568 1172 0xb4 0x1f0003 Event
0x815b8da8 1172 0xb8 0x1f03ff Thread TID 1184 PID 1172
0xe1679ac0 1172 0xbc 0x1f0001 Port spoolss
0x81574468 1172 0xc0 0x1f0003 Event
0x815b8b30 1172 0xc4 0x1f03ff Thread TID 1188 PID 1172
0x815b8810 1172 0xc8 0x21f0003 Event
0x815b8438 1172 0xcc 0x21f0003 Event
0xe1006e20 1268 0x4 0xf0003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 1268 0x8 0x3 Directory KnownDlls
0x815e78a8 1268 0xc 0x100020 File \Device\HarddiskVolume1\Documents and Settings\testuser
0x816178a0 1268 0x10 0x21f0003 Event
0xe14038f8 1268 0x14 0xf000f Directory Windows
0xe167e6f0 1268 0x18 0x21f0001 Port
0x815fdbf0 1268 0x1c 0xf037f WindowStation WinSta0
0xe14477d0 1268 0x20 0x2000f Directory BaseNamedObjects
0x817064e8 1268 0x24 0x1f0001 Mutant SHIMLIB_LOG_MUTEX
0x816db158 1268 0x28 0xf01ff Desktop Default
0x815fdbf0 1268 0x2c 0xf037f WindowStation WinSta0
0x816028b0 1268 0x30 0x100003 Semaphore
0x816024a8 1268 0x34 0x100003 Semaphore
0xe18c4118 1268 0x38 0x20f003f Key MACHINE
0x8167d2c8 1268 0x3c 0x100000 Event crypt32LogoffEvent
0x815e9f30 1268 0x40 0x1f0003 Event
0x81673ee0 1268 0x44 0x1f0003 Event
0x81602500 1268 0x48 0x100003 Semaphore
0x81673ea8 1268 0x4c 0x100003 Semaphore
0xe1cb5308 1268 0x50 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81602f90 1268 0x54 0x100001 File \Device\KsecDD
0x81673df8 1268 0x58 0x1f0003 Event
0x81673dc8 1268 0x5c 0x1f0003 Event
0xe1cb5230 1268 0x60 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x8162a930 1268 0x64 0x1f0003 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0x817cb720 1268 0x68 0x1f0003 Event userenv: User Profile setup event
0x8167ad68 1268 0x6c 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0xe167a160 1268 0x70 0x1f0001 Port
0xe18bb388 1268 0x74 0x4 Section
0xe166df40 1268 0x78 0x20f003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004
0x81623da8 1268 0x7c 0x1f03ff Thread TID 1360 PID 1268
0x81692e80 1268 0x80 0x1f0003 Event
0x816233e8 1268 0x84 0x120001 Mutant ShimCacheMutex
0xe17ef118 1268 0x88 0x2 Section ShimSharedMemory
0x81611640 1268 0x90 0x1f0003 Event ShellReadyEvent
0xe1a8af68 1268 0x94 0x1f0001 Port
0x81623da8 1268 0x98 0x1f03ff Thread TID 1360 PID 1268
0x8162b820 1268 0x9c 0x1f0003 Event
0x8162b960 1268 0xa0 0x1f0003 Event
0x81615948 1268 0xa4 0x1f0003 Event
0x815f87b8 1268 0xa8 0x1f0003 Event
0x81602928 1268 0xac 0x1f03ff Thread TID 1272 PID 1268
0x815dfe88 1268 0xb0 0x1f0003 IoCompletion
0x815dfa80 1268 0xb4 0x1f0003 IoCompletion
0x815dfe88 1268 0xb8 0x1f0003 IoCompletion
0xe1006e20 1284 0x4 0xf0003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 1284 0x8 0x3 Directory KnownDlls
0x8167aa30 1284 0xc 0x100020 File \Device\HarddiskVolume1\Documents and Settings\testuser
0x816e0210 1284 0x10 0x100003 Semaphore
0xe14038f8 1284 0x14 0xf000f Directory Windows
0xe167cc50 1284 0x18 0x21f0001 Port
0x817cafe8 1284 0x1c 0x100003 Semaphore
0x817064e8 1284 0x20 0x1f0001 Mutant SHIMLIB_LOG_MUTEX
0xe14477d0 1284 0x24 0x2000f Directory BaseNamedObjects
0xe1670990 1284 0x28 0x20f003f Key MACHINE
0x815fdbf0 1284 0x2c 0xf037f WindowStation WinSta0
0x815f57e8 1284 0x30 0x21f0003 Event
0x816db158 1284 0x34 0xf01ff Desktop Default
0x815fdbf0 1284 0x38 0xf037f WindowStation WinSta0
0x8167a918 1284 0x3c 0x100001 File \Device\KsecDD
