Offset(V)    Pid    Type             Details
0x825c87e0   4      Process          System(4)
0x825c8110   4      Thread           TID 12 PID 4
0xe1472588   4      Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER\MEMORY MANAGEMENT\PREFETCHPARAMETERS
0xe1011478   4      Key              
0xe147f1e0   4      Key              MACHINE\SYSTEM\SETUP
0xe147a4f8   4      Key              MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MULTIFUNCTIONADAPTER
0xe1473130   4      Key              MACHINE\SYSTEM\WPA\KEY-CJ27J3P2XV9J9JCPB4DVT
0xe1480418   4      Key              MACHINE\SYSTEM\WPA\KEY-4F3B2RFXKC9C637882MBM
0xe1479c28   4      Key              MACHINE\SYSTEM\WPA\MEDIACENTER
0xe147f700   4      Key              MACHINE\SYSTEM\WPA\PNP
0xe14761d8   4      Key              MACHINE\SYSTEM\WPA\SIGNINGHASH-6KCM6KFTX6MD62
0xe147f270   4      Key              MACHINE\SYSTEM\WPA\SIGNINGHASH-V44KQMCFXKQCTQ
0xe1011810   4      Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRODUCTOPTIONS
0xe100e850   4      Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG
0x825bf770   4      Event            'TRKWKS_EVENT'
0x820b7b60   4      File             '\\pagefile.sys'
0x82421008   4      Thread           TID 112 PID 4
0x825a9c50   4      Thread           TID 96 PID 4
0xe10132d0   4      Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\ACPI\PARAMETERS
0xe1865918   4      Key              MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MULTIFUNCTIONADAPTER
0x8246ab80   4      Thread           TID 104 PID 4
0xe15832e8   4      Directory        'WinDfs'
0x825af178   4      Event            'VxKernel2VoldEvent'
0x8246a488   4      Thread           TID 108 PID 4
0xe157d2b8   4      Directory        'Harddisk0'
0xe185d150   4      Key              MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MULTIFUNCTIONADAPTER
0x81f14dd0   4      File             '\\System Volume Information\\_restore{A92D763C-0491-43ED-88B2-F98A86506FA4}\\RP26\\change.log'
0x825086f0   4      Thread           TID 124 PID 4
0x81f784e8   4      Event            'LanmanServerAnnounceEvent'
0x81f86a40   4      File             
0x820b6a48   4      File             
0x81f86740   4      File             
0x820b6878   4      File             
0x82496010   4      File             
0x82434198   4      File             
0x824a9168   4      File             
0x82496960   4      File             
0x823ab140   4      File             
0x823fd0e8   4      Thread           TID 348 PID 4
0x820768c0   4      Thread           TID 292 PID 4
0xe18d9ec0   4      Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\VIDEO\{7863BE92-912C-4BBE-93F0-7DF9BFC3E78C}\0001\VOLATILESETTINGS
0x820ea168   4      File             
0x824e65d8   4      File             '\\WINDOWS\\system32\\config\\SECURITY'
0x8240e6e0   4      Desktop          'Disconnect'
0xe19574b8   4      Port             ''
0x82465930   4      File             '\\WINDOWS\\system32\\config\\SECURITY.LOG'
0x81f842d0   4      File             '\\Documents and Settings\\NetworkService\\Local Settings\\Application Data\\Microsoft\\Windows\\UsrClass.dat'
0x8249be10   4      File             '\\WINDOWS\\system32\\config\\software'
0x81f5b8c0   4      File             
0x824fe140   4      File             '\\WINDOWS\\system32\\config\\software.LOG'
0x820b7ee8   4      File             '\\WINDOWS\\system32\\config\\system.LOG'
0x824e55e8   4      File             '\\WINDOWS\\system32\\config\\system'
0xe1707fa0   4      Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\BTHPORT\PARAMETERS\KEYS\005056E577C8
0x824d9d58   4      Event            'StuckThreadEvent'
0x820b72f8   4      File             '\\WINDOWS\\system32\\config\\default'
0x824e6b18   4      File             '\\WINDOWS\\system32\\config\\default.LOG'
0xe18dac20   4      Directory        'WindowStations'
0x82464e28   4      File             '\\WINDOWS\\system32\\config\\SAM'
0x82464b60   4      File             '\\WINDOWS\\system32\\config\\SAM.LOG'
0xe1965828   4      Key              MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\RNG
0x824c91e0   4      File             '\\Documents and Settings\\NetworkService\\ntuser.dat.LOG'
0x824eeca8   4      File             '\\Documents and Settings\\NetworkService\\NTUSER.DAT'
0xe195b5b8   4      Port             ''
0x8206fa58   4      Process          lsass.exe(740)
0x8242bf78   4      File             
0x820db6e8   4      File             '\\Documents and Settings\\NetworkService\\Local Settings\\Application Data\\Microsoft\\Windows\\UsrClass.dat.LOG'
0x821195a0   4      File             
0x82393990   4      File             
0x824c8300   4      File             
0x824c63f8   4      File             
0x81f54728   4      File             
0x824c6870   4      File             
0x81f59358   4      File             
0x82048c78   4      File             
0x82048b90   4      File             
0x82048aa8   4      File             
0x82049530   4      File             
0x82049418   4      File             
0x82049988   4      File             
0x820498a0   4      File             
0x82049e00   4      File             
0x82049c78   4      File             
0x823ad678   4      File             
0x823bef78   4      File             
0x823bedf0   4      File             
0x823bec68   4      File             
0x82384e58   4      File             
0x82384ca0   4      File             
0x82374010   4      File             
0x823743f8   4      File             
0x82374240   4      File             
0x824afdf0   4      File             
0x824afc68   4      File             
0x824afae0   4      File             
0x8240eec0   4      File             
0x8240ed38   4      File             
0x8240ebb0   4      File             
0x8240e9f8   4      File             
0x824acd40   4      File             
0x824acb88   4      File             
0x824ac9d0   4      File             
0x82384850   4      File             
0x823846c8   4      File             
0x82384510   4      File             
0x824abed8   4      File             
0x824abd50   4      File             
0x824abb98   4      File             
0x824b1b50   4      File             
0x824b1998   4      File             
0x824b17e0   4      File             
0x82045f78   4      File             
0x82045e40   4      File             
0x82045c88   4      File             
0x82045ad0   4      File             
0x82039e88   4      File             
0x82039d00   4      File             
0x824b0010   4      File             
0x82131f78   4      File             '\\Documents and Settings\\phocean\\NTUSER.DAT.LOG'
0x820f27f8   4      File             '\\Documents and Settings\\LocalService\\NTUSER.DAT'
0x820457a0   4      File             '\\Documents and Settings\\LocalService\\ntuser.dat.LOG'
0x8209c4d8   4      File             '\\Documents and Settings\\phocean\\Local Settings\\Application Data\\Microsoft\\Windows\\UsrClass.dat'
0x824e36f8   4      File             '\\Documents and Settings\\LocalService\\Local Settings\\Application Data\\Microsoft\\Windows\\UsrClass.dat'
0x8245b930   4      File             '\\Documents and Settings\\LocalService\\Local Settings\\Application Data\\Microsoft\\Windows\\UsrClass.dat.LOG'
0x81f272e8   4      File             
0x81f3dcf8   4      File             
0x820a9678   4      File             '\\Documents and Settings\\phocean\\NTUSER.DAT'
0x824eb2d8   4      File             '\\Documents and Settings\\phocean\\Local Settings\\Application Data\\Microsoft\\Windows\\UsrClass.dat.LOG'
0x81f5e738   4      File             
0x823a43f8   4      Thread           TID 304 PID 4
0x82371e88   4      File             
0x82032b80   4      File             
0x824615c0   4      File             '\\Topology'
0x8206e738   4      File             
0xe20af928   4      Token            ''
0x82476588   4      File             '\\'
0xe21178c8   4      Section          ''
0xe20afe48   4      Port             ''
0x8202e378   4      File             
0x8206d328   4      File             
0x824cfb78   4      File             
0x824a8700   4      File             
0xe1f31c18   4      Key              MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\RNG
0x820dc7a8   4      File             
0x82377be0   4      File             
0x823777a8   4      File             '\\255'
0xe20c8638   4      Port             ''
0x824028b8   4      File             
0xe222eda8   4      Directory        'Http'
0x8205fbf8   4      Thread           TID 1836 PID 4
0x8205f3a8   4      Thread           TID 1484 PID 4
0x8206aa60   4      Thread           TID 1872 PID 4
0x820ce400   4      Thread           TID 1880 PID 4
0x825c2288   4      Event            'LowMemoryCondition'
0x824f8d88   4      Thread           TID 1888 PID 4
0x824e1418   4      File             
0x823fe338   4      File             
0xe2250f18   4      Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\HTTP\PARAMETERS\URLACLINFO
0x81f1b330   4      File             
0x81f27078   4      File             
0x8237d378   4      File             
0x8246e610   4      File             
0x81f93d58   4      File             
0x824d5010   4      File             
0x820cc420   4      File             
0x820e2b40   4      File             
0x8204cc68   4      Event            'PrefetchTracesReady'
0xe18e36a0   4      Port             'SeRmCommandPort'
0x8206fa58   4      Process          lsass.exe(740)
0xe18c7538   4      Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\VIDEO\{7863BE92-912C-4BBE-93F0-7DF9BFC3E78C}\0000\VOLATILESETTINGS
0x81f14608   4      Thread           TID 288 PID 4
0xe1009698   552    KeyedEvent       'CritSecOutOfMemoryEvent'
0x823be0e0   552    File             '\\WINDOWS'
0xe18e0868   552    Port             'SmApiPort'
0xe1943318   552    Port             ''
0xe1004518   552    Directory        'GLOBAL??'
0xe18d55c8   552    Directory        'Sessions'
0x82496200   552    File             '\\WINDOWS\\system32'
0xe1879c00   552    SymbolicLink     'KnownDllPath'
0xe18fe1a0   552    Directory        'KnownDlls'
0x820ad8d0   552    Event            ''
0x820b6520   552    Event            'UniqueSessionIdEvent'
0x8240d008   552    Process          csrss.exe(604)
0x8240d008   552    Process          csrss.exe(604)
0xe1940870   552    Port             ''
0xe16be860   552    Port             ''
0xe18fa0d0   552    Port             ''
0xe224fd58   552    Port             ''
0x823adbd8   552    Process          winlogon.exe(684)
0x82114008   552    Process          svchost.exe(916)
0xe1009698   604    KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   604    Directory        'KnownDlls'
0x8211abb8   604    File             '\\WINDOWS\\system32'
0xe173c678   604    Directory        'BNOLINKS'
0x823adbd8   604    Process          winlogon.exe(684)
0xe1606868   604    SymbolicLink     '0'
0xe1745cf8   604    Directory        '0'
0xe1742288   604    Directory        'DosDevices'
0xe1900510   604    Directory        'Windows'
0xe18e22a0   604    Section          ''
0xe1658150   604    Directory        'BaseNamedObjects'
0x820ae0f8   604    Semaphore        ''
0xe18d1818   604    Directory        'Restricted'
0xe18dbbc8   604    Section          'NlsSectionUnicode'
0x821186d0   604    Event            ''
0xe18cd698   604    Section          'NlsSectionLocale'
0xe18d42c8   604    Section          'NlsSectionCType'
0xe18d4148   604    Section          'NlsSectionSortkey'
0xe17501d0   604    Section          'NlsSectionSortTbls'
0x820b72c0   604    Event            ''
0x820b7ac0   604    Event            ''
0x82516d70   604    Event            ''
0x824a1bc0   604    Event            ''
0xe18ffee0   604    Port             ''
0x82489ad8   604    Thread           TID 668 PID 604
0xe1658150   604    Directory        'BaseNamedObjects'
0x82108728   604    Thread           TID 1808 PID 916
0x82403150   604    Thread           TID 672 PID 604
0xe16aaf50   604    Port             'ApiPort'
0xe16b0ba0   604    Port             'SbApiPort'
0x82402d88   604    Thread           TID 676 PID 604
0x82121648   604    Event            ''
0x824562e0   604    Thread           TID 680 PID 604
0xe18ee5c8   604    Port             ''
0x82116d00   604    Thread           TID 688 PID 684
0xe1945b48   604    Port             ''
0x8250e008   604    Thread           TID 692 PID 604
0x8244f008   604    Thread           TID 696 PID 604
0x820fa798   604    Event            ''
0x8204dd88   604    Thread           TID 700 PID 604
0x8205de50   604    Event            ''
0x82402d58   604    Event            'WinSta0_DesktopSwitch'
0x82488bb8   604    File             
0x81f945f0   604    File             
0x81f94408   604    File             
0x824c7470   604    File             
0x824ca210   604    File             
0x824d70b8   604    File             
0xe167b560   604    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRIORITYCONTROL
0x820fe360   604    WindowStation    'WinSta0'
0x82048238   604    Thread           TID 792 PID 740
0x82488a00   604    Semaphore        ''
0x821180d0   604    Semaphore        ''
0xe1685b80   604    Key              MACHINE
0xe19001d0   604    Key              MACHINE\SYSTEM\SETUP
0x824ed9e0   604    Event            ''
0x81f3c008   604    Thread           TID 708 PID 684
0x8204a008   604    Thread           TID 712 PID 684
0x8235c008   604    Thread           TID 716 PID 684
0x81f788d0   604    Thread           TID 720 PID 684
0x82486708   604    Thread           TID 724 PID 684
0x82037c90   604    Process          services.exe(728)
0x820d2888   604    Thread           TID 1868 PID 1208
0x8207f8f0   604    Thread           TID 736 PID 684
0xe2116528   604    Port             ''
0x8240f8f0   604    File             
0x8206fa58   604    Process          lsass.exe(740)
0x824ac5b8   604    Thread           TID 888 PID 728
0xe1707e38   604    Port             ''
0xe19d82b8   604    Port             ''
0x824ad220   604    Thread           TID 748 PID 604
0x81f50330   604    Event            ''
0x82374af8   604    Thread           TID 756 PID 740
0x81f2bd88   604    Thread           TID 752 PID 728
0x823746d0   604    Thread           TID 760 PID 740
0x81f2a868   604    Thread           TID 764 PID 740
0x81f2a440   604    Thread           TID 768 PID 740
0x81f26538   604    Thread           TID 772 PID 740
0x81f78008   604    Thread           TID 972 PID 684
0x82102d60   604    Thread           TID 1540 PID 1124
0x82506b78   604    Thread           TID 788 PID 740
0x81f92d48   604    Thread           TID 804 PID 728
0x82488d88   604    Thread           TID 808 PID 728
0x8248fd88   604    Thread           TID 820 PID 740
0x8248bd88   604    Thread           TID 824 PID 740
0x820a8c18   604    Thread           TID 828 PID 740
0x82518cf8   604    Thread           TID 832 PID 740
0x8251d008   604    Thread           TID 836 PID 740
0x820a9d88   604    Thread           TID 840 PID 740
0x824b3728   604    Thread           TID 844 PID 740
0x820c6d88   604    Thread           TID 848 PID 740
0x8240c008   604    Thread           TID 852 PID 740
0x824cfd88   604    Thread           TID 156 PID 916
0x81f39d88   604    Thread           TID 860 PID 740
0x82046848   604    Thread           TID 880 PID 728
0x82046c70   604    Thread           TID 884 PID 728
0x820e96b0   604    Thread           TID 876 PID 728
0x81f3a5b8   604    Thread           TID 892 PID 728
0x81f3a9e0   604    Thread           TID 896 PID 740
0x82470448   604    Thread           TID 1176 PID 1124
0x820eaad8   604    Process          vmacthlp.exe(904)
0x820ea288   604    Thread           TID 908 PID 904
0xe196d1d0   604    Port             ''
0xe19fed00   604    Port             ''
0x81f3ad88   604    Thread           TID 920 PID 916
0x82114008   604    Process          svchost.exe(916)
0x823a5378   604    Thread           TID 248 PID 1124
0x824ae7f8   604    Thread           TID 932 PID 728
0x82389250   604    Thread           TID 952 PID 684
0x824aec20   604    Thread           TID 936 PID 916
0x824af568   604    Thread           TID 940 PID 916
0x81f399e0   604    Thread           TID 944 PID 916
0x82049008   604    Thread           TID 948 PID 916
0x8240a678   604    Thread           TID 956 PID 684
0x82070590   604    Thread           TID 960 PID 684
0x81f483a0   604    Thread           TID 968 PID 728
0x822c2d88   604    Thread           TID 1496 PID 1736
0x820ec638   604    Process          svchost.exe(980)
0x820ed218   604    Thread           TID 984 PID 980
0xe1ca2470   604    Port             ''
0x82386a68   604    Thread           TID 992 PID 980
0x82386640   604    Thread           TID 988 PID 980
0x820ebc00   604    Thread           TID 996 PID 980
0x820eca68   604    Thread           TID 1000 PID 980
0x82386218   604    Thread           TID 1004 PID 980
0x823bc008   604    Thread           TID 1008 PID 980
0x8245a008   604    Thread           TID 1012 PID 980
0x824b0a78   604    Thread           TID 1120 PID 916
0x8204b650   604    Process          svchost.exe(1124)
0x8204ba78   604    Thread           TID 1128 PID 1124
0xe1c8ddc0   604    Port             ''
0x81f77d88   604    Thread           TID 1136 PID 1124
0x8248b6e8   604    Thread           TID 1132 PID 1124
0x81f77b08   604    Thread           TID 1140 PID 1124
0x82046360   604    Thread           TID 1144 PID 728
0xe1cb8418   604    Port             ''
0x820ccd88   604    Process          VMwareTray.exe(1964)
0x8207a950   604    Thread           TID 1160 PID 1124
0x823bd298   604    Process          svchost.exe(1168)
0x824b68d0   604    Thread           TID 1172 PID 1168
0x82388d88   604    Thread           TID 1188 PID 728
0x81f3cd88   604    Thread           TID 1184 PID 728
0x823873a8   604    Thread           TID 1204 PID 1124
0x820ee7d0   604    Process          svchost.exe(1208)
0x82388968   604    Thread           TID 1212 PID 1208
0xe1cbadc0   604    Port             ''
0x820ef638   604    Thread           TID 1224 PID 1124
0x824b1c00   604    Thread           TID 1228 PID 1124
0x820eb7d8   604    Thread           TID 1252 PID 1168
0x81f79448   604    Thread           TID 1248 PID 1168
0x82117660   604    Thread           TID 1260 PID 1168
0xe20dc008   604    Port             ''
0x81f551e0   604    Thread           TID 1164 PID 1124
0x81f2d2f0   604    Process          rundll32.exe(1956)
0x823abd88   604    Thread           TID 1968 PID 1964
0x8235c790   604    Thread           TID 1288 PID 1208
0x8204ad88   604    Thread           TID 1304 PID 684
0x824a3188   604    Thread           TID 216 PID 684
0x81f2d7c8   604    Thread           TID 1332 PID 740
0x8204a968   604    Thread           TID 1312 PID 684
0x81f3f540   604    Thread           TID 1316 PID 684
0x823807c8   604    Thread           TID 1360 PID 1124
0x8206bd88   604    Thread           TID 1976 PID 1972
0x82077480   604    Thread           TID 1372 PID 1208
0x81f62d88   604    Process          vmtoolsd.exe(1972)
0x820633b8   604    Thread           TID 1308 PID 1452
0x820a92d8   604    Thread           TID 1400 PID 740
0x824d1190   604    Thread           TID 184 PID 728
0x82458698   604    Thread           TID 1408 PID 740
0x81f35d88   604    Thread           TID 1388 PID 1208
0xe1cca7b8   604    Port             ''
0x81f5eb08   604    Thread           TID 172 PID 1956
0xe1d48ea0   604    Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\CONTROL PANEL\INTERNATIONAL
0xe1e90360   604    Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\CONTROL PANEL\INTERNATIONAL
0x82450608   604    Thread           TID 1352 PID 1124
0x82395d88   604    Thread           TID 868 PID 1124
0x82111968   604    Thread           TID 1924 PID 1636
0x82067a30   604    Thread           TID 272 PID 268
0x824a1940   604    Thread           TID 1488 PID 1124
0x8242c960   604    Thread           TID 1492 PID 1124
0x82404548   604    Thread           TID 1468 PID 684
0x8205b470   604    Thread           TID 1044 PID 1736
0x824ddd18   604    File             '\\WINDOWS\\system32\\ega.cpi'
0x822c4d88   604    Thread           TID 1460 PID 1736
0x81f3fd88   604    Thread           TID 1564 PID 684
0x822c1d88   604    Thread           TID 1500 PID 1736
0xe1c8d018   604    Section          ''
0x820fa4e8   604    Thread           TID 816 PID 420
0x824bca30   604    Thread           TID 1980 PID 1124
0x824f77d8   604    Event            ''
0x81df4d88   604    Thread           TID 276 PID 1736
0x824d8230   604    Thread           TID 1612 PID 728
0x8250a008   604    Thread           TID 1632 PID 728
0x824a89e0   604    Thread           TID 1616 PID 1124
0x824ecd88   604    Process          explorer.exe(1636)
0x824dab48   604    Thread           TID 1640 PID 1636
0xe1d48de8   604    Port             ''
0x824ebc08   604    Thread           TID 1644 PID 1636
0x8245cd88   604    Thread           TID 1652 PID 1124
0x82032560   604    Thread           TID 1656 PID 1124
0x82373770   604    Thread           TID 1660 PID 1124
0x81f38d88   604    Thread           TID 1672 PID 1124
0x824338a0   604    Thread           TID 1676 PID 1124
0x82043a58   604    Thread           TID 1688 PID 980
0x82043650   604    Thread           TID 1692 PID 1636
0x823acaf8   604    Thread           TID 1696 PID 1636
0x823ac2d8   604    Thread           TID 1700 PID 1636
0x823acd88   604    Thread           TID 1704 PID 1124
0x81f7cac8   604    Thread           TID 1716 PID 1124
0x8237fb90   604    Thread           TID 1720 PID 1124
0x8250ed88   604    Thread           TID 1724 PID 1124
0x82042930   604    Thread           TID 1728 PID 1124
0x820426b0   604    Thread           TID 1732 PID 1124
0x8206f740   604    Process          spoolsv.exe(1736)
0x8206f4c0   604    Thread           TID 1740 PID 1736
0xe1c60f50   604    Port             ''
0x82505778   604    Thread           TID 1744 PID 1124
0x82375d88   604    Thread           TID 1752 PID 1124
0x825054f8   604    Thread           TID 1748 PID 1736
0x82375b08   604    Thread           TID 1756 PID 1124
0x82375680   604    Thread           TID 1760 PID 1736
0x82375400   604    Thread           TID 1764 PID 1736
0x82396910   604    Thread           TID 1608 PID 1124
0x820335c8   604    Thread           TID 1772 PID 1736
0x820da668   604    Thread           TID 484 PID 1736
0x81f27d88   604    Thread           TID 1780 PID 1124
0x81f27ac8   604    Thread           TID 1784 PID 728
0x823a7d88   604    Process          svchost.exe(268)
0x823bba30   604    Thread           TID 1796 PID 1124
0x820414a0   604    Thread           TID 1840 PID 684
0x824a14d8   604    Thread           TID 1844 PID 684
0x81f85368   604    Thread           TID 1848 PID 1636
0x8209e008   604    Thread           TID 220 PID 1636
0x820cffd8   604    Event            ''
0x8202b348   604    Thread           TID 1860 PID 1636
0x820cb308   604    Thread           TID 1876 PID 1636
0x81f2ed88   604    Thread           TID 1896 PID 1636
0x823704a8   604    Thread           TID 1892 PID 916
0x81f2eb08   604    Thread           TID 1900 PID 980
0x81f2e7a8   604    Thread           TID 1904 PID 980
0x8210fd88   604    Thread           TID 1960 PID 1956
0xe1d32440   604    Port             ''
0x81f5ed88   604    Thread           TID 136 PID 1956
0x823a9d88   604    Thread           TID 1992 PID 1636
0x81f60d88   604    Thread           TID 228 PID 728
0x824fed88   604    Thread           TID 236 PID 684
0x824d1608   604    Process          ctfmon.exe(2008)
0x8210f540   604    Thread           TID 2012 PID 2008
0xe20f06f8   604    Port             ''
0x823a7968   604    Thread           TID 2044 PID 1956
0x824cd300   604    Thread           TID 320 PID 268
0x82473d88   604    Thread           TID 232 PID 684
0x824fcd88   604    Thread           TID 332 PID 1124
0x820e0930   604    Thread           TID 224 PID 1636
0x824cd778   604    Thread           TID 280 PID 980
0x824715e0   604    Thread           TID 308 PID 268
0x823a4870   604    Thread           TID 296 PID 268
0x824fc910   604    Process          svchost.exe(336)
0x820675b8   604    Thread           TID 324 PID 268
0x8210aba0   604    Thread           TID 340 PID 336
0xe1f796c0   604    Port             ''
0x823a57d0   604    Thread           TID 400 PID 1124
0x8206b308   604    Thread           TID 584 PID 1124
0x823a5bf8   604    Thread           TID 624 PID 1124
0x81f5f7d0   604    Thread           TID 380 PID 1124
0x824fe2b0   604    Thread           TID 384 PID 336
0x8210c540   604    Thread           TID 388 PID 1124
0x820697f0   604    Thread           TID 508 PID 1124
0x824cea60   604    Thread           TID 396 PID 728
0x82068540   604    Thread           TID 408 PID 728
0x824ce210   604    Thread           TID 412 PID 1124
0x824ce638   604    Thread           TID 416 PID 980
0x824743a8   604    Thread           TID 520 PID 1124
0x81f5fbf8   604    Thread           TID 428 PID 336
0x823a6210   604    Thread           TID 444 PID 336
0x8206a210   604    Thread           TID 436 PID 740
0x82474bf8   604    Thread           TID 488 PID 1124
0x81f5e460   604    Process          vmtoolsd.exe(528)
0x823c0a40   604    Thread           TID 456 PID 1208
0x824a1d88   604    Thread           TID 596 PID 684
0x824736e8   604    Thread           TID 548 PID 980
0x81f5c978   604    Thread           TID 1240 PID 336
0x824cf540   604    Thread           TID 492 PID 1124
0x820693c8   604    Thread           TID 512 PID 1124
0x82472498   604    Thread           TID 516 PID 1124
0x820e0d88   604    Thread           TID 524 PID 728
0x823aad88   604    Thread           TID 368 PID 528
0x81f23810   604    Thread           TID 536 PID 980
0xe168a518   604    Port             ''
0x824ea6e0   604    Thread           TID 636 PID 1124
0x824fc498   604    Thread           TID 588 PID 684
0x81f358a8   604    Thread           TID 1256 PID 1972
0x82501478   604    Thread           TID 608 PID 528
0x820ca898   604    Thread           TID 1200 PID 336
0x824f8990   604    Thread           TID 1480 PID 1124
0x820663a8   604    Thread           TID 1192 PID 728
0x824cdbf8   604    Thread           TID 1180 PID 1124
0x825037d0   604    Thread           TID 780 PID 1124
0x820fad88   604    Thread           TID 180 PID 684
0x81f4c608   604    Thread           TID 1068 PID 1208
0x820e4310   604    Thread           TID 244 PID 1736
0x821139d8   604    Thread           TID 188 PID 604
0x82489a10   604    Desktop          'Default'
0x81f318a8   604    Thread           TID 1052 PID 1124
0x820cad88   604    Thread           TID 1060 PID 1124
0x823941b8   604    Thread           TID 800 PID 1736
0x81dfaad8   604    Thread           TID 424 PID 1736
0x8237e3f8   604    Thread           TID 496 PID 1168
0x820de780   604    Thread           TID 872 PID 1208
0x824a6d88   604    Thread           TID 1096 PID 740
0x824a6900   604    Thread           TID 1100 PID 740
0x824a6680   604    Thread           TID 1104 PID 740
0x82472910   604    Thread           TID 1108 PID 728
0x823a3590   604    Thread           TID 1116 PID 728
0x824fb350   604    Thread           TID 1148 PID 1124
0x823a3a08   604    Thread           TID 1368 PID 728
0x824cc7d0   604    Thread           TID 1196 PID 728
0x81f19638   604    Thread           TID 1264 PID 1972
0x824d2bf8   604    Thread           TID 1232 PID 1124
0x820ce978   604    Thread           TID 1376 PID 1972
0x82064498   604    Thread           TID 1384 PID 528
0x820de500   604    Thread           TID 1220 PID 1124
0x81f5a6d0   604    Event            ''
0x824f91b8   604    Thread           TID 1404 PID 528
0x821082b0   604    Thread           TID 1412 PID 528
0x82107d88   604    Thread           TID 776 PID 528
0x824ca350   604    Thread           TID 1396 PID 980
0x823a2a60   604    Thread           TID 300 PID 916
0x82065bf8   604    Process          wmiprvse.exe(1452)
0x820657d0   604    Thread           TID 1456 PID 1452
0x82107968   604    Thread           TID 1448 PID 1124
0xe21d1370   604    Port             ''
0x824f9638   604    Thread           TID 1464 PID 1124
0x82034470   604    Thread           TID 1504 PID 1124
0x8239ca30   604    Thread           TID 1516 PID 1124
0x821028e8   604    Thread           TID 1544 PID 916
0x820352d0   604    Thread           TID 1536 PID 1208
0x824c4d88   604    Thread           TID 1560 PID 1452
0x81f521e0   604    Thread           TID 1556 PID 916
0x824c4510   604    Thread           TID 1568 PID 1452
0x824c7d88   604    Thread           TID 1584 PID 1452
0x82108ba0   604    Thread           TID 1588 PID 916
0x8205e7a0   604    Thread           TID 1444 PID 1124
0x8205e328   604    Thread           TID 1524 PID 916
0x82060420   604    Thread           TID 1624 PID 1124
0x824fa910   604    Thread           TID 1296 PID 1124
0x8239d608   604    Thread           TID 1776 PID 916
0x8239b5b8   604    Thread           TID 1800 PID 916
0x8239ba30   604    Thread           TID 1804 PID 916
0xe22642d8   604    Port             ''
0x8203b610   604    Thread           TID 1428 PID 916
0x81f4b498   604    Thread           TID 1952 PID 1124
0x81f52a60   604    Thread           TID 1820 PID 916
0x81f52638   604    Thread           TID 1824 PID 916
0x824a64e8   604    File             
0x82379508   604    File             
0x8206cbd8   604    File             
0x82363578   604    File             
0x82363448   604    File             
0x82031af8   604    File             
0x823794a0   604    Event            ''
0x824c4968   604    Thread           TID 1828 PID 604
0x821062b0   604    Thread           TID 1356 PID 1208
0x820e2d88   604    Thread           TID 1276 PID 1208
0x824fd898   604    Thread           TID 744 PID 1124
0x820fb378   604    Thread           TID 212 PID 1124
0x823a0800   604    Thread           TID 1912 PID 1124
0x823a0580   604    Thread           TID 1908 PID 1452
0x820e1358   604    Thread           TID 1996 PID 1452
0x82385008   604    Thread           TID 1940 PID 1452
0x81f4b910   604    Thread           TID 1948 PID 1124
0x81f36608   604    Thread           TID 204 PID 1452
0x824f5bf8   604    Thread           TID 2040 PID 1452
0x824f5478   604    Thread           TID 132 PID 1636
0x820d2388   604    Thread           TID 1852 PID 1452
0x82044d88   604    Thread           TID 208 PID 1208
0x82044608   604    Thread           TID 1532 PID 1452
0x82102470   604    Thread           TID 372 PID 1452
0x82064d60   604    Thread           TID 284 PID 1124
0x8205f7d0   604    Thread           TID 404 PID 1124
0x821013a8   604    Process          alg.exe(420)
0x81f60540   604    Thread           TID 440 PID 420
0xe2237148   604    Port             ''
0x824c3d88   604    Thread           TID 448 PID 420
0x81f1b5c8   604    Thread           TID 460 PID 420
0x81f32570   604    Thread           TID 480 PID 420
0x82044b08   604    Thread           TID 504 PID 420
0x8239ed60   604    Thread           TID 1628 PID 1124
0x820d6d88   604    Thread           TID 472 PID 420
0x820c9d88   604    Thread           TID 344 PID 420
0x81f22b08   604    Thread           TID 376 PID 1208
0x82459578   604    Thread           TID 1024 PID 1636
0x81f22468   604    Thread           TID 1320 PID 1124
0x8248a898   604    Thread           TID 128 PID 1124
0x8248a618   604    Thread           TID 864 PID 1124
0xe1009698   684    KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   684    Directory        'KnownDlls'
0x81f7c570   684    Semaphore        ''
0xe1900510   684    Directory        'Windows'
0xe1942740   684    Port             ''
0x8207a600   684    Semaphore        ''
0xe18dc8e0   684    Key              MACHINE
0xe1658150   684    Directory        'BaseNamedObjects'
0x82102b98   684    Event            ''
0x82405468   684    Event            'crypt32LogoffEvent'
0x82405f20   684    Event            'userenv:  User Profile setup event'
0x824558a8   684    Mutant           'userenv: machine policy mutex'
0x824561f8   684    Mutant           'userenv: Machine Registry policy mutex'
0x825153a8   684    Event            'userenv: Machine Group Policy has been applied'
0x82405d78   684    Event            'userenv: Machine Group Policy ForcedRefresh Needs Foreground Processing'
0x823c9750   684    Event            'userenv: Machine Group Policy Processing is done'
0x823c9af0   684    Event            'userenv: Machine Policy Foreground Done Event'
0x824ad1b8   684    Mutant           'userenv: user policy mutex'
0x8205b2b8   684    Mutant           'userenv: User Registry policy mutex'
0x8207a538   684    Event            'userenv: User Group Policy has been applied'
0x82488320   684    Event            'userenv: User Group Policy ForcedRefresh Needs Foreground Processing'
0x823be188   684    Event            'userenv: User Group Policy Processing is done'
0x8248f4f8   684    Event            'userenv: User Policy Foreground Done Event'
0x81f777a0   684    Event            ''
0x81f7c530   684    Mutant           ''
0x81f53a00   684    Event            ''
0x823aec20   684    Mutant           ''
0x81f53588   684    Event            ''
0x823c7508   684    Mutant           ''
0x82028138   684    Mutant           ''
0x821022a8   684    Event            ''
0x82029138   684    Mutant           ''
0x81f4e5d8   684    Event            ''
0x81f50720   684    Event            ''
0xe19569b8   684    Key              MACHINE\SOFTWARE\CLASSES
0x820cf148   684    Event            'WinlogonTSSynchronizeEvent'
0x8242b340   684    File             '\\TerminalServer\\AutoReconnect'
0x820d2148   684    Event            'TS-WPAAE'
0x82399440   684    Event            ''
0x821089e0   684    Event            ''
0x820fe360   684    WindowStation    'WinSta0'
0x8240a910   684    Desktop          'Winlogon'
0x820fe360   684    WindowStation    'WinSta0'
0x8240e6e0   684    Desktop          'Disconnect'
0x82489a10   684    Desktop          'Default'
0x82390298   684    Mutant           'SingleSesMutex'
