Netdom
Netdom
Netdom
Type of function
netdom
netdom /?
netdom ADD
netdom QUERY
netdom QUERY /Domain
netdom QUERY DC
netdom QUERY OU
netdom TRUST
netdom REMOVE
netdom VERIFY
netdom JOIN
netdom RENAME
netdom TIME
netdom MOVE
netdom RESET
netdom RESETPWD
Notes
link
link
Time of Day
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
Process Name
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
PID
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
Operation
Load Image
CreateFile
RegOpenKey
Load Image
RegOpenKey
RegQueryValue
RegCloseKey
Load Image
Load Image
Load Image
Load Image
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
RegOpenKey
RegOpenKey
RegQueryValue
RegCloseKey
RegOpenKey
CloseFile
Load Image
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
Load Image
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
Load Image
QueryOpen
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
Load Image
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegQueryValue
RegCloseKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegQueryValue
RegCloseKey
RegOpenKey
RegQueryValue
RegCloseKey
RegOpenKey
RegQueryValue
RegCloseKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegQueryValue
RegCloseKey
RegOpenKey
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
RegOpenKey
RegOpenKey
RegCreateKey
RegOpenKey
RegOpenKey
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.3
57:21.4
57:21.4
57:21.4
57:21.4
57:21.4
57:21.4
57:21.4
57:21.4
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
2712
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegOpenKey
RegQueryValue
RegCloseKey
RegCloseKey
RegCloseKey
RegOpenKey
RegQueryValue
RegQueryValue
RegQueryValue
RegCloseKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegQueryValue
RegQueryValue
RegOpenKey
RegQueryValue
RegCloseKey
Path
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\Prefetch\NETDOM.EXE-1A8D18D0.pf
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netdom.exe
C:\WINDOWS\system32\kernel32.dll
HKLM\System\CurrentControlSet\Control\Terminal Server
HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat
HKLM\System\CurrentControlSet\Control\Terminal Server
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
HKLM\System\CurrentControlSet\Control\SafeBoot\Option
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSVCRT.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.dll
HKLM\System\CurrentControlSet\Control\Error Message Instrument
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\netdom
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32
HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility\netdom
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETAPI32.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAMLIB.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLDAP32.dll
HKLM\System\CurrentControlSet\Services\LDAP
HKLM\System\CurrentControlSet\Services\ldap\LdapClientIntegrity
HKLM\System\CurrentControlSet\Services\ldap
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ServerPriorityTimeLimit
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCachedSockets
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastListenLevel
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastSendLevel
HKLM\System\Setup
HKLM\SYSTEM\Setup\SystemSetupInProgress
HKLM\SYSTEM\Setup
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQueryTimeouts
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsMulticastQueryTimeouts
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NTDSAPI.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cryptdll.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll
HKLM\System\CurrentControlSet\Control\Nls\Locale
HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKLM\System\CurrentControlSet\Control\Nls\Language Groups
HKLM\System\CurrentControlSet\Control\Nls\Locale\00000409
HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1
HKLM\System\CurrentControlSet\Control\Session Manager
HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode
HKLM\System\CurrentControlSet\Control\Session Manager
SUMMARY
Result
SUCCESS
NAME NOT
NAME NOT
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NAME NOT
SUCCESS
SUCCESS
SUCCESS
NAME NOT
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
FOUND
FOUND
FOUND
FOUND
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NAME NOT
NAME NOT
NAME NOT
SUCCESS
NAME NOT
SUCCESS
SUCCESS
NAME NOT
NAME NOT
NAME NOT
NAME NOT
SUCCESS
NAME NOT
SUCCESS
SUCCESS
NAME NOT
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NAME NOT
NAME NOT
NAME NOT
NAME NOT
SUCCESS
SUCCESS
SUCCESS
NAME NOT
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
NAME NOT
NAME NOT
SUCCESS
SUCCESS
NAME NOT
NAME NOT
NAME NOT
NAME NOT
SUCCESS
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
NAME NOT
NAME NOT
NAME NOT
NAME NOT
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NAME NOT
NAME NOT
NAME NOT
SUCCESS
NAME NOT
NAME NOT
NAME NOT
NAME NOT
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NAME NOT
SUCCESS
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
Detail