0x8162a930 1284 0x40 0x1f0003 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0x815d4988 1284 0x44 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x81688328 1284 0x48 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x8167d2c8 1284 0x4c 0x100000 Event crypt32LogoffEvent
0xe167ca48 1284 0x50 0x20f003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe167c380 1284 0x54 0x20f003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004
0x815f6a38 1284 0x58 0x1f0003 Event
0x8160d8e8 1284 0x5c 0x1f0003 Event
0xe167c118 1284 0x60 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_PROTOCOL_LOCKDOWN
0xe168b4a0 1284 0x64 0x2001f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x81632cd8 1284 0x68 0x12019f File \Device\WMIDataDevice
0x8160d888 1284 0x6c 0x1f0003 Event
0x816804d0 1284 0x70 0xa84 WmiGuid
0x815f4588 1284 0x74 0x12019f File \Device\WMIDataDevice
0x816ab970 1284 0x78 0x1f0003 Event
0x816f2b70 1284 0x7c 0x1f0fff Process explorer.exe(1284)
0x815f4550 1284 0x80 0x1f0003 Event
0x815f4520 1284 0x84 0x1f0003 Event
0x816ab9a0 1284 0x88 0xa84 WmiGuid
0x8170c3b8 1284 0x8c 0x100003 Event
0x816005e0 1284 0x90 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x8162c500 1284 0x94 0x1f0001 Mutant
0x816005a8 1284 0x98 0x1f0003 Event
0x8162c468 1284 0x9c 0x1f0001 Mutant
0x8162c438 1284 0xa0 0x1f0003 Event
0x815d6ff0 1284 0xa4 0x1f0003 Event
0x815d6fc0 1284 0xa8 0x1f0003 Event
0x815d6f30 1284 0xac 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815d6e98 1284 0xb0 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x8170c428 1284 0xb4 0x100003 Semaphore
0x8167bb90 1284 0xb8 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x8167ba08 1284 0xbc 0x1f0003 Event
0x816beb40 1284 0xc0 0x100003 Semaphore
0xe168b360 1284 0xc4 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x816bead0 1284 0xc8 0x1f0003 Event
0x816beaa0 1284 0xcc 0x1f0003 Event
0xe168df40 1284 0xd0 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
0x817cb720 1284 0xd4 0x1f0003 Event userenv: User Profile setup event
0xe167c878 1284 0xd8 0x1f0001 Port
0x8167bac8 1284 0xdc 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0xe18bb388 1284 0xe0 0x4 Section
0xe168dde8 1284 0xe4 0xf003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER
0x815744a8 1284 0xe8 0x1f0001 Mutant ExplorerIsShellMutex
0x816233e8 1284 0xec 0x120001 Mutant ShimCacheMutex
0xe17ef118 1284 0xf0 0x2 Section ShimSharedMemory
0x815e74b0 1284 0xf4 0x1f0003 Semaphore shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
0xe168dd80 1284 0xf8 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER
0xe17badb0 1284 0xfc 0xf003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER
0xe1696c48 1284 0x100 0xf003f Key MACHINE\SOFTWARE\CLASSES
0xe1695a58 1284 0x104 0xf003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x81695638 1284 0x108 0x1f0003 Event
0xe1696670 1284 0x10c 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81709528 1284 0x110 0x1f0003 Event
0xe16a08f8 1284 0x114 0x10 Key USER
0x817094c0 1284 0x118 0x1f0003 Event
0xe16a0890 1284 0x11c 0xf003f Key MACHINE\SOFTWARE\CLASSES
0x81709458 1284 0x120 0x1f0003 Event
0xe16a0828 1284 0x124 0x10 Key USER
0x817093f0 1284 0x128 0x1f0003 Event
0xe16a07c0 1284 0x12c 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81709388 1284 0x130 0x1f0003 Event
0xe16a0758 1284 0x134 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81707a68 1284 0x138 0x1f0003 Event
0xe16a06f0 1284 0x13c 0xf003f Key MACHINE\SOFTWARE\CLASSES\CLSID