0x8247a6e0   684    Event            'ReconEvent'
0x82116d00   684    Thread           TID 688 PID 684
0x820aa2f0   684    Mutant           'winlogon: Logon UserProfileMapping Mutex'
0x81f8f060   684    Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x824d6640   684    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1963650   684    Key              USER\.DEFAULT
0x82495420   684    Event            ''
0xe165a1b0   684    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0xe196ce90   684    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x823c04c0   684    Event            'NetworkProviderLoad'
0x824fa7d0   684    Event            ''
0xe1674340   684    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPT32CHAIN
0x824296c8   684    File             
0xe193fd08   684    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPTNET
0x82030050   684    Semaphore        ''
0x82370008   684    Event            ''
0x81f956c0   684    Semaphore        ''
0xe1942340   684    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0xe196cfa0   684    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCLGNTFY
0x82080188   684    File             '\\winlogonrpc'
0xe195ad58   684    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\TPSVC
0xe194a7e8   684    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\VMUPGRADEATSHUTDOWN
0xe1cae018   684    Token            '\xed\x86\xa0\xe8\x89\x9e\xe8\x81\x94\x00'
0x81f3de10   684    Event            ''
0xe169aa70   684    Port             'sclogonrpc'
0xe196efa0   684    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA
0x823c9750   684    Event            'userenv: Machine Group Policy Processing is done'
0x824fa358   684    Event            ''
0x824c24c8   684    Event            ''
0x8205c758   684    Event            ''
0x8205c2e0   684    Event            ''
0x82116d00   684    Thread           TID 688 PID 684
0xe169b9e8   684    Port             'IUserProfile'
0x820ff820   684    Event            ''
0x81f3c008   684    Thread           TID 708 PID 684
0x820ff3a8   684    Event            ''
0x8204a008   684    Thread           TID 712 PID 684
0x81f61a68   684    Mutant           'ShimCacheMutex'
0xe1919518   684    Section          'ShimSharedMemory'
0x824c04f0   684    Timer            ''
0x824c1c48   684    Event            ''
0x8235c008   684    Thread           TID 716 PID 684
0x8206f9c8   684    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x823fe218   684    IoCompletion     ''
0x824008e0   684    IoCompletion     '\xe2\x92\x98'
0x8244c078   684    IoCompletion     ''
0x824008e0   684    IoCompletion     '\xe2\x92\x98'
0x8244f580   684    File             '\\InitShutdown'
0x820b75a0   684    File             '\\InitShutdown'
0x81f65318   684    Event            ''
0x82486708   684    Thread           TID 724 PID 684
0x81f79368   684    Semaphore        ''
0x8207f8f0   684    Thread           TID 736 PID 684
0x820e8140   684    Timer            ''
0x82037c90   684    Process          services.exe(728)
0xe19522f8   684    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
0xe19647c0   684    Port             ''
0x8206fa58   684    Process          lsass.exe(740)
0xe1967480   684    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
0x81f55ec0   684    Event            ''
0xe19e7828   684    Port             ''
0x81f24098   684    Event            ''
0x820ebe80   684    Event            ''
0x82518b90   684    Event            ''
0x820703c8   684    Event            ''
0x81f78008   684    Thread           TID 972 PID 684
0x820484b8   684    Event            ''
0x82498da8   684    File             '\\lsarpc'
0xe1948910   684    Port             ''
0x82386d28   684    Event            'Microsoft Smart Card Resource Manager Started'
0x82049e90   684    Event            ''
0x823fa470   684    File             '\\lsarpc'
0xe1c08370   684    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\CREDENTIALS
0x81f3c808   684    Event            'msgina: ReturnToWelcome'
0x82049640   684    Event            ''
0x81f3c3e0   684    Event            'msgina: ShutdownEvent'
0x824ae660   684    Mutant           'msgina: InteractiveLogonMutex'
0x82048d18   684    Mutant           'msgina: InteractiveLogonRequestMutex'
0x81f3a2a8   684    Event            ''
0x8242df10   684    Event            'WFP_IDLE_TRIGGER'
0x820472a8   684    Event            ''
0x820eaea0   684    Event            ''
0x82519530   684    File             '\\WINDOWS\\system32'
0x824a6010   684    File             '\\WINDOWS\\system32\\dllcache'
0x82049300   684    File             '\\WINDOWS\\AppPatch'
0x8206a590   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\isapi\\_vti_adm'
0x81f3c310   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\_vti_bin\\_vti_adm'
0x8251d368   684    File             '\\WINDOWS\\Help'
0x8251d2d0   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\isapi\\_vti_aut'
0x81f3a380   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\_vti_bin\\_vti_aut'
0x81f3a2e8   684    File             '\\WINDOWS\\system32\\inetsrv'
0x82047380   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\bin'
0x820472e8   684    File             '\\WINDOWS\\Fonts'
0x820eaf78   684    File             '\\WINDOWS\\system32\\drivers'
0x820eaee0   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\servsupp'
0x820a9cf8   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\bots\\vinavbar'
0x820a9c60   684    File             '\\Program Files\\microsoft frontpage\\version3.0\\bin'
0x824b3698   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\_vti_bin'
0x824b3600   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\bin\\1033'
0x8206b010   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\isapi'
0x8206b138   684    File             '\\WINDOWS'
0x82103898   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\DAO'
0x82103800   684    File             '\\Program Files\\Windows Media Player'
0x824bd568   684    File             '\\Program Files\\Common Files\\System\\msadc'
0x824bd4d0   684    File             '\\Program Files\\Common Files\\System\\ado'
0x82068010   684    File             '\\Program Files\\Common Files\\System\\Ole DB'
0x82068140   684    File             '\\WINDOWS\\inf'
0x81f34010   684    File             '\\WINDOWS\\system'
0x81f34140   684    File             '\\WINDOWS\\msagent'
0x824bb010   684    File             '\\WINDOWS\\msagent\\intl'
0x824bb140   684    File             '\\Program Files\\MSN Gaming Zone\\Windows'
0x82375010   684    File             '\\WINDOWS\\pchealth\\helpctr\\binaries'
0x82375140   684    File             '\\Program Files\\NetMeeting'
0x82039010   684    File             '\\WINDOWS\\system32\\drivers\\disdn'
0x82039140   684    File             '\\WINDOWS\\ime\\CHTIME\\Applets'
0x824a1010   684    File             '\\WINDOWS\\system32\\wbem'
0x824a1140   684    File             '\\WINDOWS\\system32\\IME\\CINTLGNT'
0x8239e010   684    File             '\\WINDOWS\\system32\\Com'
0x8239e140   684    File             '\\WINDOWS\\system32\\Setup'
0x82111010   684    File             '\\WINDOWS\\ime\\imjp8_1'
0x82111140   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\Triedit'
0x820fe010   684    File             '\\Program Files\\Windows NT'
0x820fe140   684    File             '\\Program Files\\Common Files\\System'
0x82103010   684    File             '\\WINDOWS\\system32\\1033'
0x82103140   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\admcgi\\scripts'
0x824bf010   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\admisapi\\scripts'
0x824bf140   684    File             '\\WINDOWS\\system32\\usmt'
0x8237d010   684    File             '\\WINDOWS\\ime\\imkr6_1\\dicts'
0x8237d140   684    File             '\\WINDOWS\\system32\\mui\\0009'
0x8246e010   684    File             '\\Program Files\\Internet Explorer'
0x8246e140   684    File             '\\WINDOWS\\ime\\imjp8_1\\applets'
0x824c5010   684    File             '\\WINDOWS\\ime\\imkr6_1\\applets'
0x824c5140   684    File             '\\WINDOWS\\system32\\xircom'
0x82043010   684    File             '\\Program Files\\Internet Explorer\\Connection Wizard'
0x82043140   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\MSInfo'
0x824c7010   684    File             '\\WINDOWS\\ime\\imkr6_1'
0x824c7140   684    File             '\\WINDOWS\\ime\\shared'
0x820ff010   684    File             '\\WINDOWS\\system32\\IME\\PINTLGNT'
0x820ff140   684    File             '\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\Lexicon\\1033'
0x824dec68   684    File             '\\WINDOWS\\Resources\\Themes\\Luna'
0x824debd0   684    File             '\\Program Files\\Movie Maker'
0x82102010   684    File             '\\WINDOWS\\ime'
0x82102148   684    File             '\\WINDOWS\\srchasst'
0x821020b0   684    File             '\\Program Files\\Outlook Express'
0x820aa010   684    File             '\\WINDOWS\\system32\\oobe'
0x820aa148   684    File             '\\Program Files\\Common Files\\MSSoap\\Binaries'
0x820aa0b0   684    File             '\\Program Files\\Common Files\\MSSoap\\Binaries\\Resources\\1033'
0x8211e010   684    File             '\\WINDOWS\\mui'
0x8211e148   684    File             '\\WINDOWS\\system32\\npp'
0x8211e0b0   684    File             '\\WINDOWS\\ime\\shared\\res'
0x820e9010   684    File             '\\Program Files\\Windows NT\\Pinball'
0x82124ee8   684    File             '\\WINDOWS\\ime\\chsime\\applets'
0x82462b70   684    File             '\\WINDOWS\\system32\\Restore'
0x82462ad8   684    File             '\\Program Files\\Common Files\\SpeechEngines\\Microsoft\\TTS\\1033'
0x82462a40   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\Speech'
0x82080bb0   684    File             '\\WINDOWS\\Resources\\Themes\\Luna\\Shell\\NormalColor'
0x82080b18   684    File             '\\WINDOWS\\Resources\\Themes\\Luna\\Shell\\Homestead'
0x82080a80   684    File             '\\WINDOWS\\Resources\\Themes\\Luna\\Shell\\Metallic'
0x820ada70   684    File             '\\WINDOWS\\system32\\wbem\\snmp'
0x820ad9d8   684    File             '\\Program Files\\Common Files\\SpeechEngines\\Microsoft'
0x820ad940   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\Speech\\1033'
0x82489f78   684    File             '\\WINDOWS\\PeerNet'
0x82489ee0   684    File             '\\WINDOWS\\system32\\spool\\drivers\\color'
0x82489e48   684    File             '\\WINDOWS\\system32\\IME\\TINTLGNT'
0x82400678   684    File             '\\WINDOWS\\Help\\Tours\\mmTour'
0x824e3940   684    File             '\\WINDOWS\\pchealth\\UploadLB\\Binaries'
0x824e38a8   684    File             '\\Program Files\\Common Files\\Microsoft Shared\\VGX'
0x824e3810   684    File             '\\WINDOWS\\system32\\wbem\\xml'
0x8209b778   684    File             '\\Program Files\\Windows NT\\Accessories'
0x8209b6e0   684    File             '\\WINDOWS\\system32\\mui\\0401'
0x8209b648   684    File             '\\WINDOWS\\system32\\mui\\0404'
0x82486ba8   684    File             '\\WINDOWS\\system32\\mui\\0405'
0x82486b10   684    File             '\\WINDOWS\\system32\\mui\\0406'
0x82486a78   684    File             '\\WINDOWS\\system32\\mui\\0407'
0x821192a8   684    File             '\\WINDOWS\\system32\\mui\\0408'
0x82119210   684    File             '\\WINDOWS\\system32\\mui\\040b'
0x82119178   684    File             '\\WINDOWS\\system32\\mui\\040C'
0x8211ad98   684    File             '\\WINDOWS\\system32\\mui\\040D'
0x8211ad00   684    File             '\\WINDOWS\\system32\\mui\\040e'
0x8211ac68   684    File             '\\WINDOWS\\system32\\mui\\0410'
0x8249e7a8   684    File             '\\WINDOWS\\system32\\mui\\0411'
0x8249e710   684    File             '\\WINDOWS\\system32\\mui\\0412'
0x8249e678   684    File             '\\WINDOWS\\system32\\mui\\0413'
0x823aef78   684    File             '\\WINDOWS\\system32\\mui\\0414'
0x823aeee0   684    File             '\\WINDOWS\\system32\\mui\\0415'
0x823aee48   684    File             '\\WINDOWS\\system32\\mui\\0416'
0x8244a658   684    File             '\\WINDOWS\\system32\\mui\\0419'
0x8244a5c0   684    File             '\\WINDOWS\\system32\\mui\\041b'
0x8244a528   684    File             '\\WINDOWS\\system32\\mui\\041D'
0x824a0010   684    File             '\\WINDOWS\\system32\\mui\\041f'
0x824a0158   684    File             '\\WINDOWS\\system32\\mui\\0424'
0x824a00c0   684    File             '\\WINDOWS\\system32\\mui\\0804'
0x82402b08   684    File             '\\WINDOWS\\system32\\mui\\0816'
0x82402a70   684    File             '\\WINDOWS\\system32\\mui\\0C0A'
0x824029d8   684    File             '\\WINDOWS\\system32\\mui\\0402'
0x82514630   684    File             '\\WINDOWS\\system32\\mui\\0418'
0x82514598   684    File             '\\WINDOWS\\system32\\mui\\041a'
0x82514500   684    File             '\\WINDOWS\\system32\\mui\\041e'
0x8209e7c8   684    File             '\\WINDOWS\\system32\\mui\\0425'
0x8209e730   684    File             '\\WINDOWS\\system32\\mui\\0426'
0x8209e698   684    File             '\\WINDOWS\\system32\\mui\\0427'
0x82509388   684    File             '\\Program Files\\xerox\\nwwia'
0x820a0d50   684    Event            ''
0xe1965a58   684    Key              MACHINE\SYSTEM\SETUP
0x82038188   684    Event            ''
0x825092f0   684    File             '\\WINDOWS\\WinSxS'
0x82389250   684    Thread           TID 952 PID 684
0x823ff188   684    Event            ''
0x823ff158   684    Event            ''
0x823ff128   684    Event            ''
0x824d6188   684    Event            ''
0x824d6158   684    Event            ''
0x824d6128   684    Event            ''
0x82068108   684    Event            ''
0x820680d8   684    Event            ''
0x820680a8   684    Event            ''
0x81f34108   684    Event            ''
0x81f340d8   684    Event            ''
0x81f340a8   684    Event            ''
0x824bb108   684    Event            ''
0x824bb0d8   684    Event            ''
0x824bb0a8   684    Event            ''
0x82375108   684    Event            ''
0x823750d8   684    Event            ''
0x823750a8   684    Event            ''
0x82039108   684    Event            ''
0x820390d8   684    Event            ''
0x820390a8   684    Event            ''
0x82456978   684    Event            ''
0x82114318   684    Event            ''
0x820bf838   684    Event            ''
0x825091c0   684    Event            ''
0x821212a8   684    Event            ''
0x820fa1c8   684    Event            ''
0x82401650   684    Event            ''
0x8204c1c8   684    Event            ''
0x824b11c8   684    Event            ''
0x823871c8   684    Event            ''
0x82456d00   684    Event            ''
0x824761c8   684    Event            ''
0x82133518   684    Event            ''
0x81f14440   684    Event            ''
0x81f1a1e8   684    Event            ''
0x81f1a1b8   684    Event            ''
0x820cc1e8   684    Event            ''
0x820cc1b8   684    Event            ''
0x8236d1e8   684    Event            ''
0x8236d1b8   684    Event            ''
0x820d11e8   684    Event            ''
0x820d11b8   684    Event            ''
0x823661e8   684    Event            ''
0x823661b8   684    Event            ''
0x820ca1e8   684    Event            ''
0x820ca1b8   684    Event            ''
0x823651e8   684    Event            ''
0x823651b8   684    Event            ''
0x8202f1e8   684    Event            ''
0x8202f1b8   684    Event            ''
0x820d31e8   684    Event            ''
0x820d31b8   684    Event            ''
0x81f1f1e8   684    Event            ''
0x81f1f1b8   684    Event            ''
0x8202b1e8   684    Event            ''
0x8202b1b8   684    Event            ''
0x8202e1e8   684    Event            ''
0x8202e1b8   684    Event            ''
0x82478978   684    Event            ''
0x82478948   684    Event            ''
0x8211b7b0   684    Event            ''
0x8211b780   684    Event            ''
0x8235ee40   684    Event            ''
0x8235ee10   684    Event            ''
0x82428580   684    Event            ''
0x82428550   684    Event            ''
0x81f78ba8   684    Event            ''
0x81f78b78   684    Event            ''
0x824887a0   684    Event            ''
0x82488770   684    Event            ''
0x8209b3b8   684    Event            ''
0x8209b388   684    Event            ''
0x82486e40   684    Event            ''
0x82486e10   684    Event            ''
0x824d6e40   684    Event            ''
0x824d6e10   684    Event            ''
0x82116478   684    Event            ''
0x82116448   684    Event            ''
0x823c6b30   684    Event            ''
0x823c6b00   684    Event            ''
0x81f799c8   684    Event            ''
0x81f79998   684    Event            ''
0x8244b3b0   684    Event            ''
0x8244b380   684    Event            ''
0x824d7748   684    Event            ''
0x824d7718   684    Event            ''
0x824d4e40   684    Event            ''
0x824d4e10   684    Event            ''
0x8244bc70   684    Event            ''
0x8244bc40   684    Event            ''
0x81f82498   684    Event            ''
0x81f82468   684    Event            ''
0x82486428   684    Event            ''
0x824863f8   684    Event            ''
0x8244f2e0   684    Event            ''
0x8244f2b0   684    Event            ''
0x824ba200   684    Event            ''
0x824ba1d0   684    Event            ''
0x82514200   684    Event            ''
0x825141d0   684    Event            ''
0x824a1108   684    Event            ''
0x824a10d8   684    Event            ''
0x824a10a8   684    Event            ''
0x8239e108   684    Event            ''
0x8239e0d8   684    Event            ''
0x8239e0a8   684    Event            ''
0x82111108   684    Event            ''
0x821110d8   684    Event            ''
0x821110a8   684    Event            ''
0x820fe108   684    Event            ''
0x820fe0d8   684    Event            ''
0x820fe0a8   684    Event            ''
0x82103108   684    Event            ''
0x821030d8   684    Event            ''
0x821030a8   684    Event            ''
0x824bf108   684    Event            ''
0x824bf0d8   684    Event            ''
0x824bf0a8   684    Event            ''
0x8237d108   684    Event            ''
0x8237d0d8   684    Event            ''
0x82389250   684    Thread           TID 952 PID 684
0x820378c0   684    File             '\\SfcApi'
0x8209ede0   684    File             '\\SfcApi'
0x8240a678   684    Thread           TID 956 PID 684
0x82070590   684    Thread           TID 960 PID 684
0xe1c93a88   684    Port             ''
0xe1c85290   684    Port             ''
0x82476420   684    Event            'userenv: machine policy refresh event'
0xe1c7a6c8   684    Key              USER
0x81f792c8   684    Event            'ThemesStartEvent'
0x8247a5d8   684    Event            ''
0x82032a68   684    Event            'userenv: user policy refresh event'
0x81f8f060   684    Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0xe1c3f910   684    Port             ''
0x824c91a8   684    Event            ''
0x82473d88   684    Thread           TID 232 PID 684
0x82431b60   684    Event            ''
0xe19e8370   684    Port             ''
0x823bf570   684    Event            ''
0x824646c8   684    Semaphore        'shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}'
0xe1cc8828   684    Port             ''
0xe1cadc80   684    Section          '\xe2\x99\x98\xe8\x89\x9c\xe2\xa2\x88\xe8\x89\x9c'
0xe1e24dc8   684    Token            ''
0x825012c0   684    Event            'winlogon:  machine GPO Event 19738'
0x8212f8b0   684    Event            'userenv: machine policy force refresh event'
0x823c0740   684    Event            ''
0x8203e088   684    File             '\\samr'
0x823bf5a0   684    Event            ''
0x81f796f8   684    Semaphore        ''
0xe1961498   684    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x824d18e8   684    Event            'DINPUTWINMM'
0x8207a538   684    Event            'userenv: User Group Policy has been applied'
0x82387990   684    Mutant           ''
0xe1653220   684    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\HWORDER
0x823700a8   684    Semaphore        ''
0x82370070   684    Semaphore        ''
0x824a8018   684    Mutant           'WPA_RT_MUTEX'
0x8235ca20   684    Mutant           'WPA_PR_MUTEX'
0x824a80d8   684    Mutant           'WPA_LT_MUTEX'
0x824a8088   684    Mutant           'WPA_HWID_MUTEX'
0x821194f8   684    Mutant           'WPA_LICSTORE_MUTEX'
0x81f2d6a8   684    Event            ''
0x81f2d760   684    Event            'SENS Started Event'
0x82370040   684    Event            ''
0x8204c7e8   684    Event            'jjCSCSharedFillEvent_UM_KM'
0xe1e1b018   684    Token            ''
0x82119478   684    Event            'jjCSCSessEvent_UM_KM_0'
0x82383288   684    Event            'WkssvcToAgentStartEvent'
0x82383248   684    Event            'WkssvcToAgentStopEvent'
0x82383208   684    Event            'AgentToWkssvcEvent'
0x823831c8   684    Event            'AgentExistsEvent'
0x82119438   684    Event            ''
0x8204a968   684    Thread           TID 1312 PID 684
0x82387c60   684    Event            ''
0x82429a90   684    File             
0x8237f0c0   684    Event            ''
0x820ea008   684    WmiGuid          ''
0x824ad010   684    File             
0x8237f050   684    Event            ''
0x823adbd8   684    Process          winlogon.exe(684)
0x824ad0f8   684    Event            ''
0x824ad0c8   684    Event            ''
0x82030008   684    Semaphore        ''
0x8239ec88   684    Event            'winlogon:  User GPO Event 19738'
0x8242a438   684    File             '\\winlogonrpc'
0x824560f8   684    Event            ''
0x81f788d0   684    Thread           TID 720 PID 684
0x824560c8   684    Event            ''
0x81f31010   684    File             '\\lsarpc'
0x825153a8   684    Event            'userenv: Machine Group Policy has been applied'
0x8242ce90   684    Event            'hardwaremixercallback'
0x82502770   684    Event            ''
0xe18cc988   684    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\WGALOGON
0xe1cad360   684    Port             ''
0xe1cae018   684    Token            '\xed\x86\xa0\xe8\x89\x9e\xe8\x81\x94\x00'
0x824d8c70   684    Event            ''
0x824d8ca8   684    File             '\\lsarpc'
0x81f92c70   684    Semaphore        ''
0x82497850   684    Semaphore        ''
0x820ee560   684    Semaphore        ''
0x820ee528   684    Semaphore        ''
0x820ee4f0   684    Semaphore        ''
0x820ee4b8   684    Semaphore        ''
0x820ee480   684    Semaphore        ''
0x82382918   684    Semaphore        ''
0x823828e0   684    Semaphore        ''
0x823828a8   684    Semaphore        ''
0x82382870   684    Semaphore        ''
0x823824c0   684    Event            'WlballoonLogoffNotificationEventName'
0xe1cae018   684    Token            '\xed\x86\xa0\xe8\x89\x9e\xe8\x81\x94\x00'
0x8247a870   684    Event            ''
0x823824c0   684    Event            'WlballoonLogoffNotificationEventName'
0x82114e80   684    Mutant           ''
0x81f863a8   684    Event            ''
0x82433708   684    Event            'CscCacheInitCompleteEvent'
0x820b5178   684    Event            ''
0x82456b68   684    Event            ''
0xe1c12928   684    Token            ''
0x82404548   684    Thread           TID 1468 PID 684
0x81f85e60   684    Event            ''
0xe20f8c68   684    Port             ''
0x824ea148   684    Event            ''
0xe1df0d30   684    Token            ''
0x824a3188   684    Thread           TID 216 PID 684
0x820b7150   684    Event            'userenv: user policy force refresh event'
0xe1fff4d8   684    Section          'mmGlobalPnpInfo'
0x82404548   684    Thread           TID 1468 PID 684
0x82495ea0   684    Event            ''
0x820e0088   684    Event            ''
0x8236edf8   684    Mutant           'MidiMapper_modLongMessage_RefCnt'
0x82122630   684    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82405d78   684    Event            'userenv: Machine Group Policy ForcedRefresh Needs Foreground Processing'
0xe1d10858   684    Key              USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM
0x82489a10   684    Desktop          'Default'
0x820b5e08   684    Timer            'userenv: refresh timer for 684:236'
0xe1d107f0   684    Key              USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICACHE
0x8209ae80   684    File             '\\Documents and Settings\\phocean\\Local Settings\\Application Data'
0x820f26e0   684    File             '\\Documents and Settings\\phocean\\Local Settings\\Application Data\\VMware\\hgfs.dat'
0x81f6a428   684    Timer            'userenv: refresh timer for 684:216'
0x824580f8   684    Thread           TID 1416 PID 684
0xe1e053d0   684    Key              USER\S-1-5-21-1060284298-746137067-839522115-1003
0xe1941dc8   684    Token            ''
0x82114828   684    Mutant           'MidiMapper_Configure'
0xe1fdc178   684    Section          'HGFSMEMORY000000000000f3d7'
0x824fed88   684    Thread           TID 236 PID 684
0x820eee58   684    Semaphore        ''
0x82113330   684    Mutant           'HGFSMUTEX000000000000f3d7'
0x8250a2c0   684    Semaphore        ''
0x8207b968   684    Semaphore        ''
0xe1fe12e0   684    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x8245c548   684    Semaphore        ''
0x82100240   684    Semaphore        ''
0x8207b9e0   684    File             
0xe1e97198   684    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0x82515060   684    Semaphore        ''
0xe1eb0208   684    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe1e97130   684    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0x82461998   684    File             
0x81f632b8   684    File             
0x820fad88   684    Thread           TID 180 PID 684
0x8207b9a0   684    Semaphore        ''
0x821002b0   684    File             
0x81f53f10   684    File             
0x820741f8   684    Event            '000000000000f3d7_WlballoonKerberosNotificationEventName'
0x8209fe90   684    Event            ''
0x8206e108   684    Event            ''
0x81f49d68   684    Event            ''
0x81f53fa0   684    Semaphore        ''
0x825153a8   684    Event            'userenv: Machine Group Policy has been applied'
0x820ea540   684    Event            ''
0x82033370   684    Event            ''
0x81f852e0   684    Event            ''
0x8207a538   684    Event            'userenv: User Group Policy has been applied'
0x823be188   684    Event            'userenv: User Group Policy Processing is done'
0x82049b28   684    Event            ''
0x82488320   684    Event            'userenv: User Group Policy ForcedRefresh Needs Foreground Processing'
0x820edb60   684    Event            ''
0x82373e40   684    File             '\\{9B365890-165F-11D0-A195-0020AFD156E4}'
0x81f27d48   684    Mutant           ''
0x820414a0   684    Thread           TID 1840 PID 684
0x8242a9b8   684    File             '\\WINDOWS\\system32'
0xe2233a18   684    Port             ''
0xe1fe5ad0   684    Port             ''
0x8236eed8   684    Mutant           ''
0x8206f258   684    Mutant           ''
0x81f272b0   684    Event            ''
0x8236ef48   684    Event            ''
0xe1c28700   684    Section          'WDMAUD_Callbacks'
0x8236e338   684    Event            'mixercallback'
0x824951a0   684    Thread           TID 1592 PID 684
0x824ac898   684    Event            ''
0x824ac868   684    Event            ''
0x81f3fd88   684    Thread           TID 1564 PID 684
0xe14f2018   684    Port             'OLE2638AD192BE34E7FB2607BAEC5EB'
0x82389c18   684    Event            ''
0x824a1d88   684    Thread           TID 596 PID 684
0x820384e8   684    Event            ''
0x81f3fd88   684    Thread           TID 1564 PID 684
0xe1009698   728    KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   728    Directory        'KnownDlls'
0x82486678   728    File             '\\WINDOWS\\system32'
0x820804a8   728    Semaphore        ''
0xe1900510   728    Directory        'Windows'
0xe194d910   728    Port             ''
0x824e3e68   728    Semaphore        ''
0x8209f1f0   728    Mutant           'SHIMLIB_LOG_MUTEX'
0xe1658150   728    Directory        'BaseNamedObjects'
0xe1966430   728    Key              MACHINE
0x82403ac8   728    WindowStation    'Service-0x0-3e7$'
0x8209b820   728    Desktop          'Default'
0x82403ac8   728    WindowStation    'Service-0x0-3e7$'
0x82405f20   728    Event            'userenv:  User Profile setup event'
0xe19503e0   728    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS
0xe1943138   728    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE
0xe19670c0   728    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS
0xe18ebbb8   728    Key              MACHINE\SYSTEM\CONTROLSET001\ENUM
0xe18ebb50   728    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES
0xe19d85e8   728    Key              MACHINE\SOFTWARE\POLICIES
0xe19571a0   728    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\CLASS
0xe1942fa0   728    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PERHWIDSTORAGE
0x820ef8e0   728    Event            ''
0x824b04a8   728    Mutant           ''
0x82388c10   728    Event            ''
0x823887d8   728    Mutant           ''
0x823883c0   728    Event            ''
0x820eee90   728    Mutant           ''
0x820eea78   728    Event            ''
0x820ee640   728    Mutant           ''
0x82387650   728    Event            ''
0x820edcf8   728    Mutant           ''
0x820ed8e0   728    Event            ''
0x824ade90   728    Mutant           ''
0x821124c0   728    Event            ''
0x81f623b8   728    Mutant           ''
0x82112490   728    Event            ''
0x824ca1c8   728    Mutant           ''
0x821228e8   728    Event            ''
0x820aeef0   728    Mutant           ''
0x821228b8   728    Event            ''
0x81f4aa70   728    Mutant           ''
0x824c77f0   728    Event            ''
0x81f580d0   728    Mutant           ''
0x824c77c0   728    Event            ''
0x81f7edb8   728    Mutant           ''
0x820afb98   728    Event            ''
0x820af5d8   728    Mutant           ''
0x820afb68   728    Event            ''
0x820be840   728    Mutant           ''
0x8250ad20   728    Event            ''
0x82457148   728    Mutant           ''
0x8250acf0   728    Event            ''
0x8248a148   728    Mutant           ''
0x8211aaf8   728    Event            ''
0x81f8af40   728    Mutant           ''
0x8211aac8   728    Event            ''
0x82435170   728    Mutant           ''
0x81f7c5e0   728    Event            ''
0x820440d8   728    Mutant           ''
0x81f7c5b0   728    Event            ''
0x81f541c8   728    Mutant           ''
0x82030178   728    Event            ''
0x824ad168   728    Mutant           ''
0x82030148   728    Event            ''
0x82380168   728    Mutant           ''
0x824bf400   728    Event            ''
0x82461110   728    Mutant           ''
0x824bf3d0   728    Event            ''
0x82420100   728    Mutant           ''
0x8251a450   728    Event            ''
0x82404838   728    Mutant           ''
0x8251a420   728    Event            ''
0x82118730   728    Mutant           ''
0x82474210   728    Event            ''
0x82066200   728    Mutant           ''
0x824741e0   728    Event            ''
0x823c4c90   728    Mutant           ''
0x8249f980   728    Event            ''
0x81f90b20   728    Mutant           ''
0x8249f950   728    Event            ''
0x8212e888   728    Mutant           ''
0x825e6c48   728    Event            ''
0x8209bb60   728    Mutant           ''
0x825e6c18   728    Event            ''
0x825eacd8   728    Mutant           ''
0x82077b90   728    Event            'SC_AutoStartComplete'
0xe1c08c80   728    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\ORDER
0x82100638   728    Event            ''
0x82100608   728    Event            ''
0x823beb90   728    Timer            ''
0x81f2bd88   728    Thread           TID 752 PID 728
0x8211a708   728    IoCompletion     ''
0x81f92d48   728    Thread           TID 804 PID 728
0x824bc968   728    Timer            ''
0x82488d88   728    Thread           TID 808 PID 728
0x81f250d8   728    Event            'SvcctrlStartEvent_A3752DX'
0x81f49490   728    Semaphore        ''
0x81f240c8   728    Mutant           ''
0x823adba0   728    Semaphore        ''
0x823770d0   728    Semaphore        ''
0x82486d28   728    Semaphore        ''
0x824647a8   728    Semaphore        ''
0x825128c0   728    Semaphore        ''
0xe100e260   728    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\SERVICEGROUPORDER
0x820450a8   728    Event            ''
0x824d6cf0   728    Event            ''
0x823803a0   728    Event            ''
0x82388d88   728    Thread           TID 1188 PID 728
0x82434818   728    IoCompletion     '\xe2\x92\x98'
0x8253e818   728    IoCompletion     ''
0x82434818   728    IoCompletion     '\xe2\x92\x98'
0x81f37248   728    Event            'ScNetDrvMsg'
0x820fec00   728    Event            ''
0xe16b98b0   728    Port             'ntsvcs'
0x81f37208   728    Event            ''
0x82386498   728    Event            ''
0x82046848   728    Thread           TID 880 PID 728
0x82471428   728    File             '\\ntsvcs'
0x82523f78   728    File             '\\ntsvcs'
0x820ecce8   728    Event            ''
0x82046c70   728    Thread           TID 884 PID 728
0xe1c02490   728    Port             ''
0x820eba98   728    Event            ''
0x824ac5b8   728    Thread           TID 888 PID 728
0xe1c401a0   728    Port             ''
0x82049ec0   728    Event            ''
0x824f3138   728    File             '\\scerpc'
0x81f97d50   728    File             
0x824f32e0   728    File             '\\scerpc'
0x82049670   728    Event            ''
0x82049a98   728    Event            ''