Image Base: 0x7c900000, Image Size: 0xb0000
Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, S
Desired Access: Read
Image Base: 0x7c800000, Image Size: 0xf4000
Desired Access: Read
Type: REG_DWORD, Length: 4, Data: 0
Maximum Allowed
Read
Read
Read
Read
Read
Length: 144
Length: 144
Length: 144
Length: 144
Desired Access: Query Value
Type: REG_DWORD, Length: 4, Data: 0
Time of Day
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
Process Name
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
PID
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
Operation
Load Image
CreateFile
QueryStandardInformationFile
ReadFile
CloseFile
CreateFile
QueryDirectory
QueryDirectory
CloseFile
CreateFile
QueryDirectory
QueryDirectory
CloseFile
CreateFile
QueryDirectory
QueryDirectory
QueryDirectory
QueryDirectory
QueryDirectory
QueryDirectory
CloseFile
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CreateFile
CreateFileMapping
QueryStandardInformationFile
CreateFileMapping
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
CloseFile
RegOpenKey
Load Image
RegOpenKey
RegQueryValue
RegCloseKey
Load Image
Load Image
Load Image
Load Image
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
RegOpenKey
RegOpenKey
RegQueryValue
RegCloseKey
RegOpenKey
CloseFile
Load Image
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
Load Image
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
CloseFile
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
Load Image
QueryOpen
CreateFile
CreateFileMapping
CreateFileMapping
CloseFile
Load Image
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegQueryValue
RegCloseKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegQueryValue
RegCloseKey
RegOpenKey
RegQueryValue
RegCloseKey
RegOpenKey
RegQueryValue
RegCloseKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
RegQueryValue
RegCloseKey
RegOpenKey
RegOpenKey
RegOpenKey
RegCreateKey
RegOpenKey
RegOpenKey
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
57:45.3
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
netdom.exe
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
4088
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegQueryValue
RegOpenKey
RegQueryValue
RegCloseKey
RegCloseKey
RegCloseKey
RegOpenKey
RegQueryValue
RegQueryValue
RegQueryValue
RegCloseKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegOpenKey
RegQueryValue
RegQueryValue
RegOpenKey
RegQueryValue
RegCloseKey
Path
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\Prefetch\NETDOM.EXE-1A8D18D0.pf
C:\WINDOWS\Prefetch\NETDOM.EXE-1A8D18D0.pf
C:\WINDOWS\Prefetch\NETDOM.EXE-1A8D18D0.pf
C:\WINDOWS\Prefetch\NETDOM.EXE-1A8D18D0.pf
C:\
C:\
C:\
C:\
C:\WINDOWS
C:\WINDOWS
C:\WINDOWS
C:\WINDOWS
C:\WINDOWS\system32
C:\WINDOWS\system32
C:\WINDOWS\system32
C:\WINDOWS\system32
C:\WINDOWS\system32
C:\WINDOWS\system32
C:\WINDOWS\system32
C:\WINDOWS\system32
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\unicode.nls
C:\WINDOWS\system32\unicode.nls
C:\WINDOWS\system32\unicode.nls
C:\WINDOWS\system32\unicode.nls
C:\WINDOWS\system32\locale.nls
C:\WINDOWS\system32\locale.nls
C:\WINDOWS\system32\locale.nls
C:\WINDOWS\system32\locale.nls
C:\WINDOWS\system32\sorttbls.nls
C:\WINDOWS\system32\sorttbls.nls
C:\WINDOWS\system32\sorttbls.nls
C:\WINDOWS\system32\sorttbls.nls
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\ctype.nls
C:\WINDOWS\system32\ctype.nls
C:\WINDOWS\system32\ctype.nls
C:\WINDOWS\system32\ctype.nls
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\unicode.nls
C:\WINDOWS\system32\locale.nls
C:\WINDOWS\system32\sorttbls.nls
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\ctype.nls
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\cryptdll.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netdom.exe
C:\WINDOWS\system32\kernel32.dll
HKLM\System\CurrentControlSet\Control\Terminal Server
HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat
HKLM\System\CurrentControlSet\Control\Terminal Server
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\rpcrt4.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
HKLM\System\CurrentControlSet\Control\SafeBoot\Option
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\samlib.dll
C:\WINDOWS\system32\wldap32.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\ntdsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\dnsapi.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\cryptdll.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSVCRT.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.dll
HKLM\System\CurrentControlSet\Control\Error Message Instrument
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\netdom
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32
HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility\netdom
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETAPI32.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAMLIB.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLDAP32.dll
HKLM\System\CurrentControlSet\Services\LDAP
HKLM\System\CurrentControlSet\Services\ldap\LdapClientIntegrity
HKLM\System\CurrentControlSet\Services\ldap
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DNSAPI.dll