0x81707a00 1284 0x140 0x1f0003 Event
0xe16a0688 1284 0x144 0xf003f Key MACHINE\SOFTWARE\CLASSES
0x81707998 1284 0x148 0x1f0003 Event
0xe17bafb8 1284 0x14c 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x81707930 1284 0x150 0x1f0003 Event
0xe17baf50 1284 0x154 0x10 Key USER
0x817078c8 1284 0x158 0x1f0003 Event
0xe17baee8 1284 0x15c 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x816f2538 1284 0x160 0x1f0003 Event
0xe17bae80 1284 0x164 0xf003f Key MACHINE\SOFTWARE\MICROSOFT\COM3
0x816f24d0 1284 0x168 0x1f0003 Event
0xe17bae18 1284 0x16c 0xf003f Key MACHINE\SOFTWARE\CLASSES\CLSID
0x816f2468 1284 0x170 0x1f0003 Event
0x815cdf90 1284 0x174 0x1f0003 Semaphore shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66}
0xe183a8f8 1284 0x178 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x81695698 1284 0x17c 0x1f0001 Mutant
0x816be608 1284 0x180 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815cdec0 1284 0x184 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0xe183a890 1284 0x188 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x8162a930 1284 0x18c 0x1f0003 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0xe183a768 1284 0x190 0x2001f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\PLUS!\THEMES\APPLY
0x815e7110 1284 0x194 0x1f0003 Semaphore shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
0xe17ba8a8 1284 0x198 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe168d808 1284 0x19c 0x1f0001 Port
0xe17baaf0 1284 0x1a0 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x816f23a0 1284 0x1a4 0x1f0003 Event
0x815cde30 1284 0x1a8 0x1f0003 Event
0x815cddd0 1284 0x1ac 0x1f0003 Event
0x815cdb30 1284 0x1b0 0x1f0003 Event
0x816f28f8 1284 0x1b4 0x1f03ff Thread TID 1288 PID 1284
0xe183bf68 1284 0x1b8 0x1f0001 Port
0x815cdb00 1284 0x1bc 0x1f0003 Event
0x815cdc28 1284 0x1c0 0x1f0003 IoCompletion
0xe14bd908 1284 0x1c4 0x1f0001 Port OLE233A7A1F89E142CCBCAE13A687F3
0x815cda88 1284 0x1c8 0x1f0003 IoCompletion
0x815cdc28 1284 0x1cc 0x1f0003 IoCompletion
0x815cd7b0 1284 0x1d0 0x1f03ff Thread TID 1296 PID 1284
0x815cda58 1284 0x1d4 0x1f0003 Event
0x815cda28 1284 0x1d8 0x1f0003 Event
0xe1845f08 1284 0x1dc 0x2001b Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY\P3GLOBAL
0xe1846c08 1284 0x1e0 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x815cd3e8 1284 0x1e4 0x1f0003 Event
0x816f6da8 1284 0x1e8 0x1f03ff Thread TID 1304 PID 1284
0x815cd378 1284 0x1ec 0x21f0003 Event
0x815cd2b8 1284 0x1f0 0x1f0003 Event
0x81573e88 1284 0x1f4 0x1f0003 Timer
0x816f6d78 1284 0x1f8 0x21f0003 Event
0xe17ba670 1284 0x1fc 0x1b Key MACHINE\SOFTWARE\CLASSES\HTTP\SHELL
0x816f6ae0 1284 0x200 0x1f03ff Thread TID 1308 PID 1284
0x816f6a98 1284 0x204 0x1f0003 IoCompletion
0x816f6708 1284 0x208 0x1f0003 Timer
0x816f6470 1284 0x20c 0x1f03ff Thread TID 1316 PID 1284
0xe183c1b8 1284 0x210 0xf0007 Section SatoriCodeDictionarySharedMemory_S-1-5-21-1957994488-2052111302-1078081533-1004
0x815ce930 1284 0x214 0x1f0003 Event
0x8163f698 1284 0x218 0x1f0001 Mutant _Satori_81_MutexObject_S-1-5-21-1957994488-2052111302-1078081533-1004
0xe17ba6f8 1284 0x21c 0xf0007 Section Imejp.ConfigrationIO_3_Satori_81__S-1-5-21-1957994488-2052111302-1078081533-1004
0x815cee10 1284 0x220 0x1f0001 Mutant _Satori_81_Satori_KnlDict_DicWriteMutex_S-1-5-21-1957994488-2052111302-1078081533-1004
0x8163f698 1284 0x224 0x1f0001 Mutant _Satori_81_MutexObject_S-1-5-21-1957994488-2052111302-1078081533-1004