0x82386ce8   728    Event            ''
0x81f3a5b8   728    Thread           TID 892 PID 728
0x823868c0   728    Event            ''
0xe18e6d88   728    Port             ''
0x81f3d538   728    Event            ''
0x820e96b0   728    Thread           TID 876 PID 728
0x824afe80   728    Event            ''
0xe1754008   728    Port             ''
0xe194ccc0   728    Port             ''
0x81f3c7c8   728    Event            ''
0x81f3c3a0   728    Event            ''
0x82126870   728    Event            ''
0x820488c0   728    Event            ''
0x820350e0   728    Event            'WBEM_ESS_OPEN_FOR_BUSINESS'
0x820ea6b0   728    Thread           TID 900 PID 728
0x82126598   728    File             '\\net\\NtControlPipe1'
0xe19e3c80   728    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\SERVICECURRENT
0x81f61a68   728    Mutant           'ShimCacheMutex'
0xe1919518   728    Section          'ShimSharedMemory'
0x820eaad8   728    Process          vmacthlp.exe(904)
0xe19e62d0   728    Port             ''
0x8240f8b8   728    Event            ''
0x82388828   728    File             '\\net\\NtControlPipe2'
0xe1c39558   728    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG
0x82114008   728    Process          svchost.exe(916)
0xe1c02cf0   728    Port             ''
0x82133bd0   728    File             '\\net\\NtControlPipe3'
0x823fa6a0   728    File             '\\net\\NtControlPipe3'
0x823fa628   728    Event            ''
0x824ae7f8   728    Thread           TID 932 PID 728
0xe1c78128   728    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME
0xe1c837c8   728    Token            ''
0x8240a480   728    Event            ''
0x824ae7c0   728    Semaphore        ''
0x820486c0   728    Event            ''
0x825801d0   728    Semaphore        ''
0x824d9de0   728    File             '\\WINDOWS\\system32\\config\\AppEvent.Evt'
0xe1965ad0   728    Section          ''
0x824aebe8   728    Semaphore        ''
0x820430d0   728    Semaphore        ''
0x81f7cde0   728    File             '\\WINDOWS\\system32\\config\\Internet.evt'
0xe1c79490   728    Section          ''
0x824c70d0   728    Semaphore        ''
0x820ff100   728    Semaphore        ''
0x824566e0   728    File             '\\WINDOWS\\system32\\config\\SecEvent.Evt'
0xe1c44b90   728    Section          ''
0x824deb90   728    Semaphore        ''
0x824deb58   728    Semaphore        ''
0x820dd1b0   728    File             '\\WINDOWS\\system32\\config\\SysEvent.Evt'
0xe1c44a30   728    Section          ''
0x82024538   728    Semaphore        ''
0x820486f0   728    Semaphore        ''
0x820ab1c0   728    File             '\\WINDOWS\\system32\\config\\ThinPrint.evt'
0xe1c7dfc0   728    Section          ''
0x82048688   728    Semaphore        ''
0x81f7d300   728    Semaphore        ''
0x81f483a0   728    Thread           TID 968 PID 728
0x81f7d290   728    Event            ''
0x8204db88   728    Event            ''
0xe16e8ba0   728    Port             'ErrorLogPort'
0xe1c84488   728    Port             ''
0xe1c63440   728    Port             ''
0xe1c8e448   728    Port             ''
0xe1c39a00   728    Key              USER
0xe1c781b0   728    Key              USER\S-1-5-20
0x82386f78   728    File             '\\net\\NtControlPipe5'
0x820b4e80   728    File             '\\net\\NtControlPipe4'
0x820ec638   728    Process          svchost.exe(980)
0xe1c8a0a0   728    Port             ''
0x824b0920   728    File             '\\net\\NtControlPipe0'
0x8204b650   728    Process          svchost.exe(1124)
0xe196eaf0   728    Port             ''
0x820465e0   728    Event            ''
0xe1cabc30   728    Port             ''
0x82046360   728    Thread           TID 1144 PID 728
0xe1ca5580   728    Port             ''
0xe1c7d5a8   728    Token            ''
0xe1caf470   728    Key              USER\S-1-5-20
0xe1c50b00   728    Token            ''
0x824b0340   728    Event            ''
0x824e3d68   728    File             '\\net\\NtControlPipe6'
0x823bd298   728    Process          svchost.exe(1168)
0x81f5c908   728    Event            ''
0x82512120   728    Event            ''
0x8207a748   728    Event            ''
0x8207a8a8   728    Event            'PnP_No_Pending_Install_Events'
0x8207a718   728    Event            ''
0x820f27b0   728    Mutant           'PnP_Init_Mutex'
0x824cdb20   728    File             '\\net\\NtControlPipe7'
0xe1c451b0   728    Key              USER\S-1-5-19
0x820ee7d0   728    Process          svchost.exe(1208)
0xe1ce83c8   728    Port             ''
0xe1cf3880   728    Port             ''
0x82495a98   728    Event            ''
0x824d8230   728    Thread           TID 1612 PID 728
0x8206f740   728    Process          spoolsv.exe(1736)
0x824aefa0   728    Event            ''
0x8250a008   728    Thread           TID 1632 PID 728
0x82379010   728    File             '\\net\\NtControlPipe8'
0x8250ed28   728    Event            ''
0xe18ef648   728    Port             ''
0x81f27ac8   728    Thread           TID 1784 PID 728
0x8206f298   728    Event            ''
0x81f3cd88   728    Thread           TID 1184 PID 728
0xe1cb6d30   728    Token            ''
0x8209f090   728    Event            ''
0xe2093310   728    Port             ''
0xe21096c8   728    Port             ''
0xe1c19148   728    Port             ''
0x82045398   728    Event            ''
0x824d1190   728    Thread           TID 184 PID 728
0xe2113d60   728    Port             ''
0x825026a8   728    Event            ''
0xe1fff2c8   728    Key              USER\S-1-5-19
0x81f60d88   728    Thread           TID 228 PID 728
0xe1c29f08   728    Key              USER\S-1-5-19
0xe1f75018   728    Token            ''
0x8249b780   728    File             '\\net\\NtControlPipe9'
0x823a7d88   728    Process          svchost.exe(268)
0xe1f795e0   728    Port             ''
0xe1f4f310   728    Token            ''
0x82104378   728    Event            ''
0x823a34f0   728    File             '\\net\\NtControlPipe10'
0x824fc910   728    Process          svchost.exe(336)
0xe1f561f0   728    Port             ''
0x824cea60   728    Thread           TID 396 PID 728
0xe20a6cc8   728    Port             ''
0x82095ce0   728    Event            ''
0x82068540   728    Thread           TID 408 PID 728
0x82472438   728    Event            ''
0x824ce0d8   728    Event            ''
0x820e0d88   728    Thread           TID 524 PID 728
0x81f95f78   728    File             '\\net\\NtControlPipe11'
0x823c1f78   728    File             '\\srvsvc'
0x81f5e460   728    Process          vmtoolsd.exe(528)
0xe1691298   728    Port             ''
0xe21128f8   728    Port             ''
0x81f23d58   728    Event            ''
0x82387780   728    Event            ''
0x82472910   728    Thread           TID 1108 PID 728
0x820a9558   728    Event            ''
0x82477118   728    Event            ''
0x823a3590   728    Thread           TID 1116 PID 728
0xe2111b98   728    Port             ''
0x82038058   728    Event            ''
0x82040d58   728    Event            ''
0x82470d38   728    Thread           TID 1152 PID 728
0x82467a58   728    File             '\\PIPE_EVENTROOT\\CIMV2SCM EVENT PROVIDER'
0x824cc7d0   728    Thread           TID 1196 PID 728
0x820663a8   728    Thread           TID 1192 PID 728
0x824ac468   728    Event            ''
0x823a3a08   728    Thread           TID 1368 PID 728
0x824c42a8   728    Event            ''
0xe21fbe28   728    Port             ''
0x820b5fd8   728    Event            ''
0x824c5958   728    Event            ''
0xe22742a0   728    Port             ''
0xe2251060   728    Port             ''
0xe218b8d0   728    Port             ''
0xe2286d90   728    Token            ''
0xe2222198   728    Key              USER\S-1-5-19
0x820cee78   728    File             '\\net\\NtControlPipe13'
0x821013a8   728    Process          alg.exe(420)
0xe22877b0   728    Port             ''
0xe1e00948   728    Port             ''
0xe194ec70   728    Port             ''
0xe1009698   740    KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   740    Directory        'KnownDlls'
0x82403cb0   740    File             '\\WINDOWS\\system32'
0x8240d2b0   740    Semaphore        ''
0xe1900510   740    Directory        'Windows'
0xe196e458   740    Port             ''
0x824e46b8   740    Semaphore        ''
0xe1658150   740    Directory        'BaseNamedObjects'
0x8209f1f0   740    Mutant           'SHIMLIB_LOG_MUTEX'
0xe1961430   740    Key              MACHINE
0x82403ac8   740    WindowStation    'Service-0x0-3e7$'
0xe1f17400   740    Port             ''
0x8209b820   740    Desktop          'Default'
0x82403ac8   740    WindowStation    'Service-0x0-3e7$'
0x825182a0   740    Semaphore        ''
0x824791c0   740    Event            ''
0xe1766270   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\HWORDER
0x820b66a0   740    Semaphore        ''
0x82496b10   740    Semaphore        ''
0x8205a658   740    Event            ''
0x824be7f8   740    Event            ''
0x82522760   740    Semaphore        ''
0x82522398   740    Semaphore        ''
0xe1967398   740    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x824d18e8   740    Event            'DINPUTWINMM'
0x824036c8   740    File             
0x8205a628   740    Event            ''
0x82507bb0   740    Event            ''
0xe195d388   740    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   740    Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x82405f20   740    Event            'userenv:  User Profile setup event'
0x8207f860   740    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82125ab8   740    Event            ''
0xe19d8c58   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\SSPICACHE\MSAPSSPC.DLL
0x82383980   740    Event            ''
0x81f77a08   740    File             '\\net\\NtControlPipe0'
0xe1942f38   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\SSPICACHE\DIGEST.DLL
0xe1c031d0   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\SSPICACHE\MSNSSPC.DLL
0x8250b9b0   740    Timer            ''
0x82125ae8   740    Event            ''
0x823746d0   740    Thread           TID 760 PID 740
0x81f6a090   740    IoCompletion     ''
0x8211b978   740    Timer            ''
0x81f2a440   740    Thread           TID 768 PID 740
0xe194d2c0   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA
0x824af1e0   740    Event            ''
0x820b3578   740    Semaphore        ''
0x824af1b0   740    Event            ''
0xe1588c00   740    Port             'SeLsaCommandPort'
0x8248bb70   740    Event            'SeLsaInitEvent'
0xe195b4d0   740    Port             ''
0xe1952728   740    Port             ''
0x824019f0   740    Semaphore        ''
0x821204b8   740    Semaphore        ''
0x82120f40   740    Semaphore        ''
0x82490bf0   740    Semaphore        ''
0x8250f958   740    Semaphore        ''
0x821292d8   740    Semaphore        ''
0x820ef140   740    Event            ''
0x823c2038   740    Semaphore        ''
0x8211df40   740    Semaphore        ''
0xe1979360   740    Key              MACHINE\SECURITY
0xe1960508   740    Key              MACHINE\SECURITY\RXACT
0x820ef110   740    Event            ''
0x8204b140   740    Event            ''
0x8204b110   740    Event            ''
0x8205bbf0   740    Event            ''
0x8240e798   740    File             '\\lsarpc'
0xe180b0b0   740    Key              MACHINE\SECURITY\POLICY
0x81f3a170   740    Semaphore        ''
0x8244ff68   740    Semaphore        ''
0x81f39170   740    Semaphore        ''
0x820f1170   740    Semaphore        ''
0x8203e148   740    Event            ''
0x81f78d70   740    Timer            ''
0xe1961580   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\AUDIT\PERUSERAUDITING\SYSTEM
0x81f52d10   740    Semaphore        ''
0x81f26230   740    Semaphore        ''
0x82106560   740    Semaphore        ''
0xe1963928   740    Token            ''
0x820dd468   740    Semaphore        ''
0x820dd6f8   740    Semaphore        ''
0x81f2b230   740    Semaphore        ''
0x820477f0   740    Semaphore        ''
0x823837f0   740    Semaphore        ''
0x82106530   740    Event            ''
0xe18d69c8   740    Section          'Debug.Memory.2e4'
0xe19d9968   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\KERBEROS
0x82506b78   740    Thread           TID 788 PID 740
0x8207b920   740    Semaphore        ''
0x82430ac8   740    File             
0x81f26200   740    Event            ''
0x8244b9d0   740    WmiGuid          ''
0x8207a160   740    File             
0x820dd438   740    Event            ''
0x8206fa58   740    Process          lsass.exe(740)
0x820dd6c8   740    Event            ''
0x81f2b200   740    Event            ''
0x82048200   740    Semaphore        ''
0xe1663340   740    Key              MACHINE\SECURITY\POLICY
0x82107cb8   740    Semaphore        ''
0x81f60890   740    Semaphore        ''
0x820377f0   740    Semaphore        ''
0xe1966500   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\KERBEROS\SIDCACHE
0x824a2268   740    Semaphore        ''
0x82083338   740    Semaphore        ''
0x820a0988   740    Semaphore        ''
0x8240f6f8   740    Semaphore        ''
0x82420f28   740    Semaphore        ''
0xe19e7658   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\KERBEROS\DOMAINS
0x81f52ce0   740    Event            ''
0x81f401d8   740    Semaphore        ''
0x820ae830   740    Semaphore        ''
0x824d1568   740    File             '\\lsass'
0x820477c0   740    Event            ''
0xe1c3b438   740    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x823837c0   740    Event            ''
0xe1943008   740    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x820db640   740    File             
0x823bf150   740    File             
0x820f9730   740    File             
0x81f2bcf8   740    File             
0x82374a68   740    File             
0x81f5fb20   740    Semaphore        ''
0x8244fa60   740    Semaphore        ''
0xe19430d0   740    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe1c3b4a0   740    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe1c08e10   740    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe19eb840   740    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0xe19f0840   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA
0x82070c00   740    WmiGuid          ''
0xe19660d8   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\MSV1_0
0x824c2ba0   740    Semaphore        ''
0x824e6170   740    Semaphore        ''
0x820e10d0   740    Semaphore        ''
0x820e1098   740    Semaphore        ''
0x81f330d0   740    Semaphore        ''
0x81f33098   740    Semaphore        ''
0x820dd990   740    Semaphore        ''
0x820dd958   740    Semaphore        ''
0xe19e3c08   740    Key              MACHINE\SECURITY\POLICY
0x82374eb0   740    Semaphore        ''
0xe19fe9c0   740    Token            ''
0x82374e78   740    Semaphore        ''
0x8207b8f0   740    Event            ''
0x81f843d8   740    File             '\\WINDOWS\\Debug\\PASSWD.LOG'
0x82465528   740    Semaphore        ''
0x82116cc8   740    Semaphore        ''
0x82116c90   740    Semaphore        ''
0x8250e2c8   740    Semaphore        ''
0x824a2238   740    Event            ''
0x820377c0   740    Event            ''
0x8250e290   740    Semaphore        ''
0x82077160   740    Semaphore        ''
0x82077128   740    Semaphore        ''
0x82486280   740    Semaphore        ''
0x82405468   740    Event            'crypt32LogoffEvent'
0x82434600   740    IoCompletion     '\xe2\x92\x98'
0x8204d148   740    Event            ''
0xe19ffc80   740    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\SECURITYPROVIDERS\WDIGEST
0x820aeba0   740    IoCompletion     ''
0x82434600   740    IoCompletion     '\xe2\x92\x98'
0x81f2a7d8   740    File             '\\lsass'
0x81f264a8   740    File             '\\lsass'
0x821257d8   740    Event            ''
0x8248fd88   740    Thread           TID 820 PID 740
0xe1699840   740    Port             'audit'
0x81f401a8   740    Event            ''
0x8248bd88   740    Thread           TID 824 PID 740
0xe16938d0   740    Port             'securityevent'
0x820ae800   740    Event            ''
0x820a8c18   740    Thread           TID 828 PID 740
0x82518cf8   740    Thread           TID 832 PID 740
0x81f2c3b0   740    File             
0xe16bea00   740    Port             'LsaAuthenticationPort'
0xe1c45420   740    Port             ''
0x8206fa58   740    Process          lsass.exe(740)
0xe19dac30   740    Port             ''
0x823adbd8   740    Process          winlogon.exe(684)
0xe19612f0   740    Port             ''
0x823adbd8   740    Process          winlogon.exe(684)
0x82486cf0   740    Semaphore        ''
0x824a8188   740    Event            'LSA_RPC_SERVER_ACTIVE'
0x81f36098   740    Event            ''
0xe1952808   740    Key              MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROTECT\PROVIDERS\DF9D8CD0-1501-11D1-8C7A-00C04FC297EB
0x820397c0   740    Event            ''
0xe16bee18   740    Port             'protected_storage'
0x820e8098   740    Event            ''
0x820c6d88   740    Thread           TID 848 PID 740
0x82432288   740    File             '\\protected_storage'
0x8251ae40   740    File             '\\protected_storage'
0x823898e0   740    Event            ''
0x82116328   740    Event            ''
0x8240c008   740    Thread           TID 852 PID 740
0x824a60a8   740    Event            ''
0x82519cc8   740    File             '\\lsass'
0x823ff868   740    Event            '\xe3\xb2\xa0'
0xe194d3e8   740    Port             ''
0x8206fa58   740    Process          lsass.exe(740)
0xe167ce88   740    Port             ''
0x8206fa58   740    Process          lsass.exe(740)
0x823ff868   740    Event            '\xe3\xb2\xa0'
0x823ff868   740    Event            '\xe3\xb2\xa0'
0x823fdb60   740    Semaphore        ''
0x823fdb28   740    Semaphore        ''
0x823ff830   740    Semaphore        ''
0x82120930   740    Semaphore        ''
0xe18cf008   740    Port             ''
0x825c87e0   740    Process          System(4)
0x82456008   740    Event            '\xe3\xb2\xa0'
0x820a4188   740    Semaphore        ''
0x8242dbc8   740    Event            ''
0x82455c88   740    Event            ''
0x82455c50   740    Semaphore        ''
0x820400d8   740    Semaphore        ''
0xe190a008   740    Key              MACHINE\SAM\SAM
0xe19662a8   740    Key              MACHINE\SAM\SAM\RXACT
0xe195a2e0   740    Key              MACHINE\SAM\SAM\DOMAINS\BUILTIN
0xe18cf0c8   740    Key              MACHINE\SAM\SAM\DOMAINS\ACCOUNT
0xe15715d8   740    Token            ''
0x823803e0   740    Event            'SAM_SERVICE_STARTED'
0x81f2f0e0   740    Event            ''
0x81f2f0a0   740    Mutant           ''
0x823730e0   740    Event            ''
0x823730a0   740    Mutant           ''
0x824787d8   740    Event            ''
0x82478798   740    Mutant           ''
0x82107358   740    Event            ''
0x820e9208   740    Event            ''
0xe1951b60   740    Port             ''
0x824e61a8   740    WmiGuid          ''
0x82452408   740    File             '\\lsass'
0x824ac2c0   740    WmiGuid          ''
0x82465560   740    WmiGuid          ''
0x82037c90   740    Process          services.exe(728)
0x82049a68   740    Event            ''
0x820ed498   740    Event            ''
0x81f3a9e0   740    Thread           TID 896 PID 740
0xe196b518   740    Port             ''
0x82126740   740    File             '\\lsass'
0xe19e78f8   740    Port             ''
0x82114008   740    Process          svchost.exe(916)
0xe196b9f0   740    Port             ''
0x82114008   740    Process          svchost.exe(916)
0xe1c7e940   740    Port             ''
0x82037c90   740    Process          services.exe(728)
0xe1c96420   740    Port             ''
0xe1c84958   740    Token            ''
0x823adbd8   740    Process          winlogon.exe(684)
0xe1c85890   740    Port             ''
0x82080810   740    Event            ''
0xe1c7a478   740    Key              USER
0x81f779d0   740    Event            ''
0x82374af8   740    Thread           TID 756 PID 740
0x81f779a0   740    Event            ''
0xe1c06960   740    Port             ''
0x82465400   740    File             '\\lsass'
0xe1c509a0   740    Port             ''
0x820ec638   740    Process          svchost.exe(980)
0xe1cad9e0   740    Token            ''
0x8204b650   740    Process          svchost.exe(1124)
0x8204b2c0   740    Event            '\xe3\xb2\xa0'
0x8204b290   740    Event            ''
0x820a9d88   740    Thread           TID 840 PID 740
0x824d8c10   740    Event            ''
0x824dddb0   740    File             '\\lsass'
0x824d8c40   740    Event            ''
0x8209f4d0   740    Event            ''
0x81f2d7c8   740    Thread           TID 1332 PID 740
0x8209f468   740    Event            ''
0x820a97f0   740    File             '\\lsass'
0x820a9768   740    Event            ''
0x820a9738   740    Event            ''
0xe1ce9368   740    Port             ''
0x823adbd8   740    Process          winlogon.exe(684)
0xe1e4e870   740    Port             ''
0xe1e4f018   740    Token            ''
0x820a95e0   740    File             '\\lsass'
0x82122358   740    File             '\\lsass'
0x8246f970   740    Event            ''
0x8204b650   740    Process          svchost.exe(1124)
0xe1ce9148   740    Port             ''
0x8204b650   740    Process          svchost.exe(1124)
0x824a0588   740    File             '\\lsass'
0xe1c3ba98   740    Port             ''
0x824ecd88   740    Process          explorer.exe(1636)
0xe1c1a2a0   740    Port             ''
0x8204b650   740    Process          svchost.exe(1124)
0x82456640   740    Event            ''
0x82031698   740    Event            ''
0x823c8508   740    Event            ''
0xe1f2f2a8   740    Port             ''
0x823a7d88   740    Process          svchost.exe(268)
0x823713b0   740    Event            ''
0x81f2a868   740    Thread           TID 764 PID 740
0xe2122a48   740    Port             ''
0x82371968   740    File             '\\lsass'
0x82123ea0   740    Event            ''
0x8204b650   740    Process          svchost.exe(1124)
0x8210c2d8   740    File             
0x8204bf18   740    Event            ''
0x82024f30   740    WmiGuid          ''
0x82104270   740    Event            ''
0x81f4b7a8   740    Event            'PS_SERVICE_STARTED'
0x8206a210   740    Thread           TID 436 PID 740
0xe1f17e68   740    Port             ''
0x824fc910   740    Process          svchost.exe(336)
0x82475178   740    Event            'IPSEC_POLICY_CHANGE_EVENT'
0x821042a0   740    Event            ''
0x8209b068   740    Event            ''
0x82069178   740    Event            'IPSEC_POLICY_CHANGE_NOTIFY'
0x824fd180   740    Event            ''
0x823855b0   740    Event            'IPSEC_GP_REFRESH_EVENT'
0x8206a210   740    Thread           TID 436 PID 740
0x824fd150   740    Event            ''
0x823a4ce0   740    Event            ''
0x8250a5a0   740    File             '\\Endpoint'
0x823a5198   740    Event            ''
0x823a4d70   740    File             
0xe210a008   740    Port             ''
0x820ee7d0   740    Process          svchost.exe(1208)
0x8242a570   740    Event            ''
0xe1f88c90   740    Port             ''
0x8204b650   740    Process          svchost.exe(1124)
0x823a75a0   740    Event            '\xe3\xb2\xa0'
0x820697c0   740    Event            ''
0x82458698   740    Thread           TID 1408 PID 740
0x82507f58   740    Event            '\xe3\xb2\xa0'
0x823c8c40   740    Event            '\xe3\xb2\xa0'
0xe2104908   740    Token            ''
0x81f31470   740    Event            ''
0x82034208   740    Event            ''
0x81f31408   740    Event            ''
0x8206dac8   740    File             
0xe20c6350   740    Key              MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\IPSEC
0x81f313d8   740    Event            ''
0xe1f692b0   740    Key              MACHINE\SOFTWARE\MICROSOFT\NETWORKACCESSPROTECTION\NAPCLIENT
0x820dc7a8   740    File             
0x81f322e8   740    File             '\\Endpoint'
0x823899f0   740    Event            ''
0xe172b9c8   740    Port             ''
0x820ca4d0   740    Event            ''
0x82377d88   740    Thread           TID 1092 PID 740
0x82028bf0   740    File             '\\lsass'
0x820dc330   740    File             '\\Endpoint'
0x82377be0   740    File             
0x824f6f78   740    File             '\\lsass'
0x8237a560   740    Event            ''
0x820ca470   740    Event            ''
0x820dc2f8   740    Event            ''
0x823642d8   740    Event            ''
0x82377980   740    File             '\\Endpoint'
0x823777a8   740    File             '\\255'
0x824a6d88   740    Thread           TID 1096 PID 740
0x823774b8   740    Event            ''
0x824a6900   740    Thread           TID 1100 PID 740
0x82377400   740    Timer            ''
0x824a6680   740    Thread           TID 1104 PID 740
0x81f79908   740    File             '\\lsass'
0xe210af50   740    Port             ''
0x81f62d88   740    Process          vmtoolsd.exe(1972)
0x823a2e80   740    Event            ''
0x824c9b78   740    File             '\\lsass'
0x824e6d40   740    Event            ''
0x824e1ad0   740    File             '\\lsass'
0xe1f5de40   740    Port             ''
0x81f5e460   740    Process          vmtoolsd.exe(528)
0xe215b558   740    Port             ''
0x8239bf78   740    File             '\\lsass'
0x81f51eb0   740    Event            ''
0x82106220   740    File             '\\lsass'
0x81f5c878   740    File             '\\lsass'
0xe225ea48   740    Port             ''
0x82065bf8   740    Process          wmiprvse.exe(1452)
0x820448a8   740    Event            ''
0x82066e48   740    Event            ''
0x8251d008   740    Thread           TID 836 PID 740
0x820d2618   740    Event            ''
0xe2288738   740    Port             ''
0xe1009698   904    KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   904    Directory        'KnownDlls'
0x81f8f060   904    Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x82494950   904    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0xe1900510   904    Directory        'Windows'
0xe1c43550   904    Port             ''
0x824e4948   904    Semaphore        ''
0x82401e00   904    Semaphore        ''
0xe1951af8   904    Key              MACHINE
0x82403ac8   904    WindowStation    'Service-0x0-3e7$'
0x8240bd28   904    Event            ''
0x8209b820   904    Desktop          'Default'
0x82403ac8   904    WindowStation    'Service-0x0-3e7$'
0x824f15e8   904    File             
0xe1658150   904    Directory        'BaseNamedObjects'
0x82519a50   904    File             '\\net\\NtControlPipe1'
0x824b23e0   904    Event            ''
0x82068bf0   904    Event            ''
0x824651e0   904    Event            ''
0x82070e80   904    Event            ''
0x820ea288   904    Thread           TID 908 PID 904
0x82523d10   904    Event            ''
0xe19d8d48   904    Port             ''
0x824b09b8   904    File             '\\Program Files\\VMware\\VMware Tools'
0x82514e18   904    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1009698   916    KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   916    Directory        'KnownDlls'
0x82514c20   916    File             '\\WINDOWS\\system32'
0x82125808   916    Semaphore        ''
0xe1900510   916    Directory        'Windows'
0xe194d4b8   916    Port             ''
0x81f2b4c8   916    Semaphore        ''
0xe1658150   916    Directory        'BaseNamedObjects'
0x8209f1f0   916    Mutant           'SHIMLIB_LOG_MUTEX'
0xe196b628   916    Key              MACHINE
0x82403ac8   916    WindowStation    'Service-0x0-3e7$'
0x824a47f8   916    Event            ''
0x8209b820   916    Desktop          'Default'
0x82403ac8   916    WindowStation    'Service-0x0-3e7$'
0x820ef4a8   916    Event            ''
0x81f2b490   916    Semaphore        ''
0x82377098   916    Semaphore        ''
0xe19ea828   916    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x824d18e8   916    Event            'DINPUTWINMM'
0x82420f78   916    File             
0x824f3268   916    Event            ''
0x824f30c0   916    Event            ''
0xe1952928   916    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   916    Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x82405f20   916    Event            'userenv:  User Profile setup event'
0x824fcbd0   916    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe19fedc8   916    Token            ''
0x82126530   916    Event            ''
0x81f8bee8   916    Semaphore        ''
0x81f8beb0   916    Semaphore        ''
0x82435f38   916    Semaphore        ''
0x82435f00   916    Semaphore        ''
0x824f15a8   916    Semaphore        ''
0x824f1570   916    Semaphore        ''
0x82519a10   916    Semaphore        ''
0x825199d8   916    Semaphore        ''
0x8244a1c8   916    Semaphore        ''
0x8244a190   916    Semaphore        ''
0x823ad188   916    Semaphore        ''
0x823ad150   916    Semaphore        ''
0x81f7e160   916    Event            ''
0x81f7e190   916    Event            ''
0x8249c0f0   916    Event            ''
0x8249c0c0   916    Event            ''
0x81f3ad88   916    Thread           TID 920 PID 916
0x824cf888   916    Event            ''
0x824cf8c0   916    File             '\\net\\NtControlPipe2'
0xe19eb8d0   916    Port             ''
0x824b0a78   916    Thread           TID 1120 PID 916
0x82420240   916    Event            ''
0x820ecf40   916    Event            ''
0x82420270   916    Event            ''
0x820a0490   916    Event            ''
0x82082048   916    IoCompletion     '\xe2\x92\x98'
0x82522828   916    IoCompletion     ''
0x82082048   916    IoCompletion     '\xe2\x92\x98'
0xe1c3b1a0   916    Key              MACHINE\SOFTWARE\CLASSES
0xe1952368   916    Key              MACHINE\SOFTWARE\CLASSES\CLSID
0xe19ecb98   916    Key              MACHINE\SOFTWARE\CLASSES\APPID
0x820a0460   916    Event            ''
0x820f8bf8   916    Event            ''
0x820f8bc8   916    Event            ''
0x82125c50   916    Event            ''
0x823fa7e0   916    File             
0xe1c43420   916    Port             ''
0xe194b138   916    Key              MACHINE\SOFTWARE\MICROSOFT\OLE
0xe1c39478   916    Port             ''
0x824fe0d8   916    Event            ''
0xe19575d8   916    Key              MACHINE\SOFTWARE\MICROSOFT\OLE
0x82497310   916    Timer            ''
0x825194f8   916    Event            ''
0x824aec20   916    Thread           TID 936 PID 916
0x824640c8   916    IoCompletion     ''
0x82517f50   916    Timer            ''
0x81f399e0   916    Thread           TID 944 PID 916
0xe1958ca0   916    Key              MACHINE\SOFTWARE\POLICIES
0x825194c8   916    Event            ''
0xe1958c38   916    Key              MACHINE\SOFTWARE\POLICIES
0xe16b9ba0   916    Port             'actkernel'
0x824fe108   916    Event            ''
0x82049008   916    Thread           TID 948 PID 916
0x820ec638   916    Process          svchost.exe(980)
0xe1c8e578   916    Section          'RotHintTable'
0xe1c831b0   916    Port             ''
0x82080840   916    Event            ''
0x82067990   916    File             '\\lsarpc'
0x81f48360   916    Mutant           '{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}'
0xe1ca25e8   916    Section          '{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}'
0xe1c2d630   916    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER\LICENSING CORE
0xe1968d50   916    Key              MACHINE\SOFTWARE\CLASSES
0xe206f370   916    Key              MACHINE\SOFTWARE\CLASSES
0x824d7f58   916    Event            ''
0xe1e25350   916    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x824d7f28   916    Event            ''
0xe2069f28   916    Key              USER
0x824d7ef8   916    Event            ''
0xe1eb7908   916    Key              MACHINE\SOFTWARE\CLASSES
0x81f77370   916    Event            ''
0xe1eb78a0   916    Key              USER
0x81f77340   916    Event            ''
0xe20604f8   916    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f77310   916    Event            ''
0xe2060490   916    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f772e0   916    Event            ''
0xe1ff84d0   916    Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x824333e0   916    Event            ''
0xe2060428   916    Key              MACHINE\SOFTWARE\CLASSES
0x82433378   916    Event            ''
0xe206f290   916    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82433310   916    Event            ''
0xe1c7b008   916    Key              USER
0x81f77520   916    Event            ''
0xe206f228   916    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f774b8   916    Event            ''
0xe1c7b100   916    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x824d7dc8   916    Event            ''
0xe20685f0   916    Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x824d7d60   916    Event            ''
0x82370728   916    Event            ''
0x823704a8   916    Thread           TID 1892 PID 916
0x823c89f0   916    Event            ''
0x8203b568   916    Event            ''
0x82454e40   916    Event            ''
0x82503c58   916    Event            ''
0xe1ff62f0   916    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
0x824cfd88   916    Thread           TID 156 PID 916
0x82376310   916    Event            ''
0x82408470   916    Event            ''
0xe226ee48   916    Port             ''
0x823a2a60   916    Thread           TID 300 PID 916
0xe225c470   916    Port             ''
0x820343e0   916    Event            ''
0x824b07e8   916    Event            ''
0x820a3748   916    Mutant           ''
0x82478418   916    Mutant           ''
0x81f61a68   916    Mutant           'ShimCacheMutex'
0xe1919518   916    Section          'ShimSharedMemory'
0x820d2200   916    Event            ''
0x824b0818   916    Event            ''
0x8244a298   916    Mutant           ''
0x82405468   916    Event            'crypt32LogoffEvent'
0x82370dc0   916    Mutant           ''
0x824b07b8   916    Event            ''
0x81f1abb0   916    Mutant           ''
0x81f1ab80   916    Event            ''
0x81f1ab50   916    Event            ''
0x8246f8c8   916    Event            'TermSrvReadyEvent'
0x8239d1b8   916    Semaphore        ''
0x81f58550   916    Semaphore        ''
0x820ad758   916    Mutant           '746bbf3569adEncrypt'
0xe226a2b0   916    Port             'IcaApi'
0xe2237268   916    Port             ''
0x823717e0   916    Mutant           ''
0x823c8958   916    Event            ''
0xe21e7878   916    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TERMSERVICE\PARAMETERS
0xe2268688   916    Port             ''
0x82476978   916    Event            ''
0x820cff38   916    Event            ''
0x81f63480   916    Event            ''
0x81f63450   916    Event            ''
0x81f63420   916    Event            ''
0xe2150a30   916    Port             'SmSsWinStationApiPort'
0x81f633b8   916    Event            ''
0x82074e48   916    Event            ''
0xe1687268   916    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x82074de0   916    Event            ''
0xe1f535a0   916    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0xe21954a8   916    Port             ''
0xe222eb30   916    Port             ''
0x8202e600   916    Mutant           ''
0x82028ef8   916    File             
0x82028f98   916    Event            'WinMMConsoleAudioEvent'
0x821080e0   916    File             
0x8240d008   916    Process          csrss.exe(604)
0x823adbd8   916    Process          winlogon.exe(684)
0x8247a6e0   916    Event            'ReconEvent'
0x82108018   916    Event            'TermSrv:  machine GP event'
0x82063ef8   916    File             '\\Ctx_WinStation_API_service'
0x81f55f78   916    File             '\\Ctx_WinStation_API_service'
0x82063e80   916    Event            ''
0x8239ba30   916    Thread           TID 1804 PID 916
0x81f55e90   916    Event            ''
0x82108728   916    Thread           TID 1808 PID 916
0xe223c410   916    Port             ''
0xe21fbb20   916    Port             ''
0x81f594b0   916    Event            ''
0x825153a8   916    Event            'userenv: Machine Group Policy has been applied'
0x81f52a60   916    Thread           TID 1820 PID 916
0xe21f6c78   916    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER
0xe207d120   916    Key              MACHINE\SOFTWARE\POLICIES
0x82376b08   916    Event            ''
0x82376ad8   916    Event            ''
0x82376aa8   916    Event            ''
0x81f52638   916    Thread           TID 1824 PID 916
0xe2199908   916    Port             ''
0x824ca0c8   916    Event            ''
0x824a64e8   916    File             
0x82379508   916    File             
0xe1cae018   916    Token            '\xed\x86\xa0\xe8\x89\x9e\xe8\x81\x94\x00'
0x823794d0   916    Event            ''
0x821028e8   916    Thread           TID 1544 PID 916
0xe1009698   980    KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   980    Directory        'KnownDlls'
0x8245dec0   980    File             '\\WINDOWS\\system32'
0x81f48180   980    Semaphore        ''
0xe1900510   980    Directory        'Windows'
0xe1c7b460   980    Port             ''
0x81f37d50   980    Semaphore        ''
0xe1658150   980    Directory        'BaseNamedObjects'
0x8209f1f0   980    Mutant           'SHIMLIB_LOG_MUTEX'
0xe1c7b8a0   980    Key              MACHINE
0x82494660   980    WindowStation    'Service-0x0-3e4$'
0x81f3d0b8   980    Event            ''
0x823852f0   980    Desktop          'Default'
0x82494660   980    WindowStation    'Service-0x0-3e4$'
0x820392c8   980    Event            ''
0x81f3d050   980    Semaphore        ''
0x824d99e0   980    Semaphore        ''
0xe1c50570   980    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x824d9930   980    Event            ''
0x82039300   980    File             
0x82084580   980    Event            ''
0xe1ca58f8   980    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   980    Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x823faaf8   980    Event            ''
0x820844f0   980    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x820ecea0   980    Event            ''
0x820eb178   980    Event            ''
0x824e7e60   980    File             '\\net\\NtControlPipe4'
0x820eb148   980    Event            ''
0x820ed218   980    Thread           TID 984 PID 980
0x81f8a430   980    Event            ''
0xe1c8a158   980    Port             ''
0x82386640   980    Thread           TID 988 PID 980
0x824e7e28   980    Event            ''
0x824362e0   980    Event            ''
0x824af150   980    Event            ''
0x824e7df8   980    Event            ''
0x8251dbe0   980    IoCompletion     '\xe2\x92\x98'
0x82116200   980    IoCompletion     ''
0x8251dbe0   980    IoCompletion     '\xe2\x92\x98'
0xe19e82a8   980    Key              USER\S-1-5-20_CLASSES
0xe1c39b28   980    Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x8240c350   980    Event            ''
0xe1957698   980    Key              MACHINE\SOFTWARE\CLASSES\APPID
0x8240c320   980    Event            ''
0x82108610   980    Event            ''
0x824cdbb0   980    Event            ''
0x82108688   980    File             
0xe1ca21d0   980    Port             ''
0x82472d18   980    Event            ''
0xe1c61898   980    Key              MACHINE\SOFTWARE\MICROSOFT\OLE
0x82472d48   980    Event            ''
0xe1c39b90   980    Key              MACHINE\SOFTWARE\MICROSOFT\OLE
0x824d8b48   980    Timer            ''
0x824cdab8   980    Event            ''
0x82386a68   980    Thread           TID 992 PID 980
0x823adb20   980    IoCompletion     ''
0x824cd6b0   980    Timer            ''
0x820eca68   980    Thread           TID 1000 PID 980
0xe1c065a8   980    Key              MACHINE\SOFTWARE\POLICIES
0x824cd648   980    Event            ''
0xe196d758   980    Key              MACHINE\SOFTWARE\POLICIES
0x81f5b470   980    Event            ''
0xe16e6ba0   980    Port             'epmapper'
0x81f5b440   980    Event            ''
0x82386218   980    Thread           TID 1004 PID 980
0x81f57bb0   980    Event            ''
0x82386640   980    Thread           TID 988 PID 980
0xe1c841a8   980    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x81f57b80   980    Event            ''
0xe1c77460   980    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x81f57b18   980    Event            ''
0x81f5b8c0   980    File             
0x81f2a3b0   980    File             '\\Endpoint'
0xe1c8ee48   980    Port             ''
0x82039c18   980    Event            ''
0x823bc008   980    Thread           TID 1008 PID 980
0x8250a678   980    Event            ''
0xe20f8f50   980    Port             ''
0x82039b38   980    File             '\\Endpoint'
0x82039ac0   980    Event            ''
0x8245a008   980    Thread           TID 1012 PID 980
0x823bc430   980    File             '\\Winsock2\\CatalogChangeListener-3d4-0'
0x82039a50   980    Event            ''
0x823bc348   980    File             '\\Endpoint'
0x8245a378   980    File             
0x8245a440   980    File             
0x8245a2b0   980    File             
0x824ddf78   980    File             
0x824ddee0   980    File             
0x824dde70   980    Semaphore        ''
0x824dde40   980    Event            ''
0x823bc308   980    Semaphore        ''
0xe1c61830   980    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe1c8b478   980    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe19e3220   980    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe19fe220   980    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x8245a008   980    Thread           TID 1012 PID 980
0x824ddea8   980    Event            ''
0x8249ecd8   980    File             '\\Endpoint'
0x8204b010   980    File             
0x824496f0   980    Event            ''
0x8204b0b0   980    Event            ''
0x82449720   980    Event            ''
0x823bb438   980    Mutant           ''
0x823bb408   980    Event            ''
0x82101250   980    Mutant           ''
0x82101220   980    Event            ''
0x82109bf8   980    Mutant           ''
0x81f95e48   980    Event            'ScmCreatedEvent'
0x82388308   980    File             '\\Endpoint'
0x81f95e08   980    Event            ''
0xe1c4d1a8   980    Port             ''
0xe1c7d448   980    Port             ''
0x8248baa8   980    Event            ''
0xe19fe770   980    Token            ''
0xe196db10   980    Port             ''
0xe1d2bd90   980    Token            ''
0xe1c7b168   980    Key              MACHINE\SOFTWARE\CLASSES
0xe1d18180   980    Key              MACHINE\SOFTWARE\CLASSES
0x824d5180   980    Event            ''
0xe1eb0b28   980    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x824d5150   980    Event            ''
0xe1eb0ac0   980    Key              USER
0x82505198   980    Event            ''
0xe1eb0a58   980    Key              MACHINE\SOFTWARE\CLASSES
0x82505168   980    Event            ''
0xe1eb09f0   980    Key              USER
0x81f7c970   980    Event            ''
0xe19cf798   980    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f3df40   980    Event            ''
0xe19cf730   980    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f3ded8   980    Event            ''
0xe19cf6c8   980    Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x824b4868   980    Event            ''
0xe19cf660   980    Key              MACHINE\SOFTWARE\CLASSES
0x824b4800   980    Event            ''
0xe1cbdd60   980    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x824a8e88   980    Event            ''
0xe1d22fa0   980    Key              USER
0x824a8e20   980    Event            ''
0xe1ee51a0   980    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x824a8890   980    Event            ''
0xe1d22f38   980    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x824a8828   980    Event            ''
0xe1e061a0   980    Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x824a87c0   980    Event            ''
0x82043cd8   980    Event            ''
0xe1ff35b8   980    Token            ''
0x82043a58   980    Thread           TID 1688 PID 980
0xe1d313b0   980    Port             ''
0xe1ffd530   980    Token            ''
0x823ac588   980    Event            ''
0x820435a0   980    Event            ''
0x82505f78   980    Event            ''
0x82505fa8   980    Event            ''
0x82505f48   980    Event            ''
0x82505db0   980    Event            ''
0x82505b80   980    Event            ''
0x82505b50   980    Event            ''
0x81f2db18   980    Event            ''
0xe2366500   980    Token            ''
0xe21d1428   980    Port             ''
0x825d02c8   980    Event            ''
0x81f32900   980    Event            ''
0x8237e298   980    Event            ''
0x81f3f8d0   980    File             '\\epmapper'
0x8245ac48   980    File             '\\epmapper'
0xe20d8450   980    Token            ''
0xe1fffae0   980    Port             ''
0x82375910   980    Event            ''
0x820eca68   980    Thread           TID 1000 PID 980
0x82031630   980    Event            ''
0x82031600   980    Event            ''
0x82031860   980    Event            ''
0x820eca68   980    Thread           TID 1000 PID 980
0x820315d0   980    Event            ''
0xe1d183b0   980    Port             ''
0xe1f1cb48   980    Port             ''
0x82370438   980    Event            ''
0xe2107458   980    Port             ''
0x82370758   980    Event            ''
0xe20dc3a8   980    Port             ''
0x82370328   980    Event            ''
0x81f2eb08   980    Thread           TID 1900 PID 980
0x823702b8   980    Event            ''
0xe20e0148   980    Port             ''
0xe20ff458   980    Port             ''
0x81f2ea28   980    Event            ''
0x81f2e7a8   980    Thread           TID 1904 PID 980
0xe20d5380   980    Port             ''
0x82110fa8   980    Event            ''
0xe2192c10   980    Port             ''
0x8204c6b8   980    Event            ''
0xe1487f50   980    Port             ''
0xe1f7a758   980    Port             ''
0x820d1878   980    Event            ''
0xe2288958   980    Port             ''
0x81f1f970   980    Event            ''
0x824f7840   980    Event            ''
0x824b0618   980    Event            ''
0x82045368   980    Event            ''
0x82436410   980    Event            ''
0x81f41230   980    Event            ''
0x81f1f420   980    Event            ''
0x824cd778   980    Thread           TID 280 PID 980
0xe2286b08   980    Token            ''
0xe2116e20   980    Port             ''
0xe208f398   980    Token            ''
0x81f86568   980    Event            ''
0x81f23810   980    Thread           TID 536 PID 980
0x824ce638   980    Thread           TID 416 PID 980
0x82387b30   980    Event            ''
0x8211ed10   980    Event            ''
0x82083ed8   980    Event            ''
0x82032c98   980    Event            ''
0x82501fa0   980    Event            ''
0x81f38be8   980    Event            ''
0x824736e8   980    Thread           TID 548 PID 980
0xe16ab828   980    Port             ''
0x824205c0   980    Event            ''
0x824eb6f0   980    Event            ''
0x81f1a2b8   980    Event            ''
0xe16a6ed0   980    Port             ''
0x81f6a328   980    Event            ''
0x82363200   980    Event            ''
0x823a5138   980    Event            ''
0x824d1cd0   980    Event            ''
0x82450a90   980    Event            ''
0x82502a80   980    Event            ''
0x81f3c578   980    Event            ''
0x81f2e2b8   980    Event            ''
0x823a75d8   980    Event            ''
0xe1f7b858   980    Port             ''
0x824d30d8   980    Event            ''
0x823a6ee8   980    Event            ''
0x82047e48   980    Event            ''
0x824b1ef8   980    Event            ''
0xe21609c0   980    Token            ''
0xe2227708   980    Token            ''
0x820cfba0   980    Event            ''
0xe21a9640   980    Port             ''
0x824f1d38   980    Event            ''
0xe196bab0   980    Port             ''
0x824ca350   980    Thread           TID 1396 PID 980
0x823a8350   980    Event            ''
0x81f23ea0   980    Event            ''
0xe21c1b88   980    Token            ''
0x81f23e30   980    Event            ''
0xe227e698   980    Port             ''
0x821333b8   980    Event            ''
0x81f313a8   980    Event            ''
0x824084a0   980    Event            ''
0x82065bf8   980    Process          wmiprvse.exe(1452)
0xe22552b8   980    Port             ''
0x81f5e890   980    Event            ''
0x820ad688   980    Event            ''
0x820ad6b8   980    Event            ''
0x8244a2d8   980    Event            ''
0x8244a228   980    Event            ''
0x824bc4b0   980    Event            ''
0x82502cb0   980    Event            ''
0x82502c80   980    Event            ''
0x82502c50   980    Event            ''
0x82502c20   980    Event            ''
0x82382448   980    Event            ''
0x82382398   980    Event            ''
0x82382368   980    Event            ''
0x82109de0   980    Event            ''
0x8237d9a0   980    Event            ''
0x81f31db0   980    Event            ''
0x81f31d80   980    Event            ''
0x824f7778   980    Event            ''
0xe223c008   980    Port             ''
0x81f59d80   980    Event            ''
0xe1009698   1124   KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   1124   Directory        'KnownDlls'
0x82386ee0   1124   File             '\\WINDOWS\\system32'
0x81f5b4a0   1124   Semaphore        ''
0xe1900510   1124   Directory        'Windows'
0xe1c775a0   1124   Port             ''
0x82074438   1124   Semaphore        ''
0xe1658150   1124   Directory        'BaseNamedObjects'
0x8209f1f0   1124   Mutant           'SHIMLIB_LOG_MUTEX'
0xe1c677c0   1124   Key              MACHINE
0x82403ac8   1124   WindowStation    'Service-0x0-3e7$'
0x81f48270   1124   Event            ''
0x8209b820   1124   Desktop          'Default'
0x82403ac8   1124   WindowStation    'Service-0x0-3e7$'
0x82067928   1124   Event            ''
0x82518c80   1124   Semaphore        ''
0x82518c48   1124   Semaphore        ''
0xe1c67758   1124   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x824d18e8   1124   Event            'DINPUTWINMM'
0x820ecf78   1124   File             
0x82518bd8   1124   Event            ''
0x8203e008   1124   Event            ''
0xe1c8dd58   1124   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   1124   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x82405f20   1124   Event            'userenv:  User Profile setup event'
0x823ad850   1124   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1cb0510   1124   Token            '\xed\x86\xa0'
0x824b1168   1124   Event            ''
0x824b1130   1124   Semaphore        ''
0x824dda70   1124   Semaphore        ''
0x824dda38   1124   Semaphore        ''
0x824dda00   1124   Semaphore        ''
0x820ef2d8   1124   Semaphore        ''
0x820ef2a0   1124   Semaphore        ''
0x820ef268   1124   Semaphore        ''
0x820ef230   1124   Semaphore        ''
0x820efb28   1124   Semaphore        ''
0x820efaf0   1124   Semaphore        ''
0x820efab8   1124   Semaphore        ''
0x820efa80   1124   Semaphore        ''
0x820ef200   1124   Event            ''
0x824dd9d0   1124   Event            ''
0x820efa50   1124   Event            ''
0x81f3f990   1124   Event            ''
0x8204ba78   1124   Thread           TID 1128 PID 1124
0xe1c774e8   1124   Port             ''
0x81f3f960   1124   Event            ''
0x8249b418   1124   IoCompletion     '\xe2\x92\x98'
0x823888c0   1124   File             '\\net\\NtControlPipe5'
0x824e59c8   1124   IoCompletion     ''
0x8249b418   1124   IoCompletion     '\xe2\x92\x98'
0xe19e32c0   1124   Port             ''
0x8248b9e0   1124   Event            ''
0x8248b6b8   1124   Event            ''
0x8248b688   1124   Event            ''
0xe16daa20   1124   Port             'ThemeApiPort'
0x8248b658   1124   Event            ''
0x8248b628   1124   Event            ''
0x8248b570   1124   Timer            ''
0x8248b540   1124   Event            ''
0x81f77d88   1124   Thread           TID 1136 PID 1124
0x82490210   1124   IoCompletion     ''
0x8248b490   1124   Event            ''
0x8248b6e8   1124   Thread           TID 1132 PID 1124
0x82046610   1124   Event            ''
0x81f77b08   1124   Thread           TID 1140 PID 1124
0x82517268   1124   File             
0x823bd680   1124   File             
0x823bd010   1124   File             
0x823bd5e8   1124   File             
0x823bd550   1124   File             
0x820460a8   1124   Semaphore        ''
0x823adbd8   1124   Process          winlogon.exe(684)
0xe1c939d0   1124   Port             ''
0x81f3fa28   1124   Semaphore        ''
0xe1ca26b0   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe1caee80   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe1c84658   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe1c8f858   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x823bd518   1124   Event            ''
0x8207a950   1124   Thread           TID 1160 PID 1124
0x82370118   1124   Event            ''
0xe1c84d98   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x823adbd8   1124   Process          winlogon.exe(684)
0x823adbd8   1124   Process          winlogon.exe(684)
0x8209e318   1124   Timer            ''
0x823873a8   1124   Thread           TID 1204 PID 1124
0x824a8118   1124   Event            ''
0xe1cb6650   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x820f2568   1124   Event            ''
0x8207a950   1124   Thread           TID 1160 PID 1124
0x823adbd8   1124   Process          winlogon.exe(684)
0xe1c3a1d8   1124   Port             ''
0xe1cadc80   1124   Section          '\xe2\x99\x98\xe8\x89\x9c\xe2\xa2\x88\xe8\x89\x9c'
0x823c11b8   1124   Event            ''
0xe1cac3c0   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\DHCP\PARAMETERS
0xe1c933d0   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe1ca4e98   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\DHCP\PARAMETERS\OPTIONS
0xe1c61e10   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES
0x824ddc50   1124   Timer            ''
0x824ddc20   1124   Event            ''
0x824ddbf0   1124   Event            ''
0x8207a8e8   1124   Event            'DHCPNEWIPADDRESS'
0x82046330   1124   Event            ''
0x8204b2c0   1124   Event            '\xe3\xb2\xa0'
0xe1c86dc0   1124   Port             ''
0x8204b260   1124   Event            ''
0xe1c98b58   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\DNSREGISTEREDADAPTERS
0x8204b230   1124   Event            ''
0x8204b200   1124   Event            ''
0x820ef638   1124   Thread           TID 1224 PID 1124
0x8204a798   1124   Event            ''
0xe16d6840   1124   Port             'dhcpcsvc'
0x8204a768   1124   Event            ''
0x824b1c00   1124   Thread           TID 1228 PID 1124
0x824ae350   1124   Event            ''
0x82387bf8   1124   Event            ''
0x824ac010   1124   File             
0x820e9e78   1124   Semaphore        ''
0xe1cca0b0   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{CDDF30A1-6EDA-45D2-A3DC-4C69A56FD218}
0x823c0cc8   1124   File             
0x82405468   1124   Event            'crypt32LogoffEvent'
0x823c13f0   1124   Event            ''
0xe1947b58   1124   Section          'AtlDebugAllocator_FileMappingNameStatic3_464'
0x8209f700   1124   File             
0x82515cb0   1124   WmiGuid          ''
0x821268a0   1124   WmiGuid          ''
0x8242ab10   1124   Event            ''
0x8204b650   1124   Process          svchost.exe(1124)
0x82389ae0   1124   Event            ''
0x82389a78   1124   Event            ''
0x820ccd88   1124   Process          VMwareTray.exe(1964)
0xe1c3f148   1124   Port             ''
0x820a98c0   1124   Semaphore        ''
0xe1f36570   1124   Port             ''
0x82383248   1124   Event            'WkssvcToAgentStopEvent'
0x82383288   1124   Event            'WkssvcToAgentStartEvent'
0x8202bd58   1124   Event            ''
0x82383208   1124   Event            'AgentToWkssvcEvent'
0x823bf888   1124   Semaphore        ''
0x823bfaf8   1124   Semaphore        ''
0x81f2f070   1124   Event            ''
0x82506fd8   1124   Event            ''
0x823bfbc8   1124   Semaphore        ''
0x820ae598   1124   Semaphore        ''
0xe1cf9368   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\WZCTRACE
0x81f2f040   1124   Event            ''
0x823c08b8   1124   Event            ''
0x823c0888   1124   Event            ''
0x81f2c008   1124   Event            ''
0xe1e05438   1124   Port             ''
0x8247a5a8   1124   Event            ''
0x824ea400   1124   Event            ''
0x81f7dd88   1124   Thread           TID 540 PID 1124
0x824de138   1124   Event            ''
0xe1cae018   1124   Token            '\xed\x86\xa0\xe8\x89\x9e\xe8\x81\x94\x00'
0x82517140   1124   Event            ''
0x81f4b498   1124   Thread           TID 1952 PID 1124
0x8203c578   1124   Event            ''
0x824d1608   1124   Process          ctfmon.exe(2008)
0xe1d32148   1124   Port             ''
0xe20de548   1124   Port             ''
0x82110460   1124   Event            ''
0x820452d8   1124   Event            ''
0xe20db328   1124   Port             ''
0x81f234a8   1124   Event            ''
0x81f2d2f0   1124   Process          rundll32.exe(1956)
0x8235c520   1124   Event            ''
0x81f2c058   1124   Semaphore        ''
0x824ae138   1124   Semaphore        ''
0xe1d32668   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\EAPOL
0x824ae108   1124   Event            ''
0x82539e30   1124   Event            ''
0x81f7c770   1124   WmiGuid          ''
0x824ae010   1124   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82433850   1124   Semaphore        ''
0x82433818   1124   Semaphore        ''
0xe195d308   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\EAPOLQEC
0x820386b8   1124   Event            ''
0x8250c608   1124   Event            ''
0x824ec338   1124   Event            ''
0xe1fda4e8   1124   Key              MACHINE\SOFTWARE\MICROSOFT\NETWORKACCESSPROTECTION\NAPCLIENT
0x821220d8   1124   Event            ''
0x82538cf8   1124   Event            ''
0x8242c960   1124   Thread           TID 1492 PID 1124
0xe1e07ed0   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1953db0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x8245d988   1124   Event            ''
0xe1e07e68   1124   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82117288   1124   Event            ''
0xe1fdb378   1124   Key              USER
0x82117220   1124   Event            ''
0xe1e395a0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f893e8   1124   Event            ''
0xe1e07fa0   1124   Key              USER
0x81f893b8   1124   Event            ''
0xe1e07f38   1124   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f89478   1124   Event            ''
0xe1e39670   1124   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f89448   1124   Event            ''
0xe1e39608   1124   Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x81f89418   1124   Event            ''
0xe1cf3290   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824ec2d8   1124   Event            ''
0xe1cf3228   1124   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x824ec2a8   1124   Event            ''
0xe1e396d8   1124   Key              USER
0x824ec278   1124   Event            ''
0xe1d029b0   1124   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f86340   1124   Event            ''
0xe1e007b0   1124   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82122320   1124   Event            ''
0xe1dff868   1124   Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x824ea178   1124   Event            ''
0xe1c16210   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1ce8ab0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f86370   1124   Semaphore        ''
0x825155d0   1124   Semaphore        ''
0xe1eba2a8   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\EAPOLQECCB
0x824ec308   1124   Event            ''
0x82456b98   1124   Event            ''
0x8207be08   1124   Event            ''
0x8247a1a8   1124   Event            ''
0x81f2cd28   1124   Event            ''
0x823a94f0   1124   Semaphore        ''
0x823a94b8   1124   Semaphore        ''
0x824d6820   1124   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1ce8b18   1124   Key              USER\.DEFAULT
0x82497a98   1124   Event            ''
0x82497a68   1124   Event            ''
0xe1d22c58   1124   Key              MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_PROTOCOL_LOCKDOWN
0xe1ce8a48   1124   Key              USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x820ad440   1124   WmiGuid          ''
0x81f2c478   1124   Mutant           ''
0x824ab358   1124   Event            ''
0x81f2ce90   1124   Mutant           ''
0x82458438   1124   Event            ''
0x81f2c448   1124   Event            ''
0x82539da0   1124   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x81f2ce50   1124   Mutant           ''
0x82495a50   1124   Event            ''
0x824ec530   1124   Event            ''
0x81f2ce10   1124   Mutant           ''
0x82450a50   1124   Event            ''
0x82045290   1124   Mutant           ''
0x8245bc20   1124   Mutant           ''
0x82077948   1124   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x8235c570   1124   Mutant           'RasPbFile'
0x82077910   1124   Event            ''
0x81f79150   1124   Event            ''
0x81f8ab50   1124   Event            ''
0x81f8ab20   1124   Event            ''
0x81f41188   1124   File             '\\lsarpc'
0x82404df8   1124   WmiGuid          ''
0x8246f940   1124   Event            ''
0x824a1940   1124   Thread           TID 1488 PID 1124
0x82515098   1124   Semaphore        ''
0x824a3408   1124   Semaphore        ''
0xe1c192f8   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\SVCHOST_RASTLS
0x82045260   1124   Event            ''
0xe1963750   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\ONEEXSUP
0x8244c760   1124   Event            ''
0x823a9418   1124   Event            ''
0xe1e50428   1124   Port             ''
0x823a0f00   1124   Semaphore        ''
0x82502e38   1124   Semaphore        ''
0xe1c15458   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\SVCHOST_RASCHAP
0x82502e08   1124   Event            ''
0xe1d47c08   1124   Port             ''
0x82360878   1124   Event            ''
0x81f49e38   1124   Semaphore        ''
0x81f95c98   1124   Semaphore        ''
0x81f49e00   1124   Semaphore        ''
0x81f49dc8   1124   Semaphore        ''
0x81f49d98   1124   Event            ''
0x823a0f40   1124   File             '\\winlogonrpc'
0x824ea960   1124   WmiGuid          ''
0xe1cae018   1124   Token            '\xed\x86\xa0\xe8\x89\x9e\xe8\x81\x94\x00'
0xe1cae018   1124   Token            '\xed\x86\xa0\xe8\x89\x9e\xe8\x81\x94\x00'
0x8245c6e8   1124   Semaphore        ''
0x8203c250   1124   Event            '\xe3\xb2\xa0'
0xe16ceaa8   1124   Port             'wzcsvc'
0x81f82350   1124   WmiGuid          ''
0x824ec5a0   1124   Event            ''
0x820e0be8   1124   Event            ''
0x81f4b910   1124   Thread           TID 1948 PID 1124
0x82373770   1124   Thread           TID 1660 PID 1124
0x82131990   1124   WmiGuid          ''
0x8245cd88   1124   Thread           TID 1652 PID 1124
0x81f49500   1124   Event            ''
0x8245c6b0   1124   Semaphore        ''
0x824acf20   1124   Event            ''
0xe1c1c288   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\WLPOLICY
0x8245c680   1124   Event            ''
0x82383fd8   1124   Event            'WIRELESS_POLICY_CHANGE_EVENT'
0x82046ef8   1124   Event            ''
0x81f4fef8   1124   Event            ''
0x82383f98   1124   Event            ''
0x82383f68   1124   Event            ''
0x82032560   1124   Thread           TID 1656 PID 1124
0x82383ef8   1124   Event            ''
0x82373770   1124   Thread           TID 1660 PID 1124
0x823c0858   1124   Event            ''
0x8237f4c0   1124   Event            '{D39E8ECF-CC58-4DE8-B237-4D3E0398772A}ShellHWDetection'
0x8237f4c0   1124   Event            '{D39E8ECF-CC58-4DE8-B237-4D3E0398772A}ShellHWDetection'
0xe1fde330   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe2090480   1124   Port             ''
0xe16ca830   1124   Port             'OLE401E87C063FB428ABA415E51E5C3'
0xe1fde2c8   1124   Key              MACHINE\SOFTWARE\CLASSES
0x823c0828   1124   Event            ''
0x81f38d88   1124   Thread           TID 1672 PID 1124
0x824ecd88   1124   Process          explorer.exe(1636)
0xe1f8fe30   1124   Port             ''
0x820ad630   1124   Event            ''
0x820ad590   1124   Event            ''
0x82122518   1124   Event            ''
0xe1d22e68   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1d2c3b0   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1c115e0   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1d2c348   1124   Key              MACHINE\SOFTWARE\CLASSES
0x820b3ab8   1124   File             '\\WINDOWS\\SchedLgU.Txt'
0x823acd88   1124   Thread           TID 1704 PID 1124
0x81f49578   1124   Desktop          'SADesktop'
0x82025ca8   1124   Event            ''
0x8249f628   1124   WindowStation    'SAWinSta'
0x82025c48   1124   Event            ''
0x82025c18   1124   Event            ''
0x82025be8   1124   Event            ''
0x8236f008   1124   Timer            ''
0x8236f100   1124   Event            ''
0x8236f0d0   1124   Event            ''
0xe1cae018   1124   Token            '\xed\x86\xa0\xe8\x89\x9e\xe8\x81\x94\x00'
0x823acd88   1124   Thread           TID 1704 PID 1124
0x820b3478   1124   File             '\\atsvc'
0x820b3e80   1124   File             '\\atsvc'
0x8239f418   1124   Event            ''
0x81f7cac8   1124   Thread           TID 1716 PID 1124
0x81f85790   1124   Event            ''
0x8237fb90   1124   Thread           TID 1720 PID 1124
0x81f85760   1124   Event            ''
0x8250ed88   1124   Thread           TID 1724 PID 1124
0x81f3f848   1124   Event            ''
0x82042930   1124   Thread           TID 1728 PID 1124
0x823acab8   1124   Mutant           ''
0x8245abc0   1124   Event            ''
0x823aca88   1124   Event            ''
0x823aca58   1124   Event            ''
0x823aca28   1124   Event            ''
0x820426b0   1124   Thread           TID 1732 PID 1124
0x81f38630   1124   Event            ''
0x82042680   1124   Event            ''
0x82042640   1124   Mutant           ''
0x82042610   1124   Event            ''
0x820425e0   1124   Event            ''
0x820425b0   1124   Event            'PrefetchOverrideIdle'
0x81f7ca98   1124   Event            'PrefetchProcessingComplete'
0x81f7ca48   1124   Mutant           ''
0xe1ff63c0   1124   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PREFETCHER
0x8204cc68   1124   Event            'PrefetchTracesReady'
0x8238a008   1124   Event            ''
0x820426b0   1124   Thread           TID 1732 PID 1124
0x81f3a8d8   1124   File             '\\WINDOWS\\Tasks'
0x820edc10   1124   Event            'PrefetchParametersChanged'
0x82505778   1124   Thread           TID 1744 PID 1124
0x82042510   1124   Event            'SAConEvt'
0x8249c198   1124   Event            ''
0x82375b08   1124   Thread           TID 1756 PID 1124
0x820f8390   1124   Event            ''
0x8240aba8   1124   Event            ''
0x824b2590   1124   Event            ''
0x8249c228   1124   Event            ''
0x82505778   1124   Thread           TID 1744 PID 1124
0x8249c1f8   1124   Event            '\xe3\xb2\xa0'
0x820f8320   1124   Event            ''
0x8249c1c8   1124   Event            '\xe3\xb2\xa0'
0x8249c168   1124   Event            ''