0xe183b5f8 1284 0x228 0xf0007 Section FileView__Satori_PropMgrGlobal_Satori_81___00005bcc_S-1-5-21-1957994488-2052111302-1078081533-1004
0xe17ba6f8 1284 0x22c 0xf0007 Section Imejp.ConfigrationIO_3_Satori_81__S-1-5-21-1957994488-2052111302-1078081533-1004
0xe183c030 1284 0x230 0xf0007 Section
0xe183c630 1284 0x234 0x20f003f Key USER
0xe183cce8 1284 0x238 0xf0007 Section SatoriKnlDict_MemoryDictionary_S-1-5-21-1957994488-2052111302-1078081533-1004
0x815cdd40 1284 0x23c 0x12019f File \Device\HarddiskVolume1\Documents and Settings\testuser\Application Data\Microsoft\IMJP8_1\imjp81u.dic
0x816f2310 1284 0x240 0x12019f File \Device\NamedPipe\lsarpc
0xe183b5f8 1284 0x244 0xf0007 Section FileView__Satori_PropMgrGlobal_Satori_81___00005bcc_S-1-5-21-1957994488-2052111302-1078081533-1004
0x8163f698 1284 0x248 0x1f0001 Mutant _Satori_81_MutexObject_S-1-5-21-1957994488-2052111302-1078081533-1004
0xe17ba6f8 1284 0x24c 0xf0007 Section Imejp.ConfigrationIO_3_Satori_81__S-1-5-21-1957994488-2052111302-1078081533-1004
0x815ce868 1284 0x250 0x1f0001 Mutant Mutex__Satori_GlobalFlag_Satori_81__S-1-5-21-1957994488-2052111302-1078081533-1004
0xe183b530 1284 0x254 0xf0007 Section FileView__Satori_GlobalFlag_Satori_81___00000008_S-1-5-21-1957994488-2052111302-1078081533-1004
0xe183c130 1284 0x258 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE
0xe183e768 1284 0x25c 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS
0xe183e700 1284 0x260 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS
0xe1845b58 1284 0x264 0x1f0001 Port
0xe1841458 1284 0x268 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x816842e0 1284 0x26c 0x1f0003 Event
0x815e0da8 1284 0x270 0x2 Thread TID 1328 PID 1284
0x815ceb70 1284 0x274 0x100001 File \Device\HarddiskVolume1\Documents and Settings\testuser\繝・せ繧ッ繝医ャ繝・0x815e4d78 1284 0x278 0x1f0003 Event
0x816f63f8 1284 0x27c 0x1f0003 Semaphore
0x815e4d48 1284 0x280 0x21f0003 Event
0x815e0da8 1284 0x284 0x1f03ff Thread TID 1328 PID 1284
0x815e4cd8 1284 0x288 0x1f0003 Event
0x815e4a58 1284 0x28c 0x100001 File \Device\HarddiskVolume1\Documents and Settings\All Users\繝・せ繧ッ繝医ャ繝・0x815e4500 1284 0x290 0x1f0003 Event
0xe18442f0 1284 0x294 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe1846e48 1284 0x298 0x1f0001 Port
0x815ce2c0 1284 0x29c 0x1f0003 Event
0x815e49c0 1284 0x2a0 0x100001 File \Device\HarddiskVolume1\Documents and Settings\testuser\Local Settings\Application Data\Microsoft\CD Burning
0xe1846fb8 1284 0x2a4 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x815e4910 1284 0x2a8 0x1f0001 Mutant CTF.LBES.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x815e4460 1284 0x2ac 0x1f0003 Event
0xe1846cd8 1284 0x2b0 0x1f0001 Port
0x815e4308 1284 0x2b4 0x1f0001 Mutant CTF.Compart.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0xe1847fd8 1284 0x2b8 0xf0007 Section CiceroSharedMemDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x815e4ec8 1284 0x2bc 0x1f0001 Mutant CTF.Asm.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x815e4e78 1284 0x2c0 0x1f0001 Mutant CTF.Layouts.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x815e4e28 1284 0x2c4 0x1f0001 Mutant CTF.TMD.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0xe1847b48 1284 0x2c8 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x815e07f0 1284 0x2cc 0x1f0001 Mutant
0x815e44b0 1284 0x2d0 0x1f0003 Event