0xe1e047e0   1124   Port             ''
0xe20674f0   1124   Port             ''
0x8249c138   1124   Event            ''
0x82375d88   1124   Thread           TID 1752 PID 1124
0x82375328   1124   Semaphore        ''
0x8249c1f8   1124   Event            '\xe3\xb2\xa0'
0x8249c1c8   1124   Event            '\xe3\xb2\xa0'
0x824ae390   1124   WmiGuid          ''
0x82375360   1124   Event            ''
0x820f8400   1124   Semaphore        ''
0x8245be98   1124   Semaphore        ''
0x820edbc8   1124   Semaphore        ''
0xe1fff4d8   1124   Section          'mmGlobalPnpInfo'
0x820f1f00   1124   Semaphore        ''
0x8250ec10   1124   Event            ''
0x820f1f38   1124   Event            ''
0xe1c7b360   1124   Port             'AudioSrv'
0x8250ed58   1124   Event            ''
0x81f27d88   1124   Thread           TID 1780 PID 1124
0xe1cae018   1124   Token            '\xed\x86\xa0\xe8\x89\x9e\xe8\x81\x94\x00'
0xe1fff260   1124   Key              USER
0xe2117e58   1124   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\HWORDER
0x824367d0   1124   Event            ''
0x8250ec40   1124   Mutant           ''
0x8250ec80   1124   Event            ''
0xe1d336e8   1124   Port             ''
0x8250ecb0   1124   Semaphore        ''
0x81f233a0   1124   Semaphore        ''
0x81f27418   1124   File             
0x8240ac48   1124   File             
0x824d8a18   1124   Semaphore        ''
0x81f27380   1124   File             '\\wkssvc'
0xe1951e20   1124   Port             ''
0x8236ef18   1124   Event            ''
0x823bba30   1124   Thread           TID 1796 PID 1124
0xe209d440   1124   Token            ''
0x8251a070   1124   Event            ''
0xe1fff900   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe2093258   1124   Port             ''
0xe208e768   1124   Port             ''
0x820cb308   1124   Thread           TID 1876 PID 1636
0x824ecd88   1124   Process          explorer.exe(1636)
0x823ad8e8   1124   Event            ''
0xe20986f0   1124   Token            ''
0xe20d9cc0   1124   Port             ''
0xe210d550   1124   Token            ''
0x81f2ea58   1124   Event            ''
0x824778c8   1124   Event            'wkssvc:  MUP finished initializing event'
0x81f274b0   1124   File             '\\wkssvc'
0x82456008   1124   Event            '\xe3\xb2\xa0'
0x823a5378   1124   Thread           TID 248 PID 1124
0x824957b8   1124   WmiGuid          ''
0xe20ed1a0   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\LANMANWORKSTATION\PARAMETERS
0x81f5e930   1124   Event            ''
0x824d8858   1124   Semaphore        ''
0x824d8820   1124   Semaphore        ''
0x81f60a28   1124   Semaphore        ''
0x82077e30   1124   Event            ''
0x82076e10   1124   WmiGuid          ''
0x820d7390   1124   Event            ''
0x824fcd88   1124   Thread           TID 332 PID 1124
0x820edb08   1124   Semaphore        'shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}'
0xe1f88440   1124   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\BITS
0x81f535e0   1124   Event            ''
0x823944b0   1124   Event            ''
0x824f94d8   1124   Event            ''
0x824f94a8   1124   Event            ''
0x82452ca8   1124   Event            ''
0x82452c78   1124   Event            ''
0x81f85640   1124   Event            ''
0x823944e0   1124   Mutant           ''
0x820e0330   1124   Timer            ''
0x81f85610   1124   Event            ''
0x820a3708   1124   Mutant           ''
0x8240fd80   1124   Semaphore        ''
0x824fcd88   1124   Thread           TID 332 PID 1124
0x8240fd50   1124   Event            ''
0x824a41c8   1124   File             '\\Endpoint'
0x82040068   1124   Event            ''
0x820d5008   1124   Event            ''
0x820d5068   1124   Event            ''
0x8240d410   1124   Event            ''
0x81f56de0   1124   File             '\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Network\\Downloader\\qmgr0.dat'
0x8209b0d8   1124   File             '\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Network\\Downloader\\qmgr1.dat'
0x824c0448   1124   Event            ''
0x824c0418   1124   Event            ''
0x820f9008   1124   Event            ''
0x820f9068   1124   Event            ''
0x82538620   1124   Event            ''
0x825385f0   1124   Event            ''
0x8249c720   1124   Event            ''
0x8249c6f0   1124   Event            ''
0x82395008   1124   Event            ''
0x82395068   1124   Event            ''
0x823a1748   1124   Event            'ReSyncKernel'
0xe19da870   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824eb6c0   1124   Event            ''
0x824d3298   1124   Event            ''
0x82057738   1124   Mutant           ''
0x81f5f7d0   1124   Thread           TID 380 PID 1124
0x824d32c8   1124   Event            ''
0x824e62e0   1124   Event            ''
0x820836a8   1124   Event            ''
0xe210b370   1124   Port             ''
0xe1cb0510   1124   Token            '\xed\x86\xa0'
0xe2103b30   1124   Token            ''
0x820fd168   1124   Mutant           '0CADFD67AF62496dB34264F000F5624A'
0x82121ef0   1124   Mutant           '4FCC0DEFE22C4f138FB9D5AF25FD9398'
0x81f36018   1124   Mutant           '238FAD3109D3473aB4764B20B3731840'
0x82083f38   1124   Event            ''
0x82121eb0   1124   Event            ''
0x82490f78   1124   File             '\\keysvc'
0x8240d718   1124   File             '\\keysvc'
0xe15903b8   1124   Port             'keysvc'
0x81f36068   1124   Event            ''
0x8210c540   1124   Thread           TID 388 PID 1124
0xe1f77d90   1124   Token            ''
0x824710a8   1124   Event            ''
0x825077d8   1124   Event            ''
0x824208b0   1124   Event            ''
0x82122158   1124   Event            ''
0xe1cae018   1124   Token            '\xed\x86\xa0\xe8\x89\x9e\xe8\x81\x94\x00'
0x8209b2f8   1124   File             
0x8211b5c0   1124   Semaphore        ''
0x81f97590   1124   Event            ''
0x823a57d0   1124   Thread           TID 400 PID 1124
0x82035040   1124   Event            ''
0x824350e0   1124   File             '\\PCHHangRepExecPipe'
0xe210d470   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82516868   1124   Event            ''
0xe210f610   1124   Key              MACHINE\SOFTWARE\CLASSES
0x825164b8   1124   Event            ''
0x824ce210   1124   Thread           TID 412 PID 1124
0x82057778   1124   Semaphore        ''
0xe1578018   1124   Port             'senssvc'
0x82516488   1124   Event            ''
0x82516458   1124   Event            ''
0x82383128   1124   File             '\\PCHFaultRepExecPipe'
0xe1947b58   1124   Section          'AtlDebugAllocator_FileMappingNameStatic3_464'
0x824720c8   1124   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1947b58   1124   Section          'AtlDebugAllocator_FileMappingNameStatic3_464'
0x825047e0   1124   WmiGuid          ''
0x821042d0   1124   Event            ''
0xe21229e0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82067210   1124   File             '\\WINDOWS\\pchealth\\helpctr\\BATCH'
0xe21119d0   1124   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER
0x82083f08   1124   Event            ''
0x82047008   1124   WmiGuid          ''
0x824cb5b8   1124   Event            '\xe3\xb2\xa0'
0x824b4940   1124   Event            ''
0x82471010   1124   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x824710d8   1124   Event            ''
0x825077a8   1124   Event            ''
0x82507778   1124   Event            ''
0x81f32218   1124   Event            '\xe3\xb2\xa0'
0xe1f77178   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe20a6c38   1124   Key              MACHINE\SOFTWARE\POLICIES
0x820672f8   1124   Event            ''
0x824b26f0   1124   Event            ''
0x824cb5e8   1124   Event            '\xe3\xb2\xa0'
0x820d7460   1124   Event            '\xe3\xb2\xa0'
0x824cb5e8   1124   Event            '\xe3\xb2\xa0'
0x820d7460   1124   Event            '\xe3\xb2\xa0'
0x8250c220   1124   Semaphore        'PowerProfileRegistrySemaphore'
0x8242a5a0   1124   Event            ''
0x82067360   1124   File             '\\lsarpc'
0x820ab298   1124   Timer            ''
0x820ab268   1124   Event            ''
0x82497bf8   1124   Event            ''
0xe173cd00   1124   Port             ''
0x825af178   1124   Event            'VxKernel2VoldEvent'
0x81f25290   1124   Semaphore        ''
0x820b5c98   1124   IoCompletion     ''
0x82039780   1124   Mutant           'SRDataStore'
0x8203b308   1124   File             
0x82070fd8   1124   Event            'SRCounter'
0x820329e0   1124   Event            'SRStopEvent'
0x82032920   1124   Event            'SRInitEvent'
0x82476908   1124   Event            '\xe3\xb2\xa0'
0x82032960   1124   Event            'SRIdleReqEvent'
0x824b2de8   1124   File             
0x82039780   1124   Mutant           'SRDataStore'
0x82501160   1124   Event            'WINMGMT_COREDLL_CANSHUTDOWN'
0x82474318   1124   File             '\\WINDOWS\\system32\\wbem\\mof'
0x824b1c00   1124   Thread           TID 1228 PID 1124
0x82104338   1124   Mutant           ''
0x8236e730   1124   Event            ''
0x82032990   1124   Mutant           ''
0x8236e700   1124   Event            ''
0x82474bf8   1124   Thread           TID 488 PID 1124
0xe1d5c368   1124   Section          'SENS Information Cache'
0x81f2d760   1124   Event            'SENS Started Event'
0x82069bf8   1124   Event            ''
0xe1f7a418   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82497c28   1124   Event            ''
0x823bbe38   1124   Semaphore        ''
0xe1eb7328   1124   Key              MACHINE\SOFTWARE\CLASSES
0x820d7940   1124   Event            'W32TIME_NAMED_EVENT_SYSTIME_NOT_CORRECT'
0xe1c29b78   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824747c0   1124   Event            ''
0x8206a628   1124   Event            ''
0x824cf958   1124   Event            ''
0x823a75a0   1124   Event            '\xe3\xb2\xa0'
0x823a7570   1124   Event            ''
0x823a6010   1124   File             '\\W32TIME'
0x8242a010   1124   File             '\\W32TIME'
0x8242a0d8   1124   Event            ''
0x825153a8   1124   Event            'userenv: Machine Group Policy has been applied'
0x820697f0   1124   Thread           TID 508 PID 1124
0x82389c50   1124   File             
0x820693c8   1124   Thread           TID 512 PID 1124
0x823a6648   1124   Event            ''
0x820aa250   1124   File             '\\WINDOWS\\WindowsUpdate.log'
0x82365d38   1124   WaitablePort     'TRKWKS_PORT'
0x825bf770   1124   Event            'TRKWKS_EVENT'
0x823a6a60   1124   File             '\\trkwks'
0x81f89548   1124   File             '\\trkwks'
0xe156cf50   1124   Port             'trkwks'
0x82507f88   1124   Event            ''
0x82472498   1124   Thread           TID 516 PID 1124
0x82507f58   1124   Event            '\xe3\xb2\xa0'
0xe15900c0   1124   Port             'SECLOGON'
0x82472468   1124   Event            ''
0x824743a8   1124   Thread           TID 520 PID 1124
0x82123618   1124   Event            'WMI_SysEvent_LodCtr'
0x82498a00   1124   Event            'WMI_SysEvent_UnLodCtr'
0x821235b0   1124   Event            'WINMGMT_PROVIDER_CANSHUTDOWN'
0x823c8498   1124   Event            'WMI_RevAdap_Set'
0x8211bb08   1124   Event            'WMI_RevAdap_ACK'
0x8211bac8   1124   Event            'WMI_ProcessIdleTasksStart'
0x8211ba88   1124   Event            'WMI_ProcessIdleTasksComplete'
0x82507f28   1124   Event            ''
0xe20a6db0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x820410f0   1124   Event            ''
0x820330c0   1124   Event            ''
0x820693c8   1124   Thread           TID 512 PID 1124
0xe1f52e90   1124   Key              MACHINE\SYSTEM\SETUP
0x81f32218   1124   Event            '\xe3\xb2\xa0'
0x82048598   1124   Event            ''
0x8209fbe0   1124   Event            ''
0x824a89e0   1124   Thread           TID 1616 PID 1124
0x825129d0   1124   File             
0x823aab30   1124   Event            ''
0x82454768   1124   Event            ''
0x824d0260   1124   Event            ''
0xe2110c80   1124   Key              MACHINE\SOFTWARE\MICROSOFT\EVENTSYSTEM\{26C409CC-AE86-11D1-B616-00805FC79216}
0xe16f7d50   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1fd8370   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824546d0   1124   Event            ''
0xe222e540   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824d6750   1124   Event            ''
0x824d6720   1124   Event            ''
0x820ee7d0   1124   Process          svchost.exe(1208)
0x82501f38   1124   Event            ''
0x823a5378   1124   Thread           TID 248 PID 1124
0x82067f78   1124   File             '\\$Extend\\$ObjId'
0x82501f08   1124   Event            ''
0x82067ee0   1124   File             '\\System Volume Information\\tracking.log'
0x82365500   1124   Event            ''
0x8206b308   1124   Thread           TID 584 PID 1124
0xe1f79960   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe2110c18   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82074b28   1124   Mutant           'WindowsUpdateTracingMutex'
0x82474bf8   1124   Thread           TID 488 PID 1124
0x82110810   1124   Event            ''
0xe2195938   1124   Port             ''
0x821107e0   1124   Event            ''
0x824cf540   1124   Thread           TID 492 PID 1124
0x824cf540   1124   Thread           TID 492 PID 1124
0x8237f3c0   1124   Event            ''
0x82365498   1124   Event            ''
0x823a5bf8   1124   Thread           TID 624 PID 1124
0xe1f5a310   1124   Port             ''
0x8204a900   1124   Event            ''
0x82365568   1124   Event            ''
0x8204a898   1124   Event            ''
0x820ec598   1124   Event            ''
0x824cf540   1124   Thread           TID 492 PID 1124
0xe1f7c5f8   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1efe118   1124   Key              MACHINE\SOFTWARE\MICROSOFT\EVENTSYSTEM\{26C409CC-AE86-11D1-B616-00805FC79216}\EVENTCLASSES
0xe1efc688   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe16f6a90   1124   Key              MACHINE\SOFTWARE\MICROSOFT\EVENTSYSTEM\{26C409CC-AE86-11D1-B616-00805FC79216}\SUBSCRIPTIONS
0x820ec530   1124   Event            ''
0x824ea6e0   1124   Thread           TID 636 PID 1124
0xe1f774f8   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f77b08   1124   Thread           TID 1140 PID 1124
0x82387b00   1124   Event            ''
0xe1f88558   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1f65828   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82400e60   1124   File             '\\Endpoint'
0x823c0558   1124   Event            ''
0x82387ad0   1124   Event            ''
0x823c0528   1124   Event            ''
0x8242cf30   1124   WmiGuid          ''
0x824ea6e0   1124   Thread           TID 636 PID 1124
0x823c04f8   1124   Event            ''
0x820384b8   1124   Event            ''
0x824ea6e0   1124   Thread           TID 636 PID 1124
0xe21192e8   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1cadce8   1124   Section          ''
0x8242cf00   1124   Event            ''
0x824600b8   1124   File             '\\WINDOWS\\system32\\es.dll'
0xe1f6c710   1124   Key              MACHINE\SOFTWARE\CLASSES
0x8242ced0   1124   Event            ''
0x82501120   1124   Event            ''
0x825010f0   1124   Event            ''
0x82504f30   1124   WmiGuid          ''
0x824d0138   1124   Event            ''
0xe1f32938   1124   Key              MACHINE\SOFTWARE\CLASSES
0x8212e1c0   1124   File             '\\WINDOWS\\system32\\stdole2.tlb'
0xe2091258   1124   Section          ''
0xe1f52e28   1124   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0xe1c8e578   1124   Section          'RotHintTable'
0x82475138   1124   Event            ''
0xe1f54260   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824ce210   1124   Thread           TID 412 PID 1124
0xe219d370   1124   Port             ''
0xe20cb400   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe20a85f0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x821107b0   1124   Event            ''
0x82476908   1124   Event            '\xe3\xb2\xa0'
0x824d4a80   1124   Event            ''
0x824a89e0   1124   Thread           TID 1616 PID 1124
0x81f61a68   1124   Mutant           'ShimCacheMutex'
0xe1919518   1124   Section          'ShimSharedMemory'
0x823a5008   1124   Event            ''
0xe20f8d30   1124   Key              MACHINE\SOFTWARE\CLASSES
0x8210b008   1124   Event            ''
0x81f5e860   1124   Event            ''
0x8210b0d8   1124   Event            ''
0x8210b0a8   1124   Event            ''
0x81f5a2b0   1124   File             '\\wkssvc'
0x8210b078   1124   Event            ''
0x824a92b8   1124   Event            ''
0x824a9288   1124   Event            ''
0x81f3c640   1124   Event            ''
0x8210b048   1124   Event            ''
0x81f3c610   1124   Event            ''
0x81f3c5e0   1124   Event            ''
0x81f31fa8   1124   Event            ''
0xe21129b0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x823aabf0   1124   Mutant           ''
0xe21e8918   1124   Port             ''
0xe20c6a48   1124   Key              MACHINE\SOFTWARE\MICROSOFT\SECURITY CENTER
0x8206e738   1124   File             
0x81f3cd58   1124   Event            ''
0xe16f7e58   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe16d0698   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe2111688   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f3ccb8   1124   Event            ''
0x81f32870   1124   File             '\\Endpoint'
0x81f3cce8   1124   Mutant           ''
0x823a6fd8   1124   Event            ''
0xe1f7b3c0   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1f6e198   1124   Key              MACHINE\SOFTWARE\CLASSES
0x823ff060   1124   Event            ''
0xe16d0768   1124   Key              MACHINE\SOFTWARE\CLASSES
0x823a6f48   1124   Event            ''
0xe20a63c0   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe20f8e28   1124   Key              MACHINE\SOFTWARE\CLASSES
0x823a6f18   1124   Event            ''
0x823c8c40   1124   Event            '\xe3\xb2\xa0'
0xe1f7b358   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1691670   1124   Key              MACHINE\SOFTWARE\CLASSES
0x821112b0   1124   Event            ''
0x8207ec70   1124   File             '\\WINDOWS\\system32\\wbem\\Repository\\FS\\MAPPING1.MAP'
0x82047e80   1124   File             '\\WINDOWS\\system32\\wbem\\Repository\\FS\\MAPPING2.MAP'
0x81f1eda0   1124   File             '\\WINDOWS\\system32\\wbem\\Repository\\FS\\MAPPING.VER'
0x8202bf78   1124   File             '\\WINDOWS\\system32\\wbem\\Repository\\FS\\INDEX.MAP'
0x81f1bf78   1124   File             '\\WINDOWS\\system32\\wbem\\Repository\\FS\\OBJECTS.MAP'
0x8244c230   1124   File             '\\WINDOWS\\system32\\wbem\\Repository\\FS\\OBJECTS.DATA'
0x82069e08   1124   File             '\\WINDOWS\\system32\\wbem\\Repository\\FS\\INDEX.BTR'
0xe1f3c758   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1f770d8   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe20b8840   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1f7c808   1124   Section          'Wmi Provider Sub System Counters'
0x82112af8   1124   Event            ''
0x82504250   1124   Event            ''
0x823c8868   1124   Event            ''
0x820350e0   1124   Event            'WBEM_ESS_OPEN_FOR_BUSINESS'
0x824ccbf8   1124   Thread           TID 796 PID 1124
0x821235b0   1124   Event            'WINMGMT_PROVIDER_CANSHUTDOWN'
0x81f27928   1124   Job              'WmiProviderSubSystemHostJob'
0x82370e20   1124   Event            ''
0x82032e48   1124   Event            ''
0x824d1c98   1124   Semaphore        ''
0x81f5e460   1124   Process          vmtoolsd.exe(528)
0xe20afb08   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe21195f0   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe2110320   1124   Port             ''
0x82389a20   1124   Event            ''
0xe1e54e98   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82048568   1124   Event            ''
0x82048538   1124   Event            ''
0x81f40320   1124   Event            ''
0x81f402f0   1124   Event            ''
0x81f402c0   1124   Event            ''
0x81f40290   1124   Event            ''
0x81f40260   1124   Event            ''
0x820350e0   1124   Event            'WBEM_ESS_OPEN_FOR_BUSINESS'
0x8210b638   1124   Thread           TID 912 PID 1124
0x820350e0   1124   Event            'WBEM_ESS_OPEN_FOR_BUSINESS'
0xe1f6e130   1124   Key              MACHINE\SOFTWARE\CLASSES
0x823ff0f8   1124   Event            ''
0x8204b5c0   1124   Event            ''
0x8204b590   1124   Event            ''
0x8204b528   1124   Event            ''
0x823ff008   1124   Event            ''
0x823ff0c8   1124   Event            ''
0x82032e18   1124   Event            ''
0x823899c0   1124   Event            ''
0xe1f31dc8   1124   Token            ''
0xe1f6edc8   1124   Token            ''
0x824ac8c8   1124   Semaphore        ''
0x82389958   1124   Semaphore        ''
0x824fd320   1124   Event            ''
0x8245dcc8   1124   File             '\\srvsvc'
0xe207e808   1124   Port             'XactSrvLpcPort'
0x825053d8   1124   File             '\\srvsvc'
0xe1f3a7d0   1124   Port             ''
0x824fd2f0   1124   Event            ''
0x82502a50   1124   Event            ''
0xe1f56120   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824cc178   1124   Event            ''
0x820fb378   1124   Thread           TID 212 PID 1124
0x820e1700   1124   Event            ''
0x8210a738   1124   Event            ''
0x820cbe30   1124   Event            ''
0x81f38c90   1124   Event            ''
0x81f38cc0   1124   Event            ''
0x81f318a8   1124   Thread           TID 1052 PID 1124
0x823c1a28   1124   Event            ''
0x823c1ea0   1124   Event            ''
0x823c1e70   1124   Event            ''
0x823c1b60   1124   Event            ''
0x823c1b30   1124   Event            ''
0x823c1b00   1124   Event            ''
0x820cf5d0   1124   Event            ''
0xe20c6280   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82379670   1124   Event            ''
0x81f1a6e8   1124   Event            ''
0xe2123e28   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82034268   1124   Event            ''
0x825030a8   1124   Event            ''
0x820ca560   1124   Event            ''
0x82074b28   1124   Mutant           'WindowsUpdateTracingMutex'
0xe1f1c2b8   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f24238   1124   Event            ''
0x82383d18   1124   Event            ''
0x81f24268   1124   Event            ''
0x820cad88   1124   Thread           TID 1060 PID 1124
0x82383d48   1124   Event            ''
0x82476e08   1124   File             '\\WINDOWS\\WindowsUpdate.log'
0x825030d8   1124   Event            ''
0x82503108   1124   Event            ''
0x82038118   1124   Event            ''
0x820ca500   1124   Event            ''
0x82383c58   1124   Event            ''
0xe1f1c320   1124   Key              MACHINE\SOFTWARE\CLASSES
0x820ca440   1124   Event            ''
0x82383ce8   1124   Event            ''
0x82383cb8   1124   Event            ''
0x82383c88   1124   Event            ''
0x820effd8   1124   Event            ''
0x820effa8   1124   Event            ''
0x820eff78   1124   Event            ''
0x820eff48   1124   Event            ''
0x820eff18   1124   Event            ''
0x820efee8   1124   Event            ''
0x81f5aee0   1124   Event            ''
0x81f5aeb0   1124   Event            ''
0x81f5ae80   1124   Event            ''
0x81f5ae50   1124   Event            ''
0x81f5ae20   1124   Event            ''
0x81f5adf0   1124   Event            ''
0x81f5a690   1124   Event            ''
0x81f5a660   1124   Event            ''
0x81f5a630   1124   Event            ''
0x81f5a600   1124   Event            ''
0x81f5a5d0   1124   Event            ''
0x81f5a5a0   1124   Event            ''
0x8210bfd8   1124   Event            ''
0x8210bfa8   1124   Event            ''
0x8210bf78   1124   Event            ''
0x8210bf48   1124   Event            ''
0x8210bf18   1124   Event            ''
0x8210bee8   1124   Event            ''
0x81f237e0   1124   Event            ''
0x81f237b0   1124   Event            ''
0x81f23780   1124   Event            ''
0x81f23750   1124   Event            ''
0x81f23720   1124   Event            ''
0x81f236f0   1124   Event            ''
0x8210cbd8   1124   Event            ''
0x8210cba8   1124   Event            ''
0x8210cb78   1124   Event            ''
0x8210cb48   1124   Event            ''
0x8210cb18   1124   Event            ''
0x8210cae8   1124   Event            ''
0x820e25b8   1124   Event            ''
0x820e2588   1124   Event            ''
0x820e2558   1124   Event            ''
0x820e2528   1124   Event            ''
0x820e24f8   1124   Event            ''
0x820e24c8   1124   Event            ''
0x820e0008   1124   Event            ''
0xe20af660   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f1a718   1124   Event            ''
0xe21a9c10   1124   Port             ''
0x820e00b8   1124   Event            ''
0x82470448   1124   Thread           TID 1176 PID 1124
0x820e0118   1124   Event            ''
0x824b0d60   1124   Event            ''
0xe20b8208   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe20f38d0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824fb350   1124   Thread           TID 1148 PID 1124
0x81f62d88   1124   Process          vmtoolsd.exe(1972)
0x820eead0   1124   Event            ''
0x8244bb08   1124   Event            ''
0x823877b0   1124   Event            ''
0x820e0058   1124   Event            ''
0x82457088   1124   Event            ''
0x82457058   1124   Event            ''
0x82037008   1124   Event            ''
0x82037118   1124   Event            ''
0x820370e8   1124   Event            ''
0x820370b8   1124   Event            ''
0x82037088   1124   Event            ''
0x82037058   1124   Event            ''
0x81f63008   1124   Event            ''
0x81f63118   1124   Event            ''
0x81f630e8   1124   Event            ''
0x81f630b8   1124   Event            ''
0x81f63088   1124   Event            ''
0x81f63058   1124   Event            ''
0x82038008   1124   Event            ''
0xe148b318   1124   Port             'srrpc'
0xe1f6c810   1124   Port             ''
0x824cdbf8   1124   Thread           TID 1180 PID 1124
0x820380b8   1124   Event            ''
0x824fb350   1124   Thread           TID 1148 PID 1124
0x820e9618   1124   Event            ''
0x824ecb90   1124   Event            'EVENT_READYROOT/CIMV2SCM EVENT PROVIDER'
0x81f61118   1124   Event            ''
0x820380e8   1124   Event            ''
0x82523ba0   1124   File             '\\PIPE_EVENTROOT\\CIMV2SCM EVENT PROVIDER'
0x820e95e8   1124   Event            ''
0x823876f0   1124   File             '\\PIPE_EVENTROOT\\CIMV2SCM EVENT PROVIDER'
0x824ac4c8   1124   Event            ''
0x82470448   1124   Thread           TID 1176 PID 1124
0x824a8f30   1124   Event            'EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM'
0x824ac498   1124   Event            ''
0x824cdbf8   1124   Thread           TID 1180 PID 1124
0x82387f48   1124   Event            'EVENT_READYROOT/CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER'
0x824e0288   1124   File             '\\srvsvc'
0x8210a0b0   1124   Event            ''
0x81f784e8   1124   Event            'LanmanServerAnnounceEvent'
0xe1f69f28   1124   Key              MACHINE\SOFTWARE\CLASSES
0x8202bc38   1124   Event            ''
0x824d2bf8   1124   Thread           TID 1232 PID 1124
0x824d20e8   1124   Event            ''
0x82506448   1124   Event            ''
0x8250a648   1124   Event            ''
0x82518068   1124   Event            ''
0x81f918c0   1124   File             '\\wkssvc'
0x824af228   1124   Event            ''
0xe21001d8   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH
0xe1f36b78   1124   Token            ''
0x824f7b38   1124   Event            ''
0xe21e7450   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\LANMANSERVER\PARAMETERS
0x82040e10   1124   Event            ''
0x823896c8   1124   File             '\\srvsvc'
0xe21fbfa0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82433540   1124   Event            ''
0x81f551e0   1124   Thread           TID 1164 PID 1124
0xe206d008   1124   Port             ''
0xe2227450   1124   Port             ''
0xe222d9c0   1124   Token            ''
0x81f59920   1124   Event            ''
0x82458480   1124   Event            ''
0x81f857c0   1124   Event            ''
0x824709a8   1124   Event            ''
0xe2188560   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f52ee8   1124   Event            ''
0xe1f53290   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82470948   1124   Event            ''
0xe206d0d8   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe228ab28   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824cb5b8   1124   Event            '\xe3\xb2\xa0'
0x82035ba8   1124   Event            ''
0x82470978   1124   Event            ''
0x824e4a70   1124   File             '\\Endpoint'
0x8246f3a8   1124   Event            ''
0x824ca8e8   1124   Event            ''
0x824ca878   1124   Event            ''
0xe1e54e28   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824ca848   1124   Event            ''
0xe223c640   1124   Port             ''
0x82065468   1124   Event            ''
0x824f9638   1124   Thread           TID 1464 PID 1124
0x81f5e8c0   1124   Event            ''
0xe222c288   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82107968   1124   Thread           TID 1448 PID 1124
0x82453f50   1124   Timer            ''
0x820ad718   1124   Event            ''
0x820ad6e8   1124   Event            ''
0x8244a308   1124   Event            ''
0x81f31ea0   1124   Event            ''
0x81f31e70   1124   Event            ''
0x81f31e40   1124   Event            ''
0x81f31e10   1124   Event            ''
0x81f31de0   1124   Event            ''
0x81f3c798   1124   Event            ''
0x81f3c768   1124   Event            ''
0x81f3c738   1124   Event            ''
0x81f3c708   1124   Event            ''
0xe1f50688   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH
0xe1dffae8   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH
0xe21969a8   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82107968   1124   Thread           TID 1448 PID 1124
0x820edf00   1124   Event            ''
0xe2131700   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe21fbf38   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824bc4e0   1124   Event            ''
0xe20c6ab0   1124   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINDOWSUPDATE\AUTO UPDATE
0x82502bf0   1124   Event            ''
0xe21605c8   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe2199008   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe21e6968   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1f50780   1124   Key              MACHINE\SOFTWARE\CLASSES
0x823bbe08   1124   Event            ''
0xe21606f8   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe21e69d0   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1f58810   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\IPNATHLP
0x81f37fd8   1124   Event            ''
0x81f4b498   1124   Thread           TID 1952 PID 1124
0x81f622a8   1124   Event            ''
0x824bc518   1124   File             '\\EVENTLOG'
0x820b5fa8   1124   Event            ''
0x820b5f40   1124   Event            ''
0x820b5f10   1124   Event            ''
0x8203b3c8   1124   Event            ''
0x824f8990   1124   Thread           TID 1480 PID 1124
0x8203b398   1124   Event            ''
0xe211dc40   1124   Port             ''
0x824b2db0   1124   Event            ''
0xe21318e8   1124   Port             ''
0xe21990d0   1124   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\AUDIT
0xe2266960   1124   Port             ''
0x820d2238   1124   File             '\\Endpoint'
0x820ced58   1124   Event            ''
0xe1f587a8   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH
0x81f3d128   1124   Event            ''
0x81f19388   1124   Event            ''
0xe2239210   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY
0x8239c008   1124   Event            ''
0xe1f36b00   1124   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS
0xe22364c8   1124   Port             'FusApiPort'
0x82102d60   1124   Thread           TID 1540 PID 1124
0x8239c0d8   1124   Event            ''
0x8239c0a8   1124   Event            ''
0x8239c078   1124   Event            ''
0x8239c048   1124   Event            ''
0x81f55008   1124   Event            ''
0x8239ca30   1124   Thread           TID 1516 PID 1124
0xe226da40   1124   Port             ''
0x82477d90   1124   Event            ''
0x8246f440   1124   Event            ''
0x82102d60   1124   Thread           TID 1540 PID 1124
0x820cc340   1124   Event            ''
0x820f1a28   1124   Event            ''
0x824fd360   1124   Event            ''
0xe1964d50   1124   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORK\CONNECTIONS
0x81f38d88   1124   Thread           TID 1672 PID 1124
0xe1f56ca8   1124   Key              MACHINE\SOFTWARE\CLASSES
0x8239ed60   1124   Thread           TID 1628 PID 1124
0x820d1848   1124   Event            ''
0xe225d6c0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x820e2aa0   1124   Event            ''
0x82497b90   1124   Event            ''
0x82471f78   1124   File             '\\Endpoint'
0x82497b60   1124   Event            ''
0x82503dc0   1124   Event            ''
0x8205e7a0   1124   Thread           TID 1444 PID 1124
0x8235c760   1124   Event            ''
0x823a3f28   1124   Event            ''
0x8239ced0   1124   Event            ''
0x82060420   1124   Thread           TID 1624 PID 1124
0x81f51e80   1124   Event            ''
0xe20ff710   1124   Key              MACHINE\SOFTWARE\CLASSES