0xe18494f8 1284 0x2d4 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe1849490 1284 0x2d8 0x2001d Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY\P3SITES
0x815e07c0 1284 0x2dc 0x1f0003 Event
0x815e0790 1284 0x2e0 0x1f0003 Event
0xe1842288 1284 0x2e4 0xf003f Key MACHINE\SOFTWARE\CLASSES\CLSID
0x815cd438 1284 0x2e8 0x21f0003 Event
0xe1bce740 1284 0x2ec 0xf003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS
0xe17e6fb8 1284 0x2f0 0xf003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\SHELL
0xe17e6dc8 1284 0x2f4 0xf003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM
0xe17e6d60 1284 0x2f8 0xf003f Key MACHINE\SOFTWARE\CLASSES\APPLICATIONS\EXPLORER.EXE
0xe17e6bd8 1284 0x2fc 0xf003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICACHE
0xe1d6f418 1284 0x300 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\1\DESKTOP
0xe1d73758 1284 0x304 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x81616388 1284 0x308 0x1f0003 Semaphore
0xe1d77370 1284 0x30c 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x8162a930 1284 0x310 0x1f0003 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0xe1d82bd8 1284 0x314 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe1d86430 1284 0x318 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x816b92d8 1284 0x31c 0x12019f File \Device\NamedPipe\samr
0x81617d80 1284 0x320 0x1f0003 Event
0x816179c0 1284 0x324 0x1f0003 Event
0x8163f020 1284 0x328 0x1f0001 Mutant
0x8163f118 1284 0x32c 0x1f0003 Event
0x8163f0e8 1284 0x330 0x1f0003 Event
0x8163f0a8 1284 0x334 0x1f0001 Mutant
0x8163f078 1284 0x338 0x1f0003 Event
0x815d5520 1284 0x33c 0x1f0001 Mutant
0x815d54b0 1284 0x340 0x1f0003 Event
0xe1d8e020 1284 0x344 0x1f0001 Port
0x81602418 1284 0x348 0x21f0003 Event
0x816c32a0 1284 0x34c 0x100003 Event
0x8177fa08 1284 0x350 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815e9b38 1284 0x354 0x1f03ff Thread TID 1336 PID 1284
0x8168cd40 1284 0x358 0x1f0003 Event
0xe1d89578 1284 0x35c 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\BLOCKED
0xe1d863c8 1284 0x360 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\BLOCKED
0xe1d920a8 1284 0x364 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\CACHED
0xe1d94f40 1284 0x368 0x2001f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\CACHED
0x81573540 1284 0x36c 0x1f03ff Thread TID 1348 PID 1284
0x816c9958 1284 0x370 0x1f0003 Event
0xe1bff4d0 1284 0x374 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe1d97ac0 1284 0x378 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe1aa6bc8 1284 0x37c 0xf0007 Section AtlDebugAllocator_FileMappingNameStatic3_504
0x8163d0b0 1284 0x380 0x100001 File \Device\HarddiskVolume1\Documents and Settings\All Users\繧ケ繧ソ繝シ繝・繝。繝九Η繝シ
0xe1d97b90 1284 0x384 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x8161bb48 1284 0x388 0x100001 File \Device\HarddiskVolume1\Documents and Settings\testuser\繧ケ繧ソ繝シ繝・繝。繝九Η繝シ
0xe1bf9e40 1284 0x38c 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x8162bd80 1284 0x390 0x1f0003 Semaphore
0x816fb028 1284 0x394 0x100003 File \Device\Ip
0x8162bd48 1284 0x398 0x1f0003 Semaphore
0xe1d771e0 1284 0x39c 0x10003 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USERASSIST\{75048700-EF1F-11D0-9888-006097DEACF9}\COUNT
0xe1aa6bc8 1284 0x3a0 0xf0007 Section AtlDebugAllocator_FileMappingNameStatic3_504