0x8239bea0   1124   Event            ''
0xe2285970   1124   Token            ''
0x81f193f8   1124   Event            ''
0x8239df68   1124   Event            ''
0xe21999c0   1124   Port             ''
0x823a1a10   1124   Event            ''
0x823a19e0   1124   Event            ''
0x824fa910   1124   Thread           TID 1296 PID 1124
0x823a19b0   1124   Event            ''
0x82034470   1124   Thread           TID 1504 PID 1124
0x81f59540   1124   Event            ''
0x81f59510   1124   Event            ''
0x820ca678   1124   Semaphore        ''
0x8205f138   1124   Mutant           ''
0x81f1ecd0   1124   Semaphore        ''
0xe225d7b0   1124   Port             ''
0x823c8928   1124   Event            ''
0x8246e250   1124   WaitablePort     'NLAPublicPort'
0x820d1c28   1124   Event            ''
0x81f59de8   1124   File             '\\Winsock2\\CatalogChangeListener-464-0'
0x82040b20   1124   Event            ''
0x8204b650   1124   Process          svchost.exe(1124)
0x82106738   1124   WaitablePort     'NLAPrivatePort'
0x824f8cc8   1124   Event            ''
0x821066f8   1124   Event            ''
0xe2222bf0   1124   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORK\LOCATION AWARENESS
0xe2117a60   1124   Section          '\xe2\x99\x98'
0x820ceda0   1124   Event            ''
0x824fa910   1124   Thread           TID 1296 PID 1124
0x824a89e0   1124   Thread           TID 1616 PID 1124
0x8203b538   1124   Event            ''
0x81f22238   1124   Event            ''
0x81f22268   1124   Event            ''
0xe2268d50   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1ffb198   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f22298   1124   Event            ''
0xe211f318   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f21258   1124   Mutant           ''
0x8203b5e0   1124   Event            ''
0x81f21228   1124   Event            ''
0x81f1fec0   1124   Event            ''
0x820352a0   1124   Event            ''
0x81f25d08   1124   File             '\\wkssvc'
0x81f551e0   1124   Thread           TID 1164 PID 1124
0x82065bf8   1124   Process          wmiprvse.exe(1452)
0x8205f7d0   1124   Thread           TID 404 PID 1124
0x82064d60   1124   Thread           TID 284 PID 1124
0x820cdd58   1124   Event            ''
0x81f22468   1124   Thread           TID 1320 PID 1124
0xe20b8f50   1124   Port             ''
0xe2286540   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f312b0   1124   Event            ''
0x82363e70   1124   Event            ''
0x824f76e8   1124   Event            ''
0x8237a268   1124   Event            ''
0x823a0800   1124   Thread           TID 1912 PID 1124
0x824f75c8   1124   Event            ''
0x81f33258   1124   Event            ''
0x824f7568   1124   Event            ''
0xe22397e0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824ca9b0   1124   Event            ''
0x8203c250   1124   Event            '\xe3\xb2\xa0'
0x82040a50   1124   Event            ''
0x81f32988   1124   Event            ''
0x8203c220   1124   Event            ''
0x81f59648   1124   Event            ''
0x8246d5e8   1124   Event            ''
0x81f24f58   1124   Event            ''
0xe20c6d78   1124   Token            ''
0xe2261388   1124   Port             ''
0x81f52f78   1124   Event            ''
0x81f52fa8   1124   Event            ''
0xe1f521a0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f52f18   1124   Event            ''
0x824f53a8   1124   Event            ''
0xe21dedb8   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe1c8d2d0   1124   Section          '\xe2\x99\x98'
0x81f329b8   1124   Event            ''
0xe206ec60   1124   Key              USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORK\LOCATION AWARENESS
0x8210d208   1124   Event            ''
0xe225c8a8   1124   Port             ''
0xe218b7d8   1124   Port             ''
0xe2117a60   1124   Section          '\xe2\x99\x98'
0x82110f78   1124   Event            ''
0x82375d88   1124   Thread           TID 1752 PID 1124
0x82471c70   1124   Event            ''
0xe206ec60   1124   Key              USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORK\LOCATION AWARENESS
0x81f2da58   1124   Event            ''
0x824f5080   1124   Event            ''
0x824f5050   1124   Event            ''
0xe1c8d2d0   1124   Section          '\xe2\x99\x98'
0x81f77b08   1124   Thread           TID 1140 PID 1124
0x81f53070   1124   Event            ''
0xe1c83c70   1124   Port             ''
0x824f82d0   1124   Event            'IPNAT'
0x82400430   1124   File             
0x820283e8   1124   Event            ''
0x81f9ada8   1124   Event            ''
0x824af2d0   1124   Event            ''
0x820e2b08   1124   Event            ''
0x81f24808   1124   File             
0x81f66d68   1124   Event            ''
0x8206dd98   1124   Event            ''
0x823c4da8   1124   File             
0x82450608   1124   Thread           TID 1352 PID 1124
0x82029440   1124   Event            ''
0x8202e9e8   1124   Event            ''
0x824d2bf8   1124   Thread           TID 1232 PID 1124
0xe2276620   1124   Key              MACHINE\SOFTWARE\CLASSES
0x8202e980   1124   Event            ''
0xe2264b48   1124   Port             ''
0xe22605d8   1124   Token            ''
0x8205e5d8   1124   Event            ''
0xe21e78e0   1124   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORK\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CDDF30A1-6EDA-45D2-A3DC-4C69A56FD218}\CONNECTION
0xe2237070   1124   Key              MACHINE\SOFTWARE\CLASSES
0x824bca30   1124   Thread           TID 1980 PID 1124
0x82388778   1124   Event            ''
0x81f27108   1124   Mutant           ''
0x82388748   1124   Event            ''
0xe20c8350   1124   Key              MACHINE\SOFTWARE\CLASSES
0x82034470   1124   Thread           TID 1504 PID 1124
0x820d0d58   1124   Event            ''
0x81f57d58   1124   Semaphore        ''
0x823a2ec0   1124   Event            ''
0xe21dfb70   1124   Port             ''
0x820e2ad0   1124   Semaphore        ''
0xe2269b38   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\DOT3API
0x81f19e80   1124   Event            ''
0x8246f6c0   1124   Semaphore        ''
0x8246f688   1124   Semaphore        ''
0xe2316ba0   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\NETMAN
0x82044378   1124   Event            ''
0x820a7ed0   1124   Event            ''
0x81f661b0   1124   Event            ''
0xe2324360   1124   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORK\{4D36E972-E325-11CE-BFC1-08002BE10318}\{C563F485-3B81-4651-96E5-7050A619D62E}\CONNECTION
0x820a7f00   1124   Event            ''
0x82370bf8   1124   Mutant           ''
0xe2274b98   1124   Key              MACHINE\SOFTWARE\MICROSOFT\SECURITY CENTER\MONITORING
0xe226a198   1124   Key              USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICACHE
0xe2211b98   1124   Key              USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM
0x824f8990   1124   Thread           TID 1480 PID 1124
0x81f59db0   1124   Event            ''
0xe2270e30   1124   Port             ''
0xe1972808   1124   Key              MACHINE\SOFTWARE\CLASSES
0xe22827f8   1124   Token            ''
0x824f6aa8   1124   Event            ''
0x8248a898   1124   Thread           TID 128 PID 1124
0xe1e4ed40   1124   Key              MACHINE\SOFTWARE\CLASSES
0x81f1b330   1124   File             
0x82064d60   1124   Thread           TID 284 PID 1124
0x824f6a78   1124   Event            ''
0x8206fa58   1124   Process          lsass.exe(740)
0x8204bdd8   1124   Timer            ''
0x8248a618   1124   Thread           TID 864 PID 1124
0xe230c008   1124   Port             ''
0x8203c340   1124   Event            ''
0x8205d768   1124   Event            ''
0xe231f580   1124   Token            ''
0xe2207380   1124   Token            ''
0x81f33308   1124   Event            ''
0x81f332d8   1124   Event            ''
0x823a0550   1124   Event            ''
0x8248a898   1124   Thread           TID 128 PID 1124
0x81f244a0   1124   Event            ''
0x8204b650   1124   Process          svchost.exe(1124)
0x820de500   1124   Thread           TID 1220 PID 1124
0x82424f78   1124   File             '\\wkssvc'
0x81f598f0   1124   Event            ''
0x82060420   1124   Thread           TID 1624 PID 1124
0xe22378e0   1124   Key              MACHINE\SOFTWARE\CLASSES
0x820cf6f0   1124   Event            ''
0x8203c7b0   1124   Event            ''
0x820a7de8   1124   Event            ''
0x81f22468   1124   Thread           TID 1320 PID 1124
0x824fa240   1124   Event            ''
0x824fa210   1124   Event            ''
0x81f30d58   1124   Event            ''
0x81f62310   1124   Semaphore        ''
0x81f62348   1124   Semaphore        ''
0xe230e490   1124   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\RASDLG
0x820e1630   1124   Event            ''
0x8235c570   1124   Mutant           'RasPbFile'
0x82425b68   1124   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x820ce6b8   1124   Mutant           ''
0xe2283958   1124   Port             ''
0x8205e7a0   1124   Thread           TID 1444 PID 1124
0x81f19488   1124   WmiGuid          ''
0x81f36c20   1124   Event            ''
0x824fa640   1124   WmiGuid          ''
0x81f66648   1124   Event            ''
0xe1009698   1168   KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   1168   Directory        'KnownDlls'
0x820f24d0   1168   File             '\\WINDOWS\\system32'
0x8207a918   1168   Semaphore        ''
0xe1900510   1168   Directory        'Windows'
0xe1c8e658   1168   Port             ''
0x8248b9a8   1168   Semaphore        ''
0xe1658150   1168   Directory        'BaseNamedObjects'
0x8209f1f0   1168   Mutant           'SHIMLIB_LOG_MUTEX'
0xe19667c8   1168   Key              MACHINE
0x82494660   1168   WindowStation    'Service-0x0-3e4$'
0x81f26e98   1168   Event            ''
0x823852f0   1168   Desktop          'Default'
0x82494660   1168   WindowStation    'Service-0x0-3e4$'
0x82045698   1168   Event            ''
0x81f26e30   1168   Semaphore        ''
0x81f26df8   1168   Semaphore        ''
0xe196d7c8   1168   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f26ba0   1168   Event            ''
0x82046010   1168   File             
0x81f26b70   1168   Event            ''
0xe1ca2e98   1168   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   1168   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x8245b8f8   1168   Event            ''
0x81f26f30   1168   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x824cf108   1168   Event            ''
0x824cf0d8   1168   Event            ''
0x81f26ab0   1168   File             '\\net\\NtControlPipe6'
0x81f3fa98   1168   Event            ''
0x824b68d0   1168   Thread           TID 1172 PID 1168
0x81f92c10   1168   Event            ''
0xe1ca4dc0   1168   Port             ''
0x824e3288   1168   File             
0x81f7e0a0   1168   File             
0x824e3480   1168   File             
0x82376010   1168   File             
0x823760d0   1168   File             
0x8207adb8   1168   Semaphore        ''
0x823c1180   1168   Semaphore        ''
0xe19e85e8   1168   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe1c7cbe0   1168   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe1ceafa0   1168   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe1cac4e8   1168   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x81f7e068   1168   Event            ''
0xe2199c10   1168   Port             ''
0x823c1240   1168   Event            ''
0xe1d0cfa0   1168   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x81f79768   1168   Event            ''
0xe1d11fa0   1168   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x81f796c8   1168   Event            ''
0x81f793e0   1168   Event            ''
0x81f79448   1168   Thread           TID 1248 PID 1168
0x820eb7d8   1168   Thread           TID 1252 PID 1168
0x824a4830   1168   File             '\\WINDOWS\\system32\\drivers\\etc'
0x824c5990   1168   Event            ''
0x8237e3f8   1168   Thread           TID 496 PID 1168
0xe16d6aa0   1168   Port             'DNSResolver'
0x81f79338   1168   Event            ''
0x82117660   1168   Thread           TID 1260 PID 1168
0x823879d8   1168   File             
0xe1009698   1208   KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   1208   Directory        'KnownDlls'
0x823bd758   1208   File             '\\WINDOWS\\system32'
0x8204a630   1208   Semaphore        ''
0xe1900510   1208   Directory        'Windows'
0xe1cebc30   1208   Port             ''
0x8204a668   1208   Semaphore        ''
0xe1658150   1208   Directory        'BaseNamedObjects'
0x8209f1f0   1208   Mutant           'SHIMLIB_LOG_MUTEX'
0xe1ca2648   1208   Key              MACHINE
0x820e9aa0   1208   WindowStation    'Service-0x0-3e5$'
0x8204a5a0   1208   Event            ''
0x824b1590   1208   Desktop          'Default'
0x820e9aa0   1208   WindowStation    'Service-0x0-3e5$'
0x82512548   1208   Event            ''
0x824b1460   1208   Semaphore        ''
0x824b1428   1208   Semaphore        ''
0xe1c8f8d8   1208   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x824b13b8   1208   Event            ''
0x8204a6a8   1208   File             
0x82387810   1208   Event            ''
0xe1c8d6a0   1208   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   1208   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0xe1ccad90   1208   Token            ''
0x82387e00   1208   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x824ae220   1208   Event            ''
0x824b6640   1208   Semaphore        ''
0x824ae170   1208   Semaphore        ''
0x820ad3a8   1208   Semaphore        ''
0x820ad370   1208   Semaphore        ''
0x820ad338   1208   Semaphore        ''
0x820ad300   1208   Semaphore        ''
0x820ad2c8   1208   Semaphore        ''
0x820ad290   1208   Semaphore        ''
0x824979a0   1208   Semaphore        ''
0x82497968   1208   Semaphore        ''
0x82497930   1208   Semaphore        ''
0x824978f8   1208   Semaphore        ''
0x82497500   1208   Event            ''
0x824978c8   1208   Event            ''
0x823c1480   1208   Event            ''
0x823c1450   1208   Event            ''
0x82388968   1208   Thread           TID 1212 PID 1208
0xe1c80460   1208   Port             ''
0x823c1420   1208   Event            ''
0x81f26fc0   1208   IoCompletion     '\xe2\x92\x98'
0x824ae288   1208   File             '\\net\\NtControlPipe7'
0x821174e8   1208   IoCompletion     ''
0x81f26fc0   1208   IoCompletion     '\xe2\x92\x98'
0xe1c8b6a0   1208   Port             ''
0x82117488   1208   Event            ''
0x8235cbb8   1208   File             
0x81f26a18   1208   File             
0x8239ecc0   1208   File             
0x81f79730   1208   Semaphore        ''
0x824b29e0   1208   Semaphore        ''
0xe1e4f460   1208   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe1d0e750   1208   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe1ea2790   1208   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe1c3e140   1208   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x8204c3c0   1208   Event            ''
0x824b2148   1208   Event            ''
0x82389b48   1208   Event            ''
0x824b2a18   1208   Event            ''
0x824b29b0   1208   Event            ''
0x82389bb0   1208   Event            ''
0x824b2c08   1208   Event            ''
0x8235c790   1208   Thread           TID 1288 PID 1208
0x8235c790   1208   Thread           TID 1288 PID 1208
0x81f7d8f8   1208   Event            ''
0xe1cb8a98   1208   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x824b2cd8   1208   Event            ''
0xe1de1268   1208   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x82077480   1208   Thread           TID 1372 PID 1208
0x82380738   1208   File             
0x81f3dc60   1208   File             
0x824f4008   1208   Timer            ''
0xe210b308   1208   Key              MACHINE
0x81f35d88   1208   Thread           TID 1388 PID 1208
0xe210d4d8   1208   Key              USER
0x824089b8   1208   Semaphore        ''
0x823fa320   1208   Semaphore        ''
0x824b4978   1208   File             '\\winreg'
0x820682d8   1208   File             '\\winreg'
0x820682a0   1208   Event            ''
0x823c0a40   1208   Thread           TID 456 PID 1208
0x820fe410   1208   Event            'Microsoft.RPC_Registry_Server'
0xe1f5b910   1208   Port             ''
0x81f37da0   1208   Event            ''
0x820cedd0   1208   Event            ''
0x81f35ce0   1208   Event            ''
0x820352d0   1208   Thread           TID 1536 PID 1208
0x8203b598   1208   IoCompletion     ''
0x821098e0   1208   Timer            ''
0x820e2d88   1208   Thread           TID 1276 PID 1208
0x824f6238   1208   Event            ''
0x824c9308   1208   Event            ''
0xe2276388   1208   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH
0x824c92d8   1208   Event            ''
0x824c92a8   1208   Event            ''
0x824c9278   1208   Event            ''
0x824f76b8   1208   Event            ''
0x823fd010   1208   File             
0xe2239d80   1208   Key              MACHINE\SOFTWARE\CLASSES
0xe228ad50   1208   Key              USER\S-1-5-19_CLASSES
0x820a9a58   1208   Event            ''
0xe227ab98   1208   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82035fd8   1208   Event            ''
0xe2264448   1208   Key              USER
0x82035fa8   1208   Event            ''
0xe227aaf8   1208   Key              MACHINE\SOFTWARE\CLASSES
0x82035f78   1208   Event            ''
0xe227b128   1208   Key              USER
0x82035f48   1208   Event            ''
0xe20a8928   1208   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82035f18   1208   Event            ''
0xe2284b18   1208   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82035ee8   1208   Event            ''
0xe20a8888   1208   Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x81f56fa0   1208   Event            ''
0xe2311d00   1208   Key              MACHINE\SOFTWARE\CLASSES
0x81f56f38   1208   Event            ''
0xe228a6e0   1208   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82040fd8   1208   Event            ''
0xe2311c98   1208   Key              USER
0x82040f70   1208   Event            ''
0xe2311c30   1208   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82040f08   1208   Event            ''
0xe2269760   1208   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82040ed8   1208   Event            ''
0xe22696c8   1208   Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x81f59a50   1208   Event            ''
0xe2269630   1208   Key              USER\S-1-5-19_CLASSES
0xe226dc90   1208   Key              USER\S-1-5-19_CLASSES
0x81f35d88   1208   Thread           TID 1388 PID 1208
0x820da268   1208   Event            ''
0x820c97f8   1208   File             '\\Endpoint'
0x824028b8   1208   File             
0xe2068428   1208   Key              USER\S-1-5-19_CLASSES
0x824ec728   1208   Semaphore        ''
0x81f21358   1208   Thread           TID 2000 PID 1208
0x820de780   1208   Thread           TID 872 PID 1208
0x81f312e0   1208   Event            ''
0x81f4c608   1208   Thread           TID 1068 PID 1208
0x81dfada8   1208   Event            ''
0x824af330   1208   Event            ''
0xe226e708   1208   Port             'LRPC000004b8.00000001'
0x8210d1d8   1208   Event            ''
0x820d2888   1208   Thread           TID 1868 PID 1208
0x8210d1a8   1208   Event            ''
0x820d22e0   1208   Event            ''
0x82044d88   1208   Thread           TID 208 PID 1208
0x820de780   1208   Thread           TID 872 PID 1208
0x824cb758   1208   Event            ''
0x8203bfd8   1208   Event            ''
0x81f53ca8   1208   Event            ''
0x81f22b08   1208   Thread           TID 376 PID 1208
0xe21d5008   1208   Port             ''
0x821062b0   1208   Thread           TID 1356 PID 1208
0x81f66240   1208   Event            ''
0x81f66210   1208   Event            ''
0x82044d88   1208   Thread           TID 208 PID 1208
0x81f66270   1208   Event            ''
0x82114ef8   1208   Event            ''
0x8237a4f0   1208   Event            ''
0x821062b0   1208   Thread           TID 1356 PID 1208
0x81f19358   1208   Event            ''
0x8205d180   1208   Event            ''
0x82066d78   1208   Event            ''
0x81f8f170   1208   File             '\\lsarpc'
0xe226c958   1208   Port             ''
0x8237a530   1208   Event            ''
0x81f38bb8   1208   Event            ''
0xe1009698   1636   KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   1636   Directory        'KnownDlls'
0x8250aab8   1636   File             '\\Documents and Settings\\phocean'
0x824aefd0   1636   Semaphore        ''
0xe1900510   1636   Directory        'Windows'
0xe1dff9d8   1636   Port             ''
0x824daad0   1636   Semaphore        ''
0x8209f1f0   1636   Mutant           'SHIMLIB_LOG_MUTEX'
0xe1658150   1636   Directory        'BaseNamedObjects'
0xe1d188f8   1636   Key              MACHINE
0x820fe360   1636   WindowStation    'WinSta0'
0x824eb5f8   1636   Event            ''
0x82489a10   1636   Desktop          'Default'
0x820fe360   1636   WindowStation    'WinSta0'
0x8242df78   1636   File             
0x81f8f060   1636   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x824aef10   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82113d50   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82405468   1636   Event            'crypt32LogoffEvent'
0xe1cb83b0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe1cb53b0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003
0x81f7c860   1636   Event            ''
0x8245c610   1636   Event            ''
0xe1c15638   1636   Key              MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_PROTOCOL_LOCKDOWN
0xe1d2a008   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x82454580   1636   File             
0x8245c5b0   1636   Event            ''
0x824ec9f8   1636   WmiGuid          ''
0x824a8cd8   1636   File             
0x825175c8   1636   Event            ''
0x824ecd88   1636   Process          explorer.exe(1636)
0x82517598   1636   Event            ''
0x82517568   1636   Event            ''
0x825174f8   1636   Event            ''
0x82043f30   1636   WmiGuid          ''
0x82047a58   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x823734b0   1636   Mutant           ''
0x81f4b810   1636   Event            ''
0x82373470   1636   Mutant           ''
0x82383320   1636   Event            ''
0x81f3ad00   1636   Event            ''
0x81f3acd0   1636   Event            ''
0x820e99c8   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x81f39cf8   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x81f4b840   1636   Semaphore        ''
0x82031010   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82373e08   1636   Event            ''
0x824ae0d0   1636   Semaphore        ''
0xe1c123b0   1636   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x82031100   1636   Event            ''
0x820310d0   1636   Event            ''
0xe1f8fdb0   1636   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
0x82405f20   1636   Event            'userenv:  User Profile setup event'
0xe1c60e28   1636   Port             ''
0x82380098   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1cadc80   1636   Section          '\xe2\x99\x98\xe8\x89\x9c\xe2\xa2\x88\xe8\x89\x9c'
0xe1c215f8   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER
0x81f85db0   1636   Mutant           'ExplorerIsShellMutex'
0x81f61a68   1636   Mutant           'ShimCacheMutex'
0xe1919518   1636   Section          'ShimSharedMemory'
0x820edb08   1636   Semaphore        'shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}'
0xe1e07198   1636   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER
0xe1ce7008   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER
0xe1fdc088   1636   Key              MACHINE\SOFTWARE\CLASSES
0xe1fdc0f0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x820f1df8   1636   Event            ''
0xe1cbdca0   1636   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x820f1dc8   1636   Event            ''
0xe1c4d710   1636   Key              USER
0x820ef588   1636   Event            ''
0xe1fdcc18   1636   Key              MACHINE\SOFTWARE\CLASSES
0x820ef558   1636   Event            ''
0xe1ceb660   1636   Key              USER
0x820ef528   1636   Event            ''
0xe1c15590   1636   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x821173c0   1636   Event            ''
0xe1c15528   1636   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82117390   1636   Event            ''
0xe1de0008   1636   Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x82117360   1636   Event            ''
0xe1de00d8   1636   Key              MACHINE\SOFTWARE\CLASSES
0x82117330   1636   Event            ''
0xe1fe1600   1636   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82117300   1636   Event            ''
0xe1fe1598   1636   Key              USER
0x821172d0   1636   Event            ''
0xe1ce9008   1636   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x8239a008   1636   Event            ''
0xe1ce90e0   1636   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x8239a110   1636   Event            ''
0xe1ce9078   1636   Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x8239a0e0   1636   Event            ''
0x824ed6f8   1636   Semaphore        'shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66}'
0xe161fd10   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x8245bde8   1636   Mutant           ''
0x8239a050   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82371050   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1951db0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x81f8f060   1636   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0xe1c274e0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\PLUS!\THEMES\APPLY
0x823710e0   1636   Event            ''
0xe1cf1fa0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe1e06348   1636   Port             ''
0x8236e058   1636   Event            ''
0xe1d33668   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x82043df0   1636   Event            ''
0x82043d38   1636   Event            ''
0x824dab48   1636   Thread           TID 1640 PID 1636
0xe1c11648   1636   Port             ''
0x82043d08   1636   Event            ''
0x82043da8   1636   IoCompletion     '\xe2\x92\x98'
0xe16c8a50   1636   Port             'OLEA85FA34E736F410B98F52F6979F2'
0x820439a8   1636   IoCompletion     ''
0x82043da8   1636   IoCompletion     '\xe2\x92\x98'
0x82043650   1636   Thread           TID 1692 PID 1636
0x82043978   1636   Event            ''
0x82043948   1636   Event            ''
0xe1e4e2a8   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY\P3GLOBAL
0xe1c309f8   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x823ac2a8   1636   Event            ''
0x823ac2d8   1636   Thread           TID 1700 PID 1636
0x82505fd8   1636   Event            ''
0x82505f18   1636   Event            ''
0x820edc40   1636   Timer            ''
0x823c0770   1636   Event            ''
0xe1e540b8   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES\HTTP\SHELL
0x81f85368   1636   Thread           TID 1848 PID 1636
0x82505290   1636   IoCompletion     ''
0x820eb5d8   1636   Timer            ''
0x8202b348   1636   Thread           TID 1860 PID 1636
0xe2070958   1636   Port             ''
0xe1eba478   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x81f894b0   1636   Event            ''
0x824646c8   1636   Semaphore        'shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}'
0xe2092918   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x820a8068   1636   Event            ''
0x823657a8   1636   Event            ''
0x820cb308   1636   Thread           TID 1876 PID 1636
0x824d7068   1636   Event            ''
0x823ac0f0   1636   Event            ''
0x820cb308   1636   Thread           TID 1876 PID 1636
0x823c8568   1636   Event            ''
0xe2063588   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x823c8538   1636   Event            ''
0x8236e5f0   1636   File             '\\lsarpc'
0xe20d8740   1636   Port             ''
0x823655f0   1636   File             '\\Documents and Settings\\phocean\\Desktop'
0xe2094610   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS
0x82459010   1636   File             '\\Documents and Settings\\All Users\\Desktop'
0x824d47c0   1636   File             '\\Documents and Settings\\phocean\\Local Settings\\Application Data\\Microsoft\\CD Burning'
0xe2099210   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x82061720   1636   Event            ''
0xe207e518   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM
0xe2083e48   1636   Port             ''
0x82131220   1636   Mutant           'CTF.LBES.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0xe2092980   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe207a1c0   1636   Section          'CiceroSharedMemDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x823655a8   1636   Mutant           'CTF.Compart.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x824590d8   1636   Mutant           'CTF.Asm.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x824d4778   1636   Mutant           'CTF.Layouts.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x81f1e370   1636   Mutant           'CTF.TMD.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0xe2090858   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICACHE
0xe1ffa120   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\SHELL
0xe20dae80   1636   Key              USER
0xe2093d10   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x823c8170   1636   Semaphore        ''
0x81f778b0   1636   Event            ''
0xe20e0a98   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe20e0200   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY\P3SITES
0x823ac558   1636   Event            ''
0x823ad928   1636   Event            ''
0xe2075140   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES\CLSID
0xe226c388   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x820fed38   1636   Mutant           ''
0xe1fcf250   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x81f8f060   1636   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x820d7318   1636   Event            ''
0x820d72b0   1636   Semaphore        ''
0xe2098110   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\1\DESKTOP
0xe20e0bc0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe20e0b58   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x81f92ab8   1636   File             '\\samr'
0x820316c8   1636   Event            ''
0x81f2ed88   1636   Thread           TID 1896 PID 1636
0x82370408   1636   Event            ''
0xe20db568   1636   Port             ''
0xe20913a8   1636   Port             ''
0xe210b550   1636   Token            ''
0x82370358   1636   Event            ''
0x82473068   1636   Event            ''
0xe1c3e4a8   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x824de0d8   1636   Event            ''
0x820fec90   1636   Mutant           ''
0x8204b1a0   1636   Event            ''
0x823804e8   1636   Mutant           ''
0x81f2c0c8   1636   Event            ''
0xe1d30860   1636   Port             ''
0xe1de12e8   1636   Key              MACHINE\SOFTWARE
0xe21033d8   1636   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\BLOCKED
0xe2110138   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\BLOCKED
0xe20f3430   1636   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\CACHED
0xe2100850   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\CACHED
0x820770f8   1636   Event            ''
0x82477d30   1636   Event            ''
0xe2117858   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x823bf788   1636   Event            ''
0xe1d2a200   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x82117560   1636   Event            ''
0x82427f10   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82111968   1636   Thread           TID 1924 PID 1636
0x823bf858   1636   Event            ''
0xe1ea2800   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x8248fcf8   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x820333a8   1636   WmiGuid          ''
0x823bb650   1636   WmiGuid          ''
0x82435a38   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1e1e948   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE
0xe20767f8   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x824f5478   1636   Thread           TID 132 PID 1636
0x824ad6e0   1636   WmiGuid          ''
0x820f23c0   1636   WmiGuid          ''
0x821148d8   1636   WmiGuid          ''
0xe1d10770   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe1e50210   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe1d22498   1636   Section          'windows_ie_global_counters'
0xe18f1fa0   1636   Key              MACHINE\SOFTWARE\POLICIES
0xe1de1200   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\POLICIES
0xe1d06fa0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x824584f0   1636   Mutant           '_!MSFTHISTORY!_'
0x8237f400   1636   Mutant           'c:!documents and settings!phocean!local settings!temporary internet files!content.ie5!'
0x81f2c9b0   1636   File             '\\Documents and Settings\\phocean\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat'
0xe1cf1e70   1636   Section          'C:_Documents and Settings_phocean_Local Settings_Temporary Internet Files_Content.IE5_index.dat_262144'
0x820f14d8   1636   Mutant           'c:!documents and settings!phocean!cookies!'
0x81f2ca48   1636   File             '\\Documents and Settings\\phocean\\Cookies\\index.dat'
0xe1c206a8   1636   Section          'C:_Documents and Settings_phocean_Cookies_index.dat_32768'
0x824a8d78   1636   Mutant           'c:!documents and settings!phocean!local settings!history!history.ie5!'
0x82427198   1636   File             '\\Documents and Settings\\phocean\\Local Settings\\History\\History.IE5\\index.dat'
0xe1cc8e98   1636   Section          'C:_Documents and Settings_phocean_Local Settings_History_History.IE5_index.dat_49152'
0xe1ea2438   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0xe1de0428   1636   Key              MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0xe1cf9438   1636   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x8235cd08   1636   Event            ''
0x82388498   1636   Mutant           '!IETld!Mutex'
0xe1c83c08   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\IETLD
0x82111f38   1636   Mutant           'CTF.TimListCache.FMPDefaultS-1-5-21-1060284298-746137067-839522115-1003MUTEX.DefaultS-1-5-21-1060284298-746137067-839522115-100'
0xe1d15fa0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x820d1f48   1636   Mutant           ''
0xe1d323c0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x82041e68   1636   Semaphore        ''
0x824242f0   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe2284f40   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\1\DESKTOP
0xe20d72b8   1636   Section          'CTF.TimListCache.FMPDefaultS-1-5-21-1060284298-746137067-839522115-1003SFM.DefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x81f7d808   1636   Event            ''
0x824253b0   1636   File             '\\Documents and Settings\\phocean\\Start Menu'
0x8202b5e0   1636   Mutant           '_SHuassist.mtx'
0xe20dc0f0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe2118300   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USERASSIST\{75048700-EF1F-11D0-9888-006097DEACF9}\COUNT
0xe1d48c20   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USERASSIST\{5E6AB780-7743-11CF-A12B-00AA004AE837}\COUNT
0x823c8bf8   1636   Mutant           'ZonesCounterMutex'
0xe2123900   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x82504280   1636   Event            ''
0x82070278   1636   WmiGuid          ''
0xe2123850   1636   Section          'UrlZonesSM_phocean'
0x824b4330   1636   Mutant           'ZoneAttributeCacheCounterMutex'
0xe1e39008   1636   Key              MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_LOCALMACHINE_LOCKDOWN
0x823762b8   1636   Mutant           'ZonesCacheCounterMutex'
0x824b4330   1636   Mutant           'ZoneAttributeCacheCounterMutex'
0x8206d6a8   1636   Mutant           'ZonesLockedCacheCounterMutex'
0xe1f329f0   1636   Section          'AtlDebugAllocator_FileMappingNameStatic3_664'
0x81f4b358   1636   Event            ''
0xe1f329f0   1636   Section          'AtlDebugAllocator_FileMappingNameStatic3_664'
0xe212b9d8   1636   Port             ''
0x82467fd8   1636   Event            ''
0x824525a0   1636   Event            ''
0x82108ea8   1636   Event            ''
0x81f956f8   1636   WmiGuid          ''
0x824d43c8   1636   File             
0x823a9548   1636   File             
0x81f61870   1636   File             
0x824d36f0   1636   File             
0x82433010   1636   File             
0x81f232d0   1636   Semaphore        ''
0x81f2cd90   1636   Semaphore        ''
0xe20769e8   1636   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe2076980   1636   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe207d008   1636   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe207d0b8   1636   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x8205b1a8   1636   Event            'ShellReadyEvent'
0x82454ea8   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x823a9d88   1636   Thread           TID 1992 PID 1636
0xe1e0a290   1636   Port             ''
0xe1f64140   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x82502f78   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1efc138   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x8237f4f8   1636   File             '\\Documents and Settings\\phocean\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch'
0xe209db18   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x824d0290   1636   Event            ''
0xe210cbf0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x8250c220   1636   Semaphore        'PowerProfileRegistrySemaphore'
0x820b5bf0   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x824e2530   1636   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x820747c0   1636   Event            ''
0x8209e008   1636   Thread           TID 220 PID 1636
0x81f86410   1636   Event            ''
0x82379e60   1636   Mutant           ''
0x824f7538   1636   Event            ''
0x81f31318   1636   File             '\\Documents and Settings\\All Users\\Start Menu'
0x8202bde8   1636   Event            ''
0xe21a6080   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x82435508   1636   Event            ''
0x820cc730   1636   Event            ''
0x824d6588   1636   Mutant           ''
0x824d65d8   1636   Event            'HPlugEjectEvent'
0xe1fff4d8   1636   Section          'mmGlobalPnpInfo'
0x824354d8   1636   Event            ''
0xe20ffe28   1636   Port             ''
0x8236e338   1636   Event            'mixercallback'
0xe1c28700   1636   Section          'WDMAUD_Callbacks'
0x82461d58   1636   File             '\\{9B365890-165F-11D0-A195-0020AFD156E4}'
0x8242ce90   1636   Event            'hardwaremixercallback'
0x820e0930   1636   Thread           TID 224 PID 1636
0x8206aef0   1636   Mutant           ''
0x82379df0   1636   Mutant           ''
0x824c5f28   1636   Event            ''
0x82114828   1636   Mutant           'MidiMapper_Configure'
0xe1f39668   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe210cb88   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x824d6548   1636   Mutant           ''
0x8236edf8   1636   Mutant           'MidiMapper_modLongMessage_RefCnt'
0x82365390   1636   WmiGuid          ''
0xe2108a98   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x82502678   1636   Event            ''
0x82461f78   1636   File             '\\Documents and Settings\\phocean\\PrintHood'
0x823a3f98   1636   Event            ''
0x8251a208   1636   Event            ''
0x81f6a3a8   1636   Mutant           'MSCTF.Shared.MUTEX.EKG'
0xe211f0d8   1636   Section          'MSCTF.Shared.SFM.EKG'
0x8246ee30   1636   Event            ''
0x81f6a3a8   1636   Mutant           'MSCTF.Shared.MUTEX.EKG'
0xe211a920   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe211f0d8   1636   Section          'MSCTF.Shared.SFM.EKG'
0x82041a08   1636   Event            ''
0x820da208   1636   Event            ''
0x824d3f98   1636   Event            ''
0xe215b168   1636   Section          'MSCTF.Shared.SFM.IGG'
0x8253b0c8   1636   Mutant           'MSCTF.Shared.MUTEX.IGG'
0x8253b0c8   1636   Mutant           'MSCTF.Shared.MUTEX.IGG'
0xe215b168   1636   Section          'MSCTF.Shared.SFM.IGG'
0x824f8d28   1636   Event            ''
0xe22745d8   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x8244a990   1636   File             '\\srvsvc'
0x8202e9b0   1636   Semaphore        ''
0xe21de9f0   1636   Section          'MSCTF.MarshalInterface.FileMap.EKG.E.DDMJ'
0xe2239910   1636   Section          'MSCTF.MarshalInterface.FileMap.EKG.D.DDMJ'
0x820ca3e0   1636   Event            ''
0x823a3ef8   1636   Event            ''
0x8202b960   1636   File             '\\wkssvc'
0x824f7808   1636   Semaphore        ''
0x823bbd98   1636   Semaphore        ''
0x81f369e0   1636   Event            ''
0x81dfad58   1636   Event            ''
0x82114fd0   1636   Semaphore        ''
0x82114f98   1636   Semaphore        ''
0xe20e0fa0   1636   Key              MACHINE\SOFTWARE\MICROSOFT\TRACING\NETSHELL
0x81f25380   1636   Event            ''
0xe20a4298   1636   Port             ''
0xe1f0e8b0   1636   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe2332018   1636   Token            ''
0x8203c370   1636   Event            ''
0x8203c608   1636   Event            ''
0x82382608   1636   Event            ''
0x8250a350   1636   Mutant           ''
0xe1f51a70   1636   Section          'MSCTF.MarshalInterface.FileMap.EKG.F.DDMJ'
0xe1009698   1736   KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   1736   Directory        'KnownDlls'
0x8212f270   1736   File             '\\WINDOWS\\system32'
0x824d8668   1736   Semaphore        ''
0xe1900510   1736   Directory        'Windows'
0xe1eb8808   1736   Port             ''
0x824d86a0   1736   Semaphore        ''
0xe1658150   1736   Directory        'BaseNamedObjects'
0x8209f1f0   1736   Mutant           'SHIMLIB_LOG_MUTEX'
0xe1fdba10   1736   Key              MACHINE
0x820fe360   1736   WindowStation    'WinSta0'
0x824d8608   1736   Event            ''
0x82489a10   1736   Desktop          'Default'
0x820fe360   1736   WindowStation    'WinSta0'
0x81f56988   1736   Event            ''
0x824d58b8   1736   Semaphore        ''
0x824d5880   1736   Semaphore        ''
0xe1ff6288   1736   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x824d18e8   1736   Event            'DINPUTWINMM'
0x81f568c8   1736   File             
0x824d85a8   1736   Event            ''
0x820f17b0   1736   Event            ''
0x82364828   1736   Event            ''
0x81f8f060   1736   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x82405f20   1736   Event            'userenv:  User Profile setup event'
0x81f38668   1736   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x81f85f78   1736   File             '\\net\\NtControlPipe8'
0x81f85f10   1736   Event            ''
0x8237fa28   1736   Event            ''
0x8237f9f8   1736   Event            ''
0x8237f9c8   1736   Event            ''
0x8206f4c0   1736   Thread           TID 1740 PID 1736
0x8240abd8   1736   Event            ''
0xe1c28008   1736   Port             ''
0x82076db0   1736   Event            ''
0xe1fff330   1736   Key              MACHINE\SOFTWARE\CLASSES
0x820eb5a0   1736   Event            ''
0x825054f8   1736   Thread           TID 1748 PID 1736
0x820eb570   1736   Event            'RouterPreInitEvent'
0x820f1768   1736   IoCompletion     '\xe2\x92\x98'
0x82042390   1736   IoCompletion     ''
0x820f1768   1736   IoCompletion     '\xe2\x92\x98'
0x824b25c8   1736   File             '\\spoolss'
0x82120c48   1736   File             '\\spoolss'
0x8245ccb8   1736   Event            ''
0x82375680   1736   Thread           TID 1760 PID 1736
0xe16aad88   1736   Port             'spoolss'
0x8245cc48   1736   Event            ''
0x82375400   1736   Thread           TID 1764 PID 1736
0x823753d0   1736   Event            ''
0x823752f8   1736   Event            ''
0x8210a768   1736   Event            ''
0x820e4310   1736   Thread           TID 244 PID 1736
0x820da668   1736   Thread           TID 484 PID 1736
0x82111e10   1736   Event            ''
0x820ca410   1736   Event            ''
0x82364ad8   1736   Event            ''
0xe1caf198   1736   Key              USER
0x81f661e0   1736   Event            ''
0x820387d0   1736   Event            ''
0xe1ff8278   1736   Port             ''
0x82040268   1736   Event            ''
0x8248f620   1736   Mutant           ''
0xe1487a60   1736   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRINT
0x8239df98   1736   Event            ''
0x820da668   1736   Thread           TID 484 PID 1736
0x8248f660   1736   Event            ''
0x820f1520   1736   File             
0x81f8ad60   1736   File             
0x823c1698   1736   Event            ''
0x824a3618   1736   WmiGuid          ''
0xe2264c68   1736   Port             ''
0x81f858a0   1736   File             
0x82388650   1736   Event            ''
0x8206f740   1736   Process          spoolsv.exe(1736)
0x81f857f0   1736   Event            ''
0x8204bfd8   1736   Event            ''
0x823733d8   1736   File             
0x82113de8   1736   File             
0x82133d40   1736   File             
0x824a0950   1736   File             
0x82041bf8   1736   Semaphore        ''
0x82043e98   1736   Semaphore        ''
0xe225e6b0   1736   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe154e390   1736   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe16dbb60   1736   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe16b1ba8   1736   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x82515698   1736   File             
0xe1fe11a0   1736   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PRINT\PRINTERS
0x8237f370   1736   Event            ''
0x824ab278   1736   Event            ''
0x81f5c768   1736   Event            ''
0x820f1860   1736   Mutant           ''
0x82034298   1736   Event            ''
0x82405468   1736   Event            'crypt32LogoffEvent'
0x81f317b0   1736   Event            ''
0x82471f40   1736   Event            ''
0x81f9add8   1736   Event            ''
0x824975a8   1736   Event            ''
0x824ec570   1736   Event            ''
0x82074c00   1736   Event            ''
0x82074c30   1736   Event            ''
0x8250aa18   1736   Event            ''
0x82497548   1736   Event            ''
0x82113ce0   1736   Event            ''
0x824a3528   1736   Event            ''
0x82113d10   1736   Event            ''
0xe1c814d8   1736   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRINT\MONITORS\STANDARD TCP/IP PORT
0x824affa8   1736   Event            ''
0xe225f4e0   1736   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x82113cb0   1736   Event            ''
0xe1d33498   1736   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0xe1cc8d48   1736   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRINT\MONITORS\THINPRINT PRINT PORT MONITOR FOR VMWARE
0x81f8abf8   1736   Event            'TpVcW32ListEvent'
0x82388708   1736   Mutant           'TpVcW32ListMutex'
0xe2316eb8   1736   Section          'TpVcW32Queue-Tp-Handle'
0xe1e06708   1736   Section          'TpVcW32Queue1'
0x81f8abf8   1736   Event            'TpVcW32ListEvent'
0x82388708   1736   Mutant           'TpVcW32ListMutex'
0xe2316eb8   1736   Section          'TpVcW32Queue-Tp-Handle'
0xe1e06708   1736   Section          'TpVcW32Queue1'
0x8245c4e8   1736   Event            ''
0x823ada58   1736   Event            ''
0x81f8ac88   1736   Event            ''
0x8205b060   1736   Mutant           ''
0x82371310   1736   Event            ''
0x823712e0   1736   Event            ''
0x823941b8   1736   Thread           TID 800 PID 1736
0xe18fa3d0   1736   Key              MACHINE\SYSTEM\CONTROLSET001\HARDWARE PROFILES\0001
0x824a35e8   1736   Event            ''
0x8245c9d0   1736   Event            ''
0x824ec658   1736   Mutant           ''
0x8245c9a0   1736   Event            ''
0x824e5cf0   1736   Event            ''
0x82456c40   1736   File             '\\lsarpc'
0x81f8aba8   1736   Mutant           ''
0x824c9c10   1736   Event            ''
0x81f898f8   1736   File             '\\samr'
0x82042e48   1736   Mutant           'ThinPrint-L'
0x81f2dab8   1736   Event            ''
0x81f2da88   1736   Event            ''
0xe1e4ee28   1736   Port             ''
0xe2100240   1736   Port             ''
0x82029d78   1736   Event            ''
0xe1f38540   1736   Port             ''
0xe19e3960   1736   Token            ''
0xe20662b8   1736   Port             ''
0x82029ec0   1736   Event            ''
0xe2063840   1736   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PORTS
0xe1ca8c68   1736   Port             ''
0x820e1c10   1736   Event            ''
0x8239ada8   1736   Event            ''
0xe2196bf8   1736   Port             'OLE4D2DE0AF108F434BA6178F923BDF'
0x822c2d88   1736   Thread           TID 1496 PID 1736
0x820e1b78   1736   Event            ''
0xe1009698   1956   KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   1956   Directory        'KnownDlls'
0x82424de8   1956   File             '\\Documents and Settings\\phocean'
0x81f3d8b8   1956   Event            ''
0xe1900510   1956   Directory        'Windows'
0xe20e0cc0   1956   Port             ''
0x820fe360   1956   WindowStation    'WinSta0'
0xe1658150   1956   Directory        'BaseNamedObjects'
0x8209f1f0   1956   Mutant           'SHIMLIB_LOG_MUTEX'
0x82489a10   1956   Desktop          'Default'
0x820fe360   1956   WindowStation    'WinSta0'
0x824d8740   1956   Semaphore        ''
0x824d8708   1956   Semaphore        ''
0xe1d05478   1956   Key              MACHINE
0x823bfac8   1956   Event            ''
0x823bf7b8   1956   Semaphore        ''
0x823bf750   1956   Semaphore        ''
0xe2066a80   1956   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x82424828   1956   File             
0x81f3d918   1956   Event            ''
0x81f3d948   1956   Event            ''
0xe1941220   1956   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   1956   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x82405f20   1956   Event            'userenv:  User Profile setup event'
0x81f8bf28   1956   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x81f1e3b8   1956   Event            ''
0x823bf958   1956   Semaphore        ''
0xe2102430   1956   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\HWORDER
0x823bf8f0   1956   Semaphore        ''
0x823bfa28   1956   Semaphore        ''
0x8235cb80   1956   Event            ''
0x824d1008   1956   Mutant           ''
0x81f1e5c0   1956   Event            ''
0x8206c0c8   1956   Mutant           ''
0x82042cb8   1956   Event            ''
0x823a9358   1956   Mutant           ''
0x8212f9f0   1956   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82450010   1956   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1ce9420   1956   Port             ''
0xe1cadc80   1956   Section          '\xe2\x99\x98\xe8\x89\x9c\xe2\xa2\x88\xe8\x89\x9c'
0x81f61a68   1956   Mutant           'ShimCacheMutex'
0xe1919518   1956   Section          'ShimSharedMemory'
0xe20db940   1956   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003
0x82131220   1956   Mutant           'CTF.LBES.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0xe207a1c0   1956   Section          'CiceroSharedMemDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x81f1bb30   1956   Mutant           ''
0x821102a8   1956   Event            ''
0x82110278   1956   Event            ''
0x82033598   1956   Event            ''
0x82033568   1956   Event            ''
0x8210fd88   1956   Thread           TID 1960 PID 1956
0x81f7d868   1956   IoCompletion     '\xe2\x92\x98'
0x81f3da90   1956   IoCompletion     ''
0x81f7d868   1956   IoCompletion     '\xe2\x92\x98'
0x82477930   1956   Event            ''
0xe2108760   1956   Port             ''
0x82405468   1956   Event            'crypt32LogoffEvent'
0x820453c8   1956   Mutant           ''
0x82045308   1956   Event            ''
0x81f1bb00   1956   Event            ''
0x81f1bac0   1956   Mutant           ''
0x81f1ba90   1956   Event            ''
0x8204c4f8   1956   Event            ''
0x823655a8   1956   Mutant           'CTF.Compart.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x824590d8   1956   Mutant           'CTF.Asm.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x824d4778   1956   Mutant           'CTF.Layouts.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x81f1e370   1956   Mutant           'CTF.TMD.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x82379400   1956   Event            '\xe3\xb2\xa0'
0x820cc790   1956   Timer            ''
0x8204c6e8   1956   Event            ''
0x823a7968   1956   Thread           TID 2044 PID 1956
0x821131f8   1956   IoCompletion     ''
0x820d14f8   1956   Timer            ''
0x81f5eb08   1956   Thread           TID 172 PID 1956
0x82380b30   1956   Event            ''
0xe1f7c910   1956   Port             ''
0x82380ad0   1956   Event            ''
0xe1f3cb08   1956   Port             ''
0xe1009698   1964   KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   1964   Directory        'KnownDlls'
0x8242af78   1964   File             '\\Documents and Settings\\phocean'
0x820e9f78   1964   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0xe1900510   1964   Directory        'Windows'
0xe2118368   1964   Port             ''
0x82435f78   1964   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82450288   1964   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x8206c010   1964   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x823a92c8   1964   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x820fe360   1964   WindowStation    'WinSta0'
0x81f1ee68   1964   Event            ''
0x82489a10   1964   Desktop          'Default'
0x820fe360   1964   WindowStation    'WinSta0'
0x823bf9c0   1964   Semaphore        ''
0x823bfb60   1964   Semaphore        ''
0xe1c88140   1964   Key              MACHINE
0xe1658150   1964   Directory        'BaseNamedObjects'
0x81f8f060   1964   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x825046f0   1964   File             
0x81f1bd28   1964   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x825022c0   1964   Event            ''
0x81f5f170   1964   Mutant           ''
0x82476c98   1964   Event            ''
0x823a72b8   1964   Mutant           ''
0x824ca690   1964   Event            ''
0x824ca650   1964   Mutant           ''
0x82077748   1964   File             
0x82457598   1964   File             
0x821179f0   1964   File             
0x82502010   1964   File             
0x82110010   1964   File             
0x823bfa90   1964   Semaphore        ''
0x81f234d8   1964   Semaphore        ''
0xe2095288   1964   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe211ce78   1964   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe1f32ac8   1964   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe20eca40   1964   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x823abd88   1964   Thread           TID 1968 PID 1964
0x821132a0   1964   Event            ''
0xe1f1ca40   1964   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x82113270   1964   Event            ''
0xe1d5c928   1964   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0xe2077138   1964   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003
0x820edb08   1964   Semaphore        'shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}'
0xe1c225c8   1964   Port             ''
0xe1cadc80   1964   Section          '\xe2\x99\x98\xe8\x89\x9c\xe2\xa2\x88\xe8\x89\x9c'
0x81f61a68   1964   Mutant           'ShimCacheMutex'
0xe1919518   1964   Section          'ShimSharedMemory'
0x82030f40   1964   Event            ''
0x823aaa60   1964   Event            ''
0x824a2720   1964   Event            ''
0x8251a238   1964   Event            ''
0x823abd88   1964   Thread           TID 1968 PID 1964
0x82131220   1964   Mutant           'CTF.LBES.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0xe207a1c0   1964   Section          'CiceroSharedMemDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x823655a8   1964   Mutant           'CTF.Compart.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x824590d8   1964   Mutant           'CTF.Asm.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x824d4778   1964   Mutant           'CTF.Layouts.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x81f1e370   1964   Mutant           'CTF.TMD.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0xe1009698   1972   KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   1972   Directory        'KnownDlls'
0x82477578   1972   File             '\\Documents and Settings\\phocean'
0x82365e40   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0xe1900510   1972   Directory        'Windows'
0xe1c5ba68   1972   Port             ''
0x824d1078   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82476c00   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x81f389d0   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x8244d7e0   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82476cd0   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82380f78   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82385c80   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x823bfc30   1972   Semaphore        ''
0x823aa1f8   1972   Semaphore        ''
0xe21024a0   1972   Key              MACHINE
0x820fe360   1972   WindowStation    'WinSta0'
0x824a4c10   1972   Event            ''
0x82489a10   1972   Desktop          'Default'
0x820fe360   1972   WindowStation    'WinSta0'
0x8206af78   1972   File             
0xe1658150   1972   Directory        'BaseNamedObjects'
0x81f8f060   1972   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x82538730   1972   Event            ''
0x823ad2d0   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82386180   1972   Mutant           ''
0x82084230   1972   Event            ''
0x81f60958   1972   Mutant           ''
0x824d1a60   1972   Event            ''
0x824d27c0   1972   Mutant           ''
0x8247a720   1972   File             
0x824886e0   1972   File             
0x821163b8   1972   File             
0x824d6d80   1972   File             
0x82486d80   1972   File             
0x81f23408   1972   Semaphore        ''
0x81f2d168   1972   Semaphore        ''
0xe210a6b8   1972   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe1f0e960   1972   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe20690c8   1972   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe20f30d0   1972   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x8206bd88   1972   Thread           TID 1976 PID 1972
0x8207a368   1972   Event            ''
0xe2114550   1972   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x82110a98   1972   Event            ''
0xe1c160c8   1972   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0xe1c8c960   1972   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE
0xe20fefa0   1972   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS
0xe20fef38   1972   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS
0x823876b8   1972   Event            ''
0x82457008   1972   Event            ''
0x82457118   1972   Event            ''
0x824570e8   1972   Event            ''
0x824570b8   1972   Event            ''
0x8206bd88   1972   Thread           TID 1976 PID 1972
0x8204d118   1972   Event            ''
0xe211a298   1972   Port             ''
0xe2112a28   1972   Port             ''
0xe1cadc80   1972   Section          '\xe2\x99\x98\xe8\x89\x9c\xe2\xa2\x88\xe8\x89\x9c'
0xe207a1c0   1972   Section          'CiceroSharedMemDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x82131220   1972   Mutant           'CTF.LBES.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x823655a8   1972   Mutant           'CTF.Compart.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x824590d8   1972   Mutant           'CTF.Asm.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x824d4778   1972   Mutant           'CTF.Layouts.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x81f1e370   1972   Mutant           'CTF.TMD.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0xe20ac848   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003
0x82111f38   1972   Mutant           'CTF.TimListCache.FMPDefaultS-1-5-21-1060284298-746137067-839522115-1003MUTEX.DefaultS-1-5-21-1060284298-746137067-839522115-100'
0xe20d72b8   1972   Section          'CTF.TimListCache.FMPDefaultS-1-5-21-1060284298-746137067-839522115-1003SFM.DefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x81f61a68   1972   Mutant           'ShimCacheMutex'
0xe1919518   1972   Section          'ShimSharedMemory'
0x820d7430   1972   Event            ''
0x8204cf70   1972   Event            'VMwareToolsQuitEvent_vmusr'
0x824a6298   1972   Event            'VMwareToolsDumpStateEvent_vmusr'
0x8206bd88   1972   Thread           TID 1976 PID 1972
0x820aa210   1972   Semaphore        ''
0x820edb08   1972   Semaphore        'shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}'
0x82451d10   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x824d1c28   1972   Semaphore        ''
0x82074010   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x824d4cd8   1972   Event            ''
0xe1f64948   1972   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\HWORDER
0x820ae930   1972   Semaphore        ''
0x8206d248   1972   Semaphore        ''
0x8202e2c0   1972   Event            ''
0x820e2208   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82405f20   1972   Event            'userenv:  User Profile setup event'
0x82375a78   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x820eb748   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x81f31438   1972   Semaphore        ''
0x82402d58   1972   Event            'WinSta0_DesktopSwitch'
0x81f82118   1972   Event            ''
0x81f358a8   1972   Thread           TID 1256 PID 1972
0x82069cf0   1972   Event            ''
0x823c4160   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x823c4528   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82069d20   1972   Event            ''
0x82040208   1972   Event            ''
0x82075270   1972   Event            ''
0x824d00d8   1972   Event            ''
0x81f19638   1972   Thread           TID 1264 PID 1972
0x82032e80   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x823a50a8   1972   Event            ''
0x823a5078   1972   Event            ''
0x824a6248   1972   Mutant           ''
0x8204cfd8   1972   Event            'VMToolsWindowEvent'
0x82363300   1972   Timer            ''
0x820d1a28   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x8250a708   1972   Event            ''
0xe1fff400   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x82511340   1972   File             '\\Documents and Settings\\phocean\\Recent'
0xe20ac798   1972   Section          'VMToolsHookSharedMem'
0x81f894f0   1972   Mutant           'VMToolsHookQueueLock'
0x821102e8   1972   Event            'VMToolsHookQueueEvent'
0xe1f734d0   1972   Key              MACHINE\SOFTWARE\CLASSES
0xe1f556e0   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HLP\OPENWITHLIST
0xe1f7b948   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MSI\OPENWITHLIST
0x8244b2f0   1972   File             
0x81f5b228   1972   Event            ''
0x820eeb78   1972   File             
0xe1f544d8   1972   Key              USER
0x8244bbb0   1972   File             '\\Documents and Settings\\All Users\\Start Menu'
0xe1f54470   1972   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORK\WORLD FULL ACCESS SHARED PARAMETERS
0x82501968   1972   Semaphore        ''
0x81f8f060   1972   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x824ea010   1972   File             '\\Documents and Settings\\phocean\\Start Menu'
0xe1cb4f38   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM
0xe1cb4fa0   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER
0xe1f5d8e0   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICACHE
0x824646c8   1972   Semaphore        'shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}'
0x823a60c0   1972   IoCompletion     '\xe2\x92\x98'
0x82516898   1972   IoCompletion     ''
0x823a60c0   1972   IoCompletion     '\xe2\x92\x98'
0xe212b540   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS
0xe20ac7e0   1972   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\BLOCKED
0xe1f328d0   1972   Key              MACHINE\SOFTWARE\CLASSES
0xe2147210   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x820eeb10   1972   Event            ''
0xe211cb28   1972   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x823a56a0   1972   Event            ''
0xe20f3868   1972   Key              USER
0x81f896a0   1972   Event            ''
0xe1f66d58   1972   Key              MACHINE\SOFTWARE\CLASSES
0x82476878   1972   Event            ''
0xe1c29dc8   1972   Key              USER
0x824d2080   1972   Event            ''
0xe1f55930   1972   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x8242ce50   1972   Event            ''
0xe1f5d878   1972   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x823a8280   1972   Event            ''
0xe1f558c8   1972   Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x824d2008   1972   Event            ''
0xe20b18c0   1972   Key              MACHINE\SOFTWARE\CLASSES
0x8244bb48   1972   Event            ''
0xe20f2d50   1972   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82066c08   1972   Event            ''
0xe20b8278   1972   Key              USER
0x824b2d80   1972   Event            ''
0xe210a878   1972   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x824d4da0   1972   Event            ''
0xe1c29d60   1972   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x8206b738   1972   Event            ''
0xe1f64878   1972   Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x824a6398   1972   Event            ''
0x82405468   1972   Event            'crypt32LogoffEvent'
0xe213b210   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x82034338   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x824fb148   1972   Event            ''
0x82364410   1972   Event            ''
0xe1f5d948   1972   Key              MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_PROTOCOL_LOCKDOWN
0xe1687200   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x82110be0   1972   File             
0x824fbc08   1972   Event            ''
0x823ac008   1972   WmiGuid          ''
0x81f39898   1972   File             
0x81f35580   1972   Event            ''
0x81f62d88   1972   Process          vmtoolsd.exe(1972)
0x823643b0   1972   Event            ''
0x81f35550   1972   Event            ''
0x824b45a0   1972   WmiGuid          ''
0x8210bb38   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x8240bdf0   1972   Mutant           ''
0x82364380   1972   Event            ''
0x824d4af0   1972   Mutant           ''
0x81f35520   1972   Event            ''
0x81f354f0   1972   Event            ''
0x824fb178   1972   Event            ''
0x8210a918   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x81f5b260   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1cb4ed0   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0xe1f5da40   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x82040450   1972   Event            ''
0xe20c7140   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\CACHED
0x820403e8   1972   Event            ''
0x824a28e8   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe1f1ce70   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\BLOCKED
0xe1f73268   1972   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\CACHED
0x8245f898   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82377838   1972   WmiGuid          ''
0x824cc008   1972   WmiGuid          ''
0x824b2008   1972   WmiGuid          ''
0x81f82008   1972   WmiGuid          ''
0x81f36300   1972   WmiGuid          ''
0xe20d6a38   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\POLICIES
0xe1fde538   1972   Key              MACHINE\SOFTWARE\POLICIES
0xe2100a30   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE
0xe1f6f630   1972   Key              MACHINE\SOFTWARE
0xe20cb810   1972   Key              MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0xe206c488   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0xe1f42e68   1972   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x81f5c660   1972   Event            ''
0x82388498   1972   Mutant           '!IETld!Mutex'
0xe2120a48   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\IETLD
0x824e0a68   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe211a858   1972   Port             ''
0x824584f0   1972   Mutant           '_!MSFTHISTORY!_'
0x8237f400   1972   Mutant           'c:!documents and settings!phocean!local settings!temporary internet files!content.ie5!'
0x81f356f0   1972   File             '\\Documents and Settings\\phocean\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat'
0xe1cf1e70   1972   Section          'C:_Documents and Settings_phocean_Local Settings_Temporary Internet Files_Content.IE5_index.dat_262144'
0x820f14d8   1972   Mutant           'c:!documents and settings!phocean!cookies!'
0x820f1970   1972   File             '\\Documents and Settings\\phocean\\Cookies\\index.dat'
0xe1c206a8   1972   Section          'C:_Documents and Settings_phocean_Cookies_index.dat_32768'
0x824a8d78   1972   Mutant           'c:!documents and settings!phocean!local settings!history!history.ie5!'
0x82034d68   1972   File             '\\Documents and Settings\\phocean\\Local Settings\\History\\History.IE5\\index.dat'
0xe1cc8e98   1972   Section          'C:_Documents and Settings_phocean_Local Settings_History_History.IE5_index.dat_49152'
0x8239da58   1972   Semaphore        ''
0x8244f680   1972   Semaphore        ''
0xe1687698   1972   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003_CLASSES
0x824f8958   1972   Semaphore        ''
0x820d75d0   1972   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x8204b4b8   1972   Event            ''
0x82376a68   1972   Semaphore        ''
0x82064918   1972   Semaphore        ''
0x81f57268   1972   Semaphore        ''
0x820ced20   1972   Semaphore        ''
0x81f5b9b8   1972   Semaphore        ''
0x824c5d98   1972   Semaphore        ''
0x81f58970   1972   Semaphore        ''
0x81f565a0   1972   Semaphore        ''
0x821053b0   1972   Semaphore        ''
0xe1009698   2008   KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   2008   Directory        'KnownDlls'
0x824b0708   2008   File             '\\Documents and Settings\\phocean'
0x81f3dc20   2008   Semaphore        ''
0xe1900510   2008   Directory        'Windows'
0xe1f19148   2008   Port             ''
0x81f3dbe8   2008   Semaphore        ''
0xe1658150   2008   Directory        'BaseNamedObjects'
0x8209f1f0   2008   Mutant           'SHIMLIB_LOG_MUTEX'
0xe2109368   2008   Key              MACHINE
0x820fe360   2008   WindowStation    'WinSta0'
0x82504410   2008   Event            ''
0x82489a10   2008   Desktop          'Default'
0x820fe360   2008   WindowStation    'WinSta0'
0xe207a1c0   2008   Section          'CiceroSharedMemDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x82131220   2008   Mutant           'CTF.LBES.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x823655a8   2008   Mutant           'CTF.Compart.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x824590d8   2008   Mutant           'CTF.Asm.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x824d4778   2008   Mutant           'CTF.Layouts.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x81f1e370   2008   Mutant           'CTF.TMD.MutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0xe2109798   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003
0x820d7ab0   2008   Event            ''
0x823c14c8   2008   Semaphore        ''
0x823c1500   2008   Semaphore        ''
0xe1c8c770   2008   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x824330b0   2008   File             
0x820d7a80   2008   Event            ''
0x820d7a50   2008   Event            ''
0xe2069008   2008   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   2008   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x82405f20   2008   Event            'userenv:  User Profile setup event'
0x82077800   2008   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82030f78   2008   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe20ecc90   2008   Port             ''
0x821132e0   2008   Mutant           'CtfmonInstMutexDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0xe1cadc80   2008   Section          '\xe2\x99\x98\xe8\x89\x9c\xe2\xa2\x88\xe8\x89\x9c'
0x82111f38   2008   Mutant           'CTF.TimListCache.FMPDefaultS-1-5-21-1060284298-746137067-839522115-1003MUTEX.DefaultS-1-5-21-1060284298-746137067-839522115-100'
0xe20d72b8   2008   Section          'CTF.TimListCache.FMPDefaultS-1-5-21-1060284298-746137067-839522115-1003SFM.DefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x81f62ba8   2008   Mutant           'MSCTF.GCompartListMUTEX.DefaultS-1-5-21-1060284298-746137067-839522115-1003'
0xe1d2a980   2008   Section          'MSCTF.GCompartListSFM.DefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x82111fa8   2008   Event            ''
0xe2105198   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\KEYBOARD LAYOUT\TOGGLE
0xe212dcd8   2008   Section          'CTF.AsmListCache.FMPDefaultS-1-5-21-1060284298-746137067-839522115-1003'
0x820ba258   2008   Event            ''
0xe211cf00   2008   Key              MACHINE\SOFTWARE\MICROSOFT\CTF\TIP
0xe211ca70   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM
0xe211ca08   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICACHE
0xe1f51218   2008   Key              USER
0x82454f38   2008   Event            ''
0xe1f0e450   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\KEYBOARD LAYOUT\PRELOAD
0x82475270   2008   Event            ''
0xe1f5b840   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
0x82111ef8   2008   Event            ''
0xe1f4f210   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\CTF\TIP
0x82111fd8   2008   Event            ''
0xe1d5c5e0   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\SPEECH
0x81f8b6a0   2008   Event            ''
0xe1d5c578   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\CONTROL PANEL\APPEARANCE
0x82519b40   2008   Event            ''
0xe1f50210   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\CONTROL PANEL\COLORS
0x82045338   2008   Event            ''
0xe21230c8   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\CONTROL PANEL\DESKTOP\WINDOWMETRICS
0x81f8b670   2008   Event            ''
0xe1f5a498   2008   Key              MACHINE\SOFTWARE\MICROSOFT\SPEECH
0x824d3b10   2008   Event            ''
0xe1f5a430   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\KEYBOARD LAYOUT
0x82519b10   2008   Event            ''
0xe2121480   2008   Key              USER\S-1-5-21-1060284298-746137067-839522115-1003\SOFTWARE\MICROSOFT\CTF\ASSEMBLIES
0x824752a8   2008   File             
0xe1919518   2008   Section          'ShimSharedMemory'
0x81f8a598   2008   Event            ''
0x824249f8   2008   File             
0x820d14c8   2008   Event            ''
0x824d1608   2008   Process          ctfmon.exe(2008)
0x820d1498   2008   Event            ''
0x82379ea0   2008   Event            ''
0x81f61a68   2008   Mutant           'ShimCacheMutex'
0x82402d58   2008   Event            'WinSta0_DesktopSwitch'
0xe1009698   268    KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   268    Directory        'KnownDlls'
0x82045010   268    File             '\\WINDOWS\\system32'
0x8250c5a0   268    Semaphore        ''
0xe1900510   268    Directory        'Windows'
0xe20d7360   268    Port             ''
0x82389b78   268    Semaphore        ''
0xe1658150   268    Directory        'BaseNamedObjects'
0x8209f1f0   268    Mutant           'SHIMLIB_LOG_MUTEX'
0x824cd300   268    Thread           TID 320 PID 268
0x820e9aa0   268    WindowStation    'Service-0x0-3e5$'
0x824d23a8   268    Event            ''
0x824b1590   268    Desktop          'Default'
0x820e9aa0   268    WindowStation    'Service-0x0-3e5$'
0x82477710   268    Event            ''
0x824b2ab0   268    Semaphore        ''
0x824ae318   268    Semaphore        ''
0xe1e54738   268    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x82110360   268    Event            ''
0x81f63e08   268    File             
0x82111f78   268    Event            ''
0xe2118130   268    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   268    Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0xe1f894d0   268    Token            ''
0x823aaa98   268    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x824d6608   268    Event            ''
0x8250c568   268    Semaphore        ''
0x82506478   268    Semaphore        ''
0x825064b0   268    Semaphore        ''
0x8247a508   268    Semaphore        ''
0x8247a570   268    Semaphore        ''
0x820e0bb0   268    Semaphore        ''
0x8202bc00   268    Semaphore        ''
0x820e0c18   268    Semaphore        ''
0x824d1b60   268    Semaphore        ''
0x81f5e998   268    Semaphore        ''
0x81f5e960   268    Semaphore        ''
0x824d8938   268    Semaphore        ''
0x825033a8   268    Event            ''
0x81f63da0   268    Event            ''
0x81f41260   268    Event            ''
0x82502638   268    Event            ''
0x82067a30   268    Thread           TID 272 PID 268
0xe1f66be0   268    Port             ''
0x8210f958   268    Event            ''
0x82436800   268    IoCompletion     '\xe2\x92\x98'
0x8207f718   268    File             '\\net\\NtControlPipe9'
0x82077e60   268    IoCompletion     ''
0x82436800   268    IoCompletion     '\xe2\x92\x98'
0xe2101158   268    Port             ''
0x82477680   268    Event            ''
0x82114ac8   268    File             '\\DAV RPC SERVICE'
0x824715e0   268    Thread           TID 308 PID 268
0x82461b00   268    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82365f40   268    Event            ''
0x82502390   268    Event            ''
0xe1efc1a0   268    Key              MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_PROTOCOL_LOCKDOWN
0xe1f55428   268    Key              USER\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x81f1b9b8   268    File             
0x824d3b40   268    Event            ''
0x820ea570   268    WmiGuid          ''
0x81f1b920   268    File             
0x82365f10   268    Event            ''
0x823a7d88   268    Process          svchost.exe(268)
0x820ba228   268    Event            ''
0x823c8e18   268    Event            ''
0x823bb2c0   268    WmiGuid          ''
0x8242dc60   268    Event            ''
0x82365f78   268    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x81f97c10   268    File             
0x82110ee8   268    File             
0x820edb08   268    Semaphore        'shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}'
0x82110ac8   268    Event            ''
0xe1d5c9c0   268    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x82477a00   268    Event            ''
0xe1f53420   268    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0xe1f534a8   268    Key              MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x8209f620   268    WmiGuid          ''
0xe1f52208   268    Key              USER\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0xe1e54b98   268    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0xe1f641a8   268    Key              MACHINE\SOFTWARE\POLICIES
0xe20fd198   268    Key              USER\S-1-5-19\SOFTWARE\POLICIES
0xe1f7b228   268    Key              USER\S-1-5-19\SOFTWARE
0xe1efe180   268    Key              MACHINE\SOFTWARE
0xe1f6eb48   268    Port             ''
0x824584f0   268    Mutant           '_!MSFTHISTORY!_'
0x81f8b8c0   268    File             '\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat'
0x81f5e6f0   268    Mutant           'c:!documents and settings!localservice!local settings!temporary internet files!content.ie5!'