0xe1d97bf8 1284 0x3a4 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe1bff8e0 1284 0x3a8 0x10003 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USERASSIST\{5E6AB780-7743-11CF-A12B-00AA004AE837}\COUNT
0x8167a380 1284 0x3ac 0x1f0003 Event
0x81615828 1284 0x3b0 0x1f0003 Event
0x816c75c0 1284 0x3b4 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x816ff728 1284 0x3b8 0xa84 WmiGuid
0x816ee8d0 1284 0x3bc 0xa84 WmiGuid
0x81600670 1284 0x3c0 0xa84 WmiGuid
0x81604f48 1284 0x3c4 0xa84 WmiGuid
0x81606f48 1284 0x3c8 0xa84 WmiGuid
0x816cc068 1284 0x3cc 0xa84 WmiGuid
0x815f8500 1284 0x3d0 0x1200a0 File \Device\Tcp
0x8164cea8 1284 0x3d4 0xa84 WmiGuid
0x81675dd0 1284 0x3d8 0x1f0001 Mutant ZonesCounterMutex
0xe1d933f0 1284 0x3dc 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe1d913b0 1284 0x3e0 0x20019 Key MACHINE\SOFTWARE\POLICIES
0xe1d94d30 1284 0x3e4 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\POLICIES
0xe1d97f38 1284 0x3e8 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE
0xe1d97ed0 1284 0x3ec 0x20019 Key MACHINE\SOFTWARE
0x8164cdf0 1284 0x3f0 0x120116 File \Device\Tcp
0x816f2eb8 1284 0x3f4 0x1f0003 Event
0x816f2e58 1284 0x3f8 0x1f0003 Event
0x8162b7b0 1284 0x3fc 0x100001 Mutant !IETld!Mutex
0xe1d97e00 1284 0x400 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\IETLD
0xe1d97d98 1284 0x404 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0xe1d97d30 1284 0x408 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x815fabf8 1284 0x40c 0x1f0003 Event
0xe1d97ce8 1284 0x410 0xf0007 Section UrlZonesSM_testuser
0x815fabb8 1284 0x414 0x1f0001 Mutant ZoneAttributeCacheCounterMutex
0xe1d97c60 1284 0x418 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_LOCALMACHINE_LOCKDOWN
0x815faca8 1284 0x41c 0x1f0001 Mutant ZonesCacheCounterMutex
0x815fabb8 1284 0x420 0x1f0001 Mutant ZoneAttributeCacheCounterMutex
0x81688fe0 1284 0x424 0x1f0001 Mutant ZonesLockedCacheCounterMutex
0x816bdb30 1284 0x428 0x100001 File \Device\HarddiskVolume1\Documents and Settings\testuser\NetHood
0x81679a68 1284 0x42c 0x1200a0 File \Device\Ip
0x81675d80 1284 0x430 0x1f0001 Mutant _SHuassist.mtx
0x8161be30 1284 0x434 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x81627748 1284 0x438 0x100003 Semaphore
0x81688028 1284 0x43c 0x1200a0 File \Device\Ip
0x816880e0 1284 0x440 0x1f0001 Mutant CTF.TimListCache.FMPDefaultS-1-5-21-1957994488-2052111302-1078081533-1004MUTEX.DefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0xe1bf9fa0 1284 0x444 0xf001f Section CTF.TimListCache.FMPDefaultS-1-5-21-1957994488-2052111302-1078081533-1004SFM.DefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0xe1d97548 1284 0x448 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x816f2800 1284 0x44c 0x1f0003 Event
0x815fb4a8 1284 0x450 0x1f03ff Thread TID 1444 PID 1284
0x8163b6c8 1284 0x454 0x1f0003 Event
0xe14f84c8 1284 0x458 0x1f0001 Port
0x8162bbc0 1284 0x45c 0x100003 Semaphore
0xe1d97988 1284 0x460 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe1aa6228 1284 0x464 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe1aa61c0 1284 0x468 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe1aa6158 1284 0x46c 0x20019 Key MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0xe1d9f730 1284 0x470 0x1f0001 Port
0x815f9e08 1284 0x474 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x816f6800 1284 0x478 0x1f03ff Thread TID 1312 PID 1284
0xe1c116a0 1284 0x47c 0x1f0001 Port