0xe1f88be0   268    Section          'C:_Documents and Settings_LocalService_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768'
0x824880c0   268    File             '\\Documents and Settings\\LocalService\\Cookies\\index.dat'
0x82110c80   268    Mutant           'c:!documents and settings!localservice!cookies!'
0xe1f5a3e8   268    Section          'C:_Documents and Settings_LocalService_Cookies_index.dat_16384'
0x82373f48   268    File             '\\Documents and Settings\\LocalService\\Local Settings\\History\\History.IE5\\index.dat'
0x82473190   268    Mutant           'c:!documents and settings!localservice!local settings!history!history.ie5!'
0xe1f563f8   268    Section          'C:_Documents and Settings_LocalService_Local Settings_History_History.IE5_index.dat_16384'
0x82042fc8   268    Mutant           'WininetStartupMutex'
0x81f5b4f8   268    Mutant           ''
0x82042df8   268    Mutant           'WininetProxyRegistryMutex'
0x82376398   268    Event            ''
0x824d88c8   268    Semaphore        ''
0x824d8900   268    Semaphore        ''
0x8203c0a0   268    File             '\\DAV RPC SERVICE'
0x82102758   268    Event            ''
0x820675b8   268    Thread           TID 324 PID 268
0x82401b00   268    File             
0x820fdba0   268    File             
0xe1009698   336    KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   336    Directory        'KnownDlls'
0x824fc750   336    File             '\\WINDOWS\\system32'
0x824c1378   336    Semaphore        ''
0xe1900510   336    Directory        'Windows'
0xe2111470   336    Port             ''
0x824d87e8   336    Semaphore        ''
0xe1658150   336    Directory        'BaseNamedObjects'
0x8209f1f0   336    Mutant           'SHIMLIB_LOG_MUTEX'
0xe1e547a0   336    Key              MACHINE
0x820e9aa0   336    WindowStation    'Service-0x0-3e5$'
0x820b7658   336    Event            ''
0x824b1590   336    Desktop          'Default'
0x820e9aa0   336    WindowStation    'Service-0x0-3e5$'
0x8242b620   336    Event            ''
0x82465bc8   336    Semaphore        ''
0x823ad3b0   336    Semaphore        ''
0xe1f1c240   336    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x823ad380   336    Event            ''
0x820de010   336    File             
0x8246f4f8   336    Event            ''
0xe1f656d8   336    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   336    Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x824e64b0   336    Event            ''
0x823beb00   336    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82470100   336    Event            ''
0x824700d0   336    Event            ''
0x8246e3c8   336    File             '\\net\\NtControlPipe10'
0x823a4718   336    Event            ''
0x8210aba0   336    Thread           TID 340 PID 336
0x81f53610   336    Event            ''
0xe2123d00   336    Port             ''
0x82380b00   336    Event            ''
0x8242be98   336    Mutant           ''
0x81f608f8   336    Event            ''
0x8242be68   336    Event            ''
0x82131ed8   336    Mutant           ''
0x82131ea8   336    Event            ''
0x820eb260   336    Mutant           ''
0x820eb220   336    Mutant           ''
0x824c0100   336    Mutant           ''
0x824c00c0   336    Mutant           ''
0xe1f5caa0   336    Token            ''
0x81f5c978   336    Thread           TID 1240 PID 336
0xe210c4f8   336    Port             ''
0x824fe2b0   336    Thread           TID 384 PID 336
0x82123068   336    Event            ''
0xe15e88b8   336    Port             'BthServEp'
0x823a6210   336    Thread           TID 444 PID 336
0x820a0c90   336    File             
0x824bc068   336    Event            ''
0x824fe2b0   336    Thread           TID 384 PID 336
0x8246f4b0   336    IoCompletion     '\xe2\x92\x98'
0x820ef1b8   336    IoCompletion     ''
0x8246f4b0   336    IoCompletion     '\xe2\x92\x98'
0x820ef188   336    Event            ''
0xe1ff9410   336    Port             ''
0x81f4b758   336    Mutant           ''
0x82123670   336    Mutant           ''
0x821236b0   336    Event            ''
0x81f5fbf8   336    Thread           TID 428 PID 336
0x8211ecb0   336    Event            ''
0x82505bc0   336    Timer            ''
0x82405468   336    Event            'crypt32LogoffEvent'
0x824cd148   336    Event            ''
0x81f5c168   336    Mutant           ''
0x823a8178   336    Event            ''
0x823a8148   336    Event            ''
0x8211ece0   336    Event            ''
0xe1f3d910   336    Port             ''
0x81f6a930   336    File             
0x82074518   336    File             
0x824e4828   336    File             
0x824e47e8   336    Semaphore        ''
0x8209f850   336    Semaphore        ''
0xe2081210   336    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe2063520   336    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe2105050   336    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe20ac420   336    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x8242ac48   336    Semaphore        ''
0x81f82200   336    Semaphore        ''
0x8242a538   336    Semaphore        ''
0x82454730   336    Semaphore        ''
0x81f5b690   336    Event            ''
0xe1f73418   336    Port             ''
0x820ca898   336    Thread           TID 1200 PID 336
0x81f2d2f0   336    Process          rundll32.exe(1956)
0x82379400   336    Event            '\xe3\xb2\xa0'
0xe1009698   528    KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   528    Directory        'KnownDlls'
0x8203f2f0   528    File             '\\WINDOWS\\system32'
0x823a4e08   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0xe1900510   528    Directory        'Windows'
0xe1cb4d00   528    Port             ''
0x81f34238   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x8203e2f0   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x81f36238   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x8237d238   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x824b4a28   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82077a80   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x820e8238   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82501f68   528    Semaphore        ''
0x8209f7d8   528    Semaphore        ''
0xe20fe3c8   528    Key              MACHINE
0x820fe360   528    WindowStation    'WinSta0'
0x823c18a0   528    Event            ''
0x82489a10   528    Desktop          'Default'
0x820fe360   528    WindowStation    'WinSta0'
0x81f1e188   528    File             
0xe1658150   528    Directory        'BaseNamedObjects'
0x81f8f060   528    Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x8206b2d8   528    Event            ''
0x8206b628   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x820e0ca8   528    Mutant           ''
0x820f9850   528    Event            ''
0x820f9810   528    Mutant           ''
0x820f97e0   528    Event            ''
0x825176d0   528    Mutant           ''
0x820b2c60   528    File             
0x82505cc8   528    File             
0x8206b590   528    File             
0x82049b60   528    File             
0x823c0590   528    File             
0x82032d30   528    Semaphore        ''
0x820ec5c8   528    Semaphore        ''
0xe1fda220   528    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe20fe460   528    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe16d05e0   528    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe1f16330   528    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x823aad88   528    Thread           TID 368 PID 528
0x82517610   528    Event            ''
0xe1f536e0   528    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x81f2e2e8   528    Event            ''
0xe1e25008   528    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0xe1840318   528    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS
0xe1f1cc50   528    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE
0xe1e250b0   528    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS
0x82387b68   528    File             '\\net\\NtControlPipe11'
0x82504ed0   528    Event            ''
0x824b4570   528    Event            ''
0x824b4540   528    Event            ''
0x820e2298   528    Event            ''
0x823aad88   528    Thread           TID 368 PID 528
0x824a9248   528    Event            ''
0xe20ac640   528    Port             ''
0x81f89640   528    Event            ''
0x82501478   528    Thread           TID 608 PID 528
0x823a7678   528    Event            ''
0x823a7648   528    Event            ''
0xe1f55248   528    Port             ''
0x8202bf40   528    Event            ''
0x820ae8f8   528    Semaphore        ''
0x820ae8c0   528    Semaphore        ''
0x824e50e0   528    Semaphore        ''
0x8204a8c8   528    Semaphore        ''
0x820ec600   528    Semaphore        ''
0x82038400   528    Semaphore        ''
0x8202bf08   528    Semaphore        ''
0x81f1bf38   528    Semaphore        ''
0x81f1bf00   528    Semaphore        ''
0x82069dc8   528    Semaphore        ''
0x82069d90   528    Semaphore        ''
0x82504680   528    Semaphore        ''
0x82504650   528    Event            ''
0x81f86ed8   528    Event            'VMwareToolsQuitEvent_vmsvc'
0x8206eca8   528    Event            'VMwareToolsDumpStateEvent_vmsvc'
0x82501478   528    Thread           TID 608 PID 528
0x820c9260   528    Semaphore        ''
0x820edb08   528    Semaphore        'shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}'
0x8244c428   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x820ce208   528    Semaphore        ''
0x8244a010   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82074fd8   528    Event            ''
0xe20c62e8   528    Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\HWORDER
0x82074f68   528    Semaphore        ''
0x82074f30   528    Semaphore        ''
0x82074f00   528    Event            ''
0x8244b650   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82405f20   528    Event            'userenv:  User Profile setup event'
0xe209d740   528    Port             ''
0x824d6040   528    Event            ''
0xe1cadc80   528    Section          '\xe2\x99\x98\xe8\x89\x9c\xe2\xa2\x88\xe8\x89\x9c'
0x8211f358   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x8237fb00   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82064210   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x8237fa68   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82107260   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82503010   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0xe1d5c660   528    Key              MACHINE\SOFTWARE\VMWARE, INC.\VMWARE TOOLS\VMUPGRADEHELPER
0x823c1a58   528    IoCompletion     '\xe2\x92\x98'
0x82040a00   528    IoCompletion     ''
0x823c1a58   528    IoCompletion     '\xe2\x92\x98'
0x82377238   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82064498   528    Thread           TID 1384 PID 528
0x820e2760   528    Event            ''
0x820e9c50   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x82063010   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x824f8730   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x824f6010   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e'
0x8246d598   528    Event            ''
0xe213d3f0   528    Key              MACHINE\SOFTWARE\CLASSES
0xe20ff778   528    Key              MACHINE\SOFTWARE\CLASSES
0x824b20e8   528    Event            ''
0xe215b430   528    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f820e8   528    Event            ''
0xe20ac928   528    Key              USER
0x81f362d0   528    Event            ''
0xe21823c8   528    Key              MACHINE\SOFTWARE\CLASSES
0x82065398   528    Event            ''
0xe2192268   528    Key              USER
0x823a18b8   528    Event            ''
0xe1cc5120   528    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x824708b8   528    Event            ''
0xe1f7d2a8   528    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x8203b8d0   528    Event            ''
0xe1f9a2b0   528    Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x81f57820   528    Event            ''
0xe21a9148   528    Key              MACHINE\SOFTWARE\CLASSES
0x8237d448   528    Event            ''
0xe1f6c150   528    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x824f60d8   528    Event            ''
0xe21a9580   528    Key              USER
0x824f60a8   528    Event            ''
0xe21a9518   528    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x823633c0   528    Event            ''
0xe1e4de98   528    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x824f6e88   528    Event            ''
0xe211ab58   528    Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x824f67d0   528    Event            ''
0xe1e4de30   528    Key              MACHINE\SOFTWARE\CLASSES
0xe212e198   528    Key              MACHINE\SOFTWARE\CLASSES
0x81f5a700   528    Event            ''
0x821060c8   528    Mutant           ''
0x81f61a68   528    Mutant           'ShimCacheMutex'
0xe20aca10   528    Port             ''
0x82124370   528    Event            ''
0xe21313e0   528    Port             'OLEA8A0DBCA17474647B175B0526DC1'
0x824973e0   528    Event            ''
0x824f61c8   528    Event            ''
0x82064498   528    Thread           TID 1384 PID 528
0x81f31818   528    File             '\\lsarpc'
0x824f16c8   528    Event            ''
0xe21f6318   528    Port             ''
0xe21cd420   528    Key              MACHINE\SOFTWARE\CLASSES
0x81f8f060   528    Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0xe212e130   528    Key              USER\.DEFAULT
0x820a9960   528    Semaphore        ''
0xe21fb418   528    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORK\WORLD FULL ACCESS SHARED PARAMETERS
0x821243b0   528    Mutant           'HGFSMUTEX00000000000003e7'
0x8248a010   528    File             '\\WINDOWS\\system32\\config\\systemprofile\\Local Settings\\Application Data\\VMware\\hgfs.dat'
0xe21a6840   528    Key              USER
0x824f73f8   528    File             '\\WINDOWS\\system32\\config\\systemprofile\\Local Settings\\Application Data'
0xe2103760   528    Section          'HGFSMEMORY00000000000003e7'
0x82463ba0   528    Event            ''
0x81f5a738   528    File             '\\lsarpc'
0x82523a08   528    Event            ''
0x824f91b8   528    Thread           TID 1404 PID 528
0xe21a9008   528    Port             ''
0xe1f7a828   528    Port             ''
0x824702c8   528    Event            ''
0xe20c69a8   528    Key              USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER
0x824646c8   528    Semaphore        'shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}'
0x8242a800   528    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x824a2590   528    Event            ''
0x82109528   528    File             '\\wkssvc'
0x8242a7c8   528    Event            ''
0x81f8ad28   528    Event            ''
0x81f8acf8   528    Event            ''
0xe2182d60   528    Port             ''
0x824702f8   528    Event            ''
0x820de0a8   528    Event            ''
0x82449650   528    Event            ''
0x82107d88   528    Thread           TID 776 PID 528
0x820f8068   528    Event            ''
0xe1ffd198   528    Key              MACHINE\SOFTWARE\CLASSES
0xe20d6d88   528    Port             ''
0xe1f51988   528    Port             ''
0x824f7b08   528    Event            ''
0xe2148070   528    Key              MACHINE\SOFTWARE\CLASSES
0xe1f50508   528    Key              MACHINE\SOFTWARE\CLASSES
0xe1c7d3b0   528    Key              MACHINE\SOFTWARE\CLASSES
0xe1919518   528    Section          'ShimSharedMemory'
0x81f3dd90   528    Event            ''
0xe212b120   528    Port             ''
0xe2110d68   528    Port             ''
0xe2256b70   528    Key              MACHINE\SOFTWARE\CLASSES
0xe2376550   528    Token            ''
0x81f1fc18   528    Event            ''
0xe1009698   1452   KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   1452   Directory        'KnownDlls'
0x823a80b8   1452   File             '\\WINDOWS\\system32'
0x8204b558   1452   Semaphore        ''
0xe1900510   1452   Directory        'Windows'
0xe2110468   1452   Port             ''
0x81f1b508   1452   Semaphore        ''
0xe1658150   1452   Directory        'BaseNamedObjects'
0x8209f1f0   1452   Mutant           'SHIMLIB_LOG_MUTEX'
0xe21a90e0   1452   Key              MACHINE
0x82494660   1452   WindowStation    'Service-0x0-3e4$'
0x82433e38   1452   Event            ''
0x823852f0   1452   Desktop          'Default'
0x82494660   1452   WindowStation    'Service-0x0-3e4$'
0x82035e40   1452   File             
0x820b9bb8   1452   Mutant           ''
0x81f59468   1452   Event            ''
0x824ed528   1452   Event            ''
0x823a20d0   1452   Semaphore        ''
0x825239d0   1452   Semaphore        ''
0xe21d1308   1452   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x824b0f68   1452   Event            ''
0x824b0f98   1452   Event            ''
0xe215b4f0   1452   Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   1452   Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0xe2225318   1452   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE
0x820b9dd8   1452   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe2190948   1452   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS
0xe1f36a98   1452   Key              MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS
0x81f60068   1452   Event            ''
0x81f52008   1452   Event            ''
0x81f52088   1452   Event            ''
0x81f52058   1452   Event            ''
0x820657d0   1452   Thread           TID 1456 PID 1452
0x81f510d8   1452   Event            ''
0xe22375a0   1452   Port             ''
0x81f510a8   1452   Event            ''
0xe1f313c8   1452   Port             ''
0x824b0f20   1452   IoCompletion     '\xe2\x92\x98'
0xe1f7c808   1452   Section          'Wmi Provider Sub System Counters'
0x82113658   1452   IoCompletion     ''
0x824b0f20   1452   IoCompletion     '\xe2\x92\x98'
0x821135c0   1452   Event            ''
0x82074d48   1452   Event            ''
0x82113590   1452   Event            ''
0x82382810   1452   Event            ''
0x820350e0   1452   Event            'WBEM_ESS_OPEN_FOR_BUSINESS'
0x823827e0   1452   Event            ''
0x824c4d88   1452   Thread           TID 1560 PID 1452
0xe1f53608   1452   Key              MACHINE\SOFTWARE\CLASSES
0xe1f79150   1452   Key              USER\S-1-5-20_CLASSES
0x82382750   1452   Event            ''
0xe213b470   1452   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82477b38   1452   Event            ''
0xe213b4d8   1452   Key              USER
0x82477ad0   1452   Event            ''
0xe213b540   1452   Key              MACHINE\SOFTWARE\CLASSES
0x82477a68   1452   Event            ''
0xe21f6470   1452   Key              USER
0x82477a38   1452   Event            ''
0xe21f64d8   1452   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82379f68   1452   Event            ''
0xe2228540   1452   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x82379f00   1452   Event            ''
0xe21f6540   1452   Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x81f5eaa0   1452   Event            ''
0xe21c1858   1452   Key              MACHINE\SOFTWARE\CLASSES
0x81f5ea38   1452   Event            ''
0xe222b470   1452   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f60bd8   1452   Event            ''
0xe222b4d8   1452   Key              USER
0x81f60b70   1452   Event            ''
0xe21c18c0   1452   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f60b08   1452   Event            ''
0xe2252cd0   1452   Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f60ad8   1452   Event            ''
0xe225d620   1452   Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x824a3788   1452   Event            ''
0xe2269158   1452   Key              USER\S-1-5-20_CLASSES
0xe2274238   1452   Key              USER\S-1-5-20_CLASSES
0xe2222a68   1452   Port             'OLEBE54F93FAB7148E3B2EEF266C05D'
0xe1f5dac8   1452   Port             ''
0x824ec7a0   1452   Event            ''
0x824c4510   1452   Thread           TID 1568 PID 1452
0x824ec6f8   1452   Event            ''
0x81f1ed08   1452   Event            ''
0x81f1eca0   1452   Event            ''
0x824a8f30   1452   Event            'EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM'
0x820657d0   1452   Thread           TID 1456 PID 1452
0x81f51f10   1452   Event            ''
0xe21feab0   1452   Key              USER\S-1-5-20_CLASSES
0x81f51ee0   1452   Event            ''
0x81f51f78   1452   File             '\\lsarpc'
0xe222cf18   1452   Port             ''
0x824f7658   1452   Event            ''
0xe227f518   1452   Key              USER\S-1-5-20_CLASSES
0xe227b2a0   1452   Key              USER\S-1-5-20_CLASSES
0x824f7628   1452   Event            ''
0x824f75f8   1452   Event            ''
0x823a0580   1452   Thread           TID 1908 PID 1452
0x820292f0   1452   Event            ''
0x824a6580   1452   Event            ''
0x82376c50   1452   Event            ''
0x82376bb8   1452   Event            ''
0x82376b88   1452   Event            ''
0x824c5f58   1452   Event            ''
0xe2239778   1452   Key              USER\S-1-5-20_CLASSES
0x82385008   1452   Thread           TID 1940 PID 1452
0xe22778f8   1452   Port             ''
0xe223c6f8   1452   Port             ''
0xe2278280   1452   Token            ''
0xe2287f50   1452   Port             ''
0xe2281418   1452   Token            ''
0x82477dc0   1452   Mutant           ''
0xe2239de8   1452   Key              USER\S-1-5-20_CLASSES
0xe222c2f0   1452   Key              USER\S-1-5-20_CLASSES
0x82035570   1452   Event            ''
0x82385008   1452   Thread           TID 1940 PID 1452
0x82106850   1452   Event            ''
0x824f5bf8   1452   Thread           TID 2040 PID 1452
0x82106820   1452   Event            ''
0x820da298   1452   Event            ''
0x824c4510   1452   Thread           TID 1568 PID 1452
0x8248a238   1452   Event            ''
0x824f5bf8   1452   Thread           TID 2040 PID 1452
0x820a9a88   1452   Event            ''
0xe227e280   1452   Key              USER\S-1-5-20_CLASSES
0x820a9b48   1452   Event            ''
0xe2236708   1452   Key              USER\S-1-5-20_CLASSES
0x824f74c8   1452   Event            ''
0x824f7598   1452   Event            ''
0x81f364a0   1452   Mutant           ''
0x824cb6f0   1452   Event            ''
0x81f36460   1452   Mutant           ''
0x824cb6c0   1452   Event            ''
0x823a1b08   1452   Mutant           ''
0x824cb690   1452   Event            ''
0x820e4200   1452   Event            ''
0x820e41d0   1452   Event            ''
0x81f22328   1452   Event            ''
0x81f222f8   1452   Event            ''
0x824f5378   1452   Event            ''
0x824af390   1452   Event            ''
0xe2262520   1452   Key              USER\S-1-5-20_CLASSES
0x824f53d8   1452   Event            ''
0x824f5448   1452   Event            ''
0x820e1358   1452   Thread           TID 1996 PID 1452
0x81f324b0   1452   Event            ''
0x824c5ac0   1452   Event            ''
0x824af2a0   1452   Event            ''
0x824af360   1452   Event            ''
0x820e12f8   1452   Event            ''
0x8237a328   1452   Event            ''
0x820e1358   1452   Thread           TID 1996 PID 1452
0x8237a2f8   1452   Event            ''
0x81f25328   1452   Event            ''
0x81f252f8   1452   Event            ''
0x81f36608   1452   Thread           TID 204 PID 1452
0x81f36510   1452   Event            ''
0x81f36608   1452   Thread           TID 204 PID 1452
0x8210d268   1452   Event            ''
0xe230c418   1452   Port             ''
0x8210d238   1452   Event            ''
0x820d2388   1452   Thread           TID 1852 PID 1452
0x820d2388   1452   Thread           TID 1852 PID 1452
0x82471cd0   1452   Event            ''
0x824769e0   1452   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0xe2264790   1452   Key              USER\S-1-5-20_CLASSES
0x8206d550   1452   Event            ''
0x820e22d0   1452   Event            ''
0xe2264528   1452   Key              MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_PROTOCOL_LOCKDOWN
0x8205ee18   1452   Event            ''
0x820f18d8   1452   File             
0x820f18a0   1452   Event            ''
0x81f19560   1452   WmiGuid          ''
0xe227e4a0   1452   Port             ''
0xe2269978   1452   Key              USER\S-1-5-20_CLASSES
0x82363f78   1452   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x82064978   1452   File             
0x824f5110   1452   Event            ''
0x82065bf8   1452   Process          wmiprvse.exe(1452)
0x8239daa8   1452   Event            ''
0x824f50e0   1452   Event            ''
0x82101d48   1452   Event            ''
0x821333e8   1452   WmiGuid          ''
0xe225c9a8   1452   Key              USER\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
0x82405468   1452   Event            'crypt32LogoffEvent'
0x823fd658   1452   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x8205edb8   1452   Event            ''
0xe21964c0   1452   Section          'AtlDebugAllocator_FileMappingNameStatic3_5ac'
0x82101bf0   1452   WmiGuid          ''
0xe21964c0   1452   Section          'AtlDebugAllocator_FileMappingNameStatic3_5ac'
0x8205f008   1452   WmiGuid          ''
0x82064aa0   1452   File             
0x81f530a8   1452   File             
0x82478618   1452   File             
0x82478580   1452   File             
0x824f8308   1452   File             
0x824cb788   1452   Semaphore        ''
0x824d3ef8   1452   Semaphore        ''
0xe212d928   1452   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE
0xe22528b0   1452   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS
0xe226de20   1452   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES
0xe228a7e0   1452   Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS
0x81f51188   1452   Event            ''
0x824c8598   1452   File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x824f5bf8   1452   Thread           TID 2040 PID 1452
0xe2277418   1452   Port             ''
0xe2222130   1452   Key              USER\S-1-5-20_CLASSES
0x82102470   1452   Thread           TID 372 PID 1452
0xe1f55128   1452   Key              USER\S-1-5-20_CLASSES
0x824c9378   1452   Event            ''
0x824c9348   1452   Event            ''
0x820ca730   1452   Event            ''
0x820283b8   1452   Event            ''
0x82102470   1452   Thread           TID 372 PID 1452
0x8202eb70   1452   Event            ''
0x820633b8   1452   Thread           TID 1308 PID 1452
0x81f21328   1452   Event            ''
0x8203c638   1452   Event            ''
0x824c4510   1452   Thread           TID 1568 PID 1452
0x82063378   1452   Mutant           ''
0x820ca6c0   1452   Event            ''
0x824fa1e0   1452   Event            ''
0xe1d2a0c8   1452   Key              USER\S-1-5-20_CLASSES
0xe2095790   1452   Port             ''
0xe1c4be80   1452   Key              USER\S-1-5-20_CLASSES
0xe2363550   1452   Token            ''
0x82366420   1452   Event            ''
0x820d2388   1452   Thread           TID 1852 PID 1452
0xe170edf0   1452   Key              USER\S-1-5-20_CLASSES
0xe2259500   1452   Key              USER\S-1-5-20_CLASSES
0x824d81c8   1452   Event            ''
0xe23273b0   1452   Port             ''
0xe227a828   1452   Key              USER\S-1-5-20_CLASSES
0xe1009698   420    KeyedEvent       'CritSecOutOfMemoryEvent'
0xe18fe1a0   420    Directory        'KnownDlls'
0x8239dc50   420    File             '\\WINDOWS\\system32'
0x820e9aa0   420    WindowStation    'Service-0x0-3e5$'
0xe1900510   420    Directory        'Windows'
0xe2147158   420    Port             ''
0x81f53408   420    Event            ''
0xe1658150   420    Directory        'BaseNamedObjects'
0x8209f1f0   420    Mutant           'SHIMLIB_LOG_MUTEX'
0x824b1590   420    Desktop          'Default'
0x820e9aa0   420    WindowStation    'Service-0x0-3e5$'
0x820d2310   420    Semaphore        ''
0x820c95c0   420    Semaphore        ''
0xe2266418   420    Key              MACHINE
0x8239dbb8   420    File             
0x824c88a8   420    Event            ''
0x821135f0   420    Semaphore        ''
0x82074da8   420    Semaphore        ''
0xe210f0f0   420    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f53338   420    Event            ''
0x81f53368   420    Event            ''
0xe2239400   420    Key              MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32
0x81f8f060   420    Semaphore        'shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}'
0x82029358   420    File             '\\net\\NtControlPipe13'
0x824c5b28   420    File             '\\WINDOWS\\WinSxS\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202'
0x8202e678   420    Event            ''
0x8202e648   420    Event            ''
0x81f66d38   420    Event            ''
0x81f66d08   420    Event            ''
0x81f60540   420    Thread           TID 440 PID 420
0x8203ba40   420    Event            ''
0xe225cc80   420    Port             ''
0xe22852b8   420    Key              USER\S-1-5-19_CLASSES
0xe227adb0   420    Key              MACHINE\SOFTWARE\CLASSES
0x8203b9b0   420    Event            ''
0xe21f6200   420    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x8203b980   420    Event            ''
0xe1cc80d0   420    Key              USER
0x8203b950   420    Event            ''
0xe2182208   420    Key              MACHINE\SOFTWARE\CLASSES
0x8206df40   420    Event            ''
0xe22705c8   420    Key              USER
0x8206ded8   420    Event            ''
0xe2254e60   420    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x8206de70   420    Event            ''
0xe230e400   420    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x8206de40   420    Event            ''
0xe230e368   420    Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x820c9988   420    Event            ''
0xe230c5c8   420    Key              MACHINE\SOFTWARE\CLASSES
0x820c9920   420    Event            ''
0xe230c530   420    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x8202ecf8   420    Event            ''
0xe2277b10   420    Key              USER
0x8202ec90   420    Event            ''
0xe2277a78   420    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f37f48   420    Event            ''
0xe2276720   420    Key              MACHINE\SOFTWARE\MICROSOFT\COM3
0x81f37ee0   420    Event            ''
0xe22766b8   420    Key              MACHINE\SOFTWARE\CLASSES\CLSID
0x81f37e78   420    Event            ''
0x81f37e48   420    Event            ''
0xe2283758   420    Key              USER\S-1-5-19_CLASSES
0x8202ea48   420    Event            ''
0x81f1b5c8   420    Thread           TID 460 PID 420
0xe22836a0   420    Port             ''
0x8202ea18   420    Event            ''
0xe213b018   420    Port             'OLE948011BF91E4418ABF858447AFDE'
0xe2192ba8   420    Key              USER\S-1-5-19_CLASSES
0x824f7870   420    IoCompletion     '\xe2\x92\x98'
0x8203c280   420    IoCompletion     ''
0x824f7870   420    IoCompletion     '\xe2\x92\x98'
0x824c3d88   420    Thread           TID 448 PID 420
0x824ca920   420    Event            ''
0x824ca950   420    Event            ''
0x824b0570   420    Event            ''
0xe2239468   420    Key              MACHINE\SOFTWARE\MICROSOFT\ALG\ISV
0x824fd3f0   420    Event            ''
0x8237d970   420    Event            ''
0x824f7748   420    Event            ''
0x82044b08   420    Thread           TID 504 PID 420
0xe2279b48   420    Port             ''
0xe228a968   420    Port             ''
0xe1f53228   420    Key              USER\S-1-5-19_CLASSES
0xe226e9c0   420    Token            ''
0x8239fd80   420    Timer            ''
0x81f31d50   420    Event            ''
0x820d6d88   420    Thread           TID 472 PID 420
0x81f57d28   420    Event            ''
0x81f57cc0   420    Event            ''
0x82044b08   420    Thread           TID 504 PID 420
0x81f31ca8   420    Event            ''
0xe226f3b0   420    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9
0x820d6d58   420    Event            ''
0xe2281280   420    Key              MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5
0x823a3330   420    Event            ''
0x8203bbf0   420    File             '\\Endpoint'
0x820cfbd0   420    IoCompletion     ''
0x81f27078   420    File             
0x8246d730   420    File             '\\Endpoint'
0x81f57c90   420    Event            ''
0x820e2848   420    File             '\\lsarpc'
0xe2147400   420    Port             ''
0x824c3d88   420    Thread           TID 448 PID 420
0x820d7c18   420    Event            ''
0x820fa4e8   420    Thread           TID 816 PID 420
0xe1f3c5d8   420    Port             ''
0xe21a68c0   420    Port             ''
0x820d7ec0   420    Event            ''
0xe223f550   420    Token            ''
0x81f1f6c8   420    Event            ''