0xe1c0d580 1284 0x480 0xc Token
0x815fb3a8 1284 0x484 0x1f0003 Event
0xe1bff6d8 1284 0x488 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x81611640 1284 0x48c 0x1f0003 Event ShellReadyEvent
0x816968c8 1284 0x490 0x1f0003 Event
0x81623848 1284 0x494 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0xe1bc39e0 1284 0x498 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe1aa6b40 1284 0x49c 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x816f4bb0 1284 0x4a0 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x8169b568 1284 0x4a4 0x1f0001 Mutant
0xe1bf32e8 1284 0x4a8 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x816fb110 1284 0x4ac 0x1f0003 Semaphore PowerProfileRegistrySemaphore
0x815ff348 1284 0x4b0 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815f9f90 1284 0x4b4 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x8161c998 1284 0x4b8 0x21f0003 Event
0x81624a20 1284 0x4bc 0x1f03ff Thread TID 1464 PID 1284
0x815fb268 1284 0x4c0 0x1f0003 Event
0x8162d808 1284 0x4c4 0x1f0001 Mutant
0x815f7398 1284 0x4c8 0x1f0003 Event
0x817cb990 1284 0x4cc 0x1f0001 Mutant
0x815f7368 1284 0x4d0 0x1f0003 Event
0xe1a977f8 1284 0x4d4 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe1d93458 1284 0x4d8 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0xe1d95428 1284 0x4dc 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x815fb9b0 1284 0x4e0 0x1f0003 Event
0x816309c0 1284 0x4e4 0x1f0003 Event HPlugEjectEvent
0xe1679878 1284 0x4e8 0x4 Section mmGlobalPnpInfo
0x816c1a00 1284 0x4ec 0x1f0003 Event
0xe1c106d8 1284 0x4f0 0x1f0001 Port
0x816883f8 1284 0x4f4 0x100004 WmiGuid
0x815ff080 1284 0x4f8 0x1f0003 Event
0xe1cda590 1284 0x4fc 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004_CLASSES
0x81622268 1284 0x500 0x100001 File \Device\HarddiskVolume1\Documents and Settings\testuser\PrintHood
0x81622660 1284 0x504 0x1f0003 Event
0xe1006e20 1412 0x4 0xf0003 KeyedEvent CritSecOutOfMemoryEvent
0xe14f3230 1412 0x8 0x3 Directory KnownDlls
0x816b71b8 1412 0xc 0x100020 File \Device\HarddiskVolume1\Documents and Settings\testuser
0x816276d8 1412 0x10 0x100003 Semaphore
0xe14038f8 1412 0x14 0xf000f Directory Windows
0xe1aa6f68 1412 0x18 0x21f0001 Port
0x816276a0 1412 0x1c 0x100003 Semaphore
0xe14477d0 1412 0x20 0x2000f Directory BaseNamedObjects
0x817064e8 1412 0x24 0x1f0001 Mutant SHIMLIB_LOG_MUTEX
0xe1d97a58 1412 0x28 0x20f003f Key MACHINE
0x815fdbf0 1412 0x2c 0xf037f WindowStation WinSta0
0x81573490 1412 0x30 0x21f0003 Event
0x816db158 1412 0x34 0xf01ff Desktop Default
0x815fdbf0 1412 0x38 0xf037f WindowStation WinSta0
0xe1847fd8 1412 0x3c 0xf0007 Section CiceroSharedMemDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x815e4910 1412 0x40 0x1f0001 Mutant CTF.LBES.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x815e4308 1412 0x44 0x1f0001 Mutant CTF.Compart.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x815e4ec8 1412 0x48 0x1f0001 Mutant CTF.Asm.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x815e4e78 1412 0x4c 0x1f0001 Mutant CTF.Layouts.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x815e4e28 1412 0x50 0x1f0001 Mutant CTF.TMD.MutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0xe19e47b0 1412 0x54 0x20f003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004
0x81697bd8 1412 0x58 0x1f0003 Event
0x8162bdb8 1412 0x5c 0x100003 Semaphore
0x81627710 1412 0x60 0x100003 Semaphore
0xe19e2c50 1412 0x64 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81679d60 1412 0x68 0x100001 File \Device\KsecDD
0x81697ba8 1412 0x6c 0x1f0003 Event
0x81617de0 1412 0x70 0x1f0003 Event
0xe1bf9ee0 1412 0x74 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x8162a930 1412 0x78 0x1f0003 Semaphore shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
0x817cb720 1412 0x7c 0x1f0003 Event userenv: User Profile setup event
0x81679b58 1412 0x80 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0x815d3b60 1412 0x84 0x100020 File \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
0xe1d8fb20 1412 0x88 0x1f0001 Port
0x815f8778 1412 0x8c 0x1f0001 Mutant CtfmonInstMutexDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0xe18bb388 1412 0x90 0x4 Section
0x816880e0 1412 0x94 0x1f0001 Mutant CTF.TimListCache.FMPDefaultS-1-5-21-1957994488-2052111302-1078081533-1004MUTEX.DefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0xe1bf9fa0 1412 0x98 0xf0007 Section CTF.TimListCache.FMPDefaultS-1-5-21-1957994488-2052111302-1078081533-1004SFM.DefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x815ce110 1412 0x9c 0x1f0001 Mutant MSCTF.GCompartListMUTEX.DefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0xe1bff628 1412 0xa0 0xf0007 Section MSCTF.GCompartListSFM.DefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x81573cd8 1412 0xa4 0x1f0003 Event
0xe1bf3350 1412 0xa8 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\KEYBOARD LAYOUT\TOGGLE
0x81573ca8 1412 0xac 0x1f0003 Event
0x815e3688 1412 0xb0 0x1f0003 Event
0xe1aa6c10 1412 0xb4 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\KEYBOARD LAYOUT\PRELOAD
0xe1bfbb78 1412 0xb8 0xf003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM
0xe1aa6c78 1412 0xbc 0xf003f Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICACHE
0xe1bcc680 1412 0xc0 0x20f003f Key USER
0xe1bf33b8 1412 0xc4 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\CTF\TIP
0xe1bcfe50 1412 0xc8 0xf0007 Section CTF.AsmListCache.FMPDefaultS-1-5-21-1957994488-2052111302-1078081533-1004
0x815e3b18 1412 0xcc 0x1f0003 Event
0xe1bcfdc8 1412 0xd0 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
0x815e3ae8 1412 0xd4 0x1f0003 Event
0xe1bfafb8 1412 0xd8 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\CTF\TIP
0x815e3ab8 1412 0xdc 0x1f0003 Event
0xe1bf3248 1412 0xe0 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\SPEECH
0x815e3a88 1412 0xe4 0x1f0003 Event
0xe1aa4d68 1412 0xe8 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\CONTROL PANEL\APPEARANCE
0x815e3a58 1412 0xec 0x1f0003 Event
0xe1d975b0 1412 0xf0 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\CONTROL PANEL\COLORS
0x815e3a28 1412 0xf4 0x1f0003 Event
0xe1aa60f0 1412 0xf8 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\CONTROL PANEL\DESKTOP\WINDOWMETRICS
0x815e3ce8 1412 0xfc 0x1f0003 Event
0xe1683020 1412 0x100 0x20019 Key MACHINE\SOFTWARE\MICROSOFT\SPEECH
0x815e3cb8 1412 0x104 0x1f0003 Event
0xe1bf9690 1412 0x108 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\KEYBOARD LAYOUT
0x815e3c88 1412 0x10c 0x1f0003 Event
0xe1cda6c8 1412 0x110 0x20019 Key USER\S-1-5-21-1957994488-2052111302-1078081533-1004\SOFTWARE\MICROSOFT\CTF\ASSEMBLIES
0x816233e8 1412 0x114 0x120001 Mutant ShimCacheMutex
0x8168f820 1412 0x118 0x100000 Event WinSta0_DesktopSwitch
0xe17ef118 1412 0x11c 0x2 Section ShimSharedMemory
以上。