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
HKLM\System\CurrentControlSet\Services\DnsCache\Parameters
HKLM\Software\Policies\Microsoft\Windows NT\DnsClient
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryAdapterName
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableAdapterDomainName
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseDomainNameDevolution
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\PrioritizeRecordData
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PrioritizeRecordData
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AllowUnqualifiedQuery
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\AllowUnqualifiedQuery
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AppendToMultiLabelName
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenBadTlds
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenUnreachableServers
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\FilterClusterIp
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\WaitForNameErrorOnAll
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseEdns
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryIpMatching
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseHostsFile
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationEnabled
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterPrimaryName
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterAdapterName
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterReverseLookup
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterWanAdapters
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableWanDynamicUpdate
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationTtl
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationTTL
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationRefreshInterval
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationMaxAddressCount
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateSecurityLevel
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\UpdateSecurityLevel
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateZoneExcludeFile
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsTest
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheSize
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheTtl
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxNegativeCacheTtl
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AdapterTimeoutLimit
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ServerPriorityTimeLimit
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCachedSockets
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastListenLevel
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastSendLevel
HKLM\System\Setup
HKLM\SYSTEM\Setup\SystemSetupInProgress
HKLM\SYSTEM\Setup
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQueryTimeouts
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsMulticastQueryTimeouts
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NTDSAPI.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cryptdll.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll
HKLM\System\CurrentControlSet\Control\Nls\Locale
HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKLM\System\CurrentControlSet\Control\Nls\Language Groups
HKLM\System\CurrentControlSet\Control\Nls\Locale\00000409
HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1
HKLM\System\CurrentControlSet\Control\Session Manager
HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode
HKLM\System\CurrentControlSet\Control\Session Manager
SUMMARY
Result
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NO MORE FILES
SUCCESS
SUCCESS
SUCCESS
NO MORE FILES
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NO MORE FILES
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NAME NOT FOUND
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NAME NOT FOUND
SUCCESS
SUCCESS
SUCCESS
NAME NOT FOUND
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NAME NOT
NAME NOT
NAME NOT
SUCCESS
NAME NOT
SUCCESS
SUCCESS
NAME NOT
NAME NOT
NAME NOT
NAME NOT
SUCCESS
NAME NOT
SUCCESS
SUCCESS
NAME NOT
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NAME NOT
NAME NOT
NAME NOT
NAME NOT
SUCCESS
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
SUCCESS
SUCCESS
NAME NOT
NAME NOT
NAME NOT
SUCCESS
SUCCESS
NAME NOT
NAME NOT
NAME NOT
NAME NOT
SUCCESS
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
NAME NOT
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NAME NOT
NAME NOT
NAME NOT
SUCCESS
NAME NOT
NAME NOT
NAME NOT
NAME NOT
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
SUCCESS
NAME NOT
SUCCESS
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
FOUND
Detail
Image Base: 0x7c900000, Image Size: 0xb0000
Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, S
AllocationSize: 8,192, EndOfFile: 6,614, NumberOfLinks: 1, DeletePending: False, Directory: False
Offset: 0, Length: 6,614
Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchro
0: AUTOEXEC.BAT, 1: boot.ini, 2: Config.Msi, 3: CONFIG.SYS, 4: dell, 5: Documents and Settings, 6: IO.
Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchro
0: ., 1: .., 2: $MSI31Uninstall_KB893803v2$, 3: $NtUninstallKB835221WXP$, 4: 0.log, 5: addins, 6: App
Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchro
0: ., 1: .., 2: $winnt$.inf, 3: 1025, 4: 1028, 5: 1031, 6: 1033, 7: 1037, 8: 1041, 9: 1042, 10: 1054, 11: 1
0: exe2bin.exe, 1: expand.exe, 2: export, 3: expsrv.dll, 4: extmgr.dll, 5: extrac32.exe, 6: exts.dll, 7: fas
0: msadp32.acm, 1: msafd.dll, 2: msapsspc.dll, 3: msasn1.dll, 4: msaud32.acm, 5: msaudite.dll, 6: ms
0: qappsrv.exe, 1: qasf.dll, 2: qcap.dll, 3: qdv.dll, 4: qdvd.dll, 5: qedit.dll, 6: qedwipes.dll, 7: qmgr.dll, 8
0: webcheck.dll, 1: webclnt.dll, 2: webfldrs.msi, 3: webhits.dll, 4: webvw.dll, 5: wextract.exe, 6: wfwne
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 708,608, EndOfFile: 708,096, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 987,136, EndOfFile: 983,552, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 90,112, EndOfFile: 89,588, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 249,856, EndOfFile: 249,270, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 24,576, EndOfFile: 22,040, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 344,064, EndOfFile: 343,040, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 618,496, EndOfFile: 616,960, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 581,632, EndOfFile: 581,120, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 577,536, EndOfFile: 577,024, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 278,528, EndOfFile: 278,016, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 57,344, EndOfFile: 55,808, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 335,872, EndOfFile: 332,288, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 65,536, EndOfFile: 64,000, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 172,032, EndOfFile: 172,032, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 69,632, EndOfFile: 67,072, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 151,552, EndOfFile: 148,480, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 86,016, EndOfFile: 82,944, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 20,480, EndOfFile: 19,968, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 36,864, EndOfFile: 33,280, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Desired Access: Read Data/List Directory, Read Attributes, Disposition: Open, Options: Non-Directory F
SyncType: SyncTypeCreateSection, PageProtection: PAGE_READWRITE
AllocationSize: 12,288, EndOfFile: 8,386, NumberOfLinks: 1, DeletePending: False, Directory: False
SyncType: SyncTypeOther
Maximum Allowed
Read
Read
Read
Read
Read
Access:
Access:
Access:
Access:
Access:
Read
Read
Read
Read
Read
Length: 144
Length: 144
Length: 144
Length: 144
Length: 144
Length: 144
Length: 144
Desired Access: Query Value
Type: REG_DWORD, Length: 4, Data: 0
ownloaded Program Files, 20: DPINST.LOG, 21: Driver Cache, 22: DtcInstall.log, 23: ehome, 24: explorer.exe, 25:
5: activeds.tlb, 26: actmovie.exe, 27: actxprxy.dll, 28: admparse.dll, 29: adptif.dll, 30: adsldp.dll, 31: adsldpc.dll,
22: FM20.DLL, 23: FM20ENU.DLL, 24: fmifs.dll, 25: FNTCACHE.DAT, 26: fontext.dll, 27: fontsub.dll, 28: fontview.e
art.dll, 19: msdatsrc.tlb, 20: msdmo.dll, 21: MsDtc, 22: msdtc.exe, 23: msdtclog.dll, 24: msdtcprf.h, 25: msdtcprf
m.h, 22: rasctrs.dll, 23: rasctrs.ini, 24: rasdial.exe, 25: rasdlg.dll, 26: rasman.dll, 27: rasmans.dll, 28: rasmontr.d
: win87em.dll, 21: winbrand.dll, 22: winchat.exe, 23: WindowsLogon.manifest, 24: winfax.dll, 25: winhelp.hlp, 26
: ehome, 24: explorer.exe, 25: explorer.scf, 26: FaxSetup.log, 27: FeatherTexture.bmp, 28: Fonts, 29: Gone Fishin
30: adsldp.dll, 31: adsldpc.dll, 32: adsmsext.dll, 33: adsnds.dll, 34: adsnt.dll, 35: adsnw.dll, 36: advapi32.dll, 37
, 27: fontsub.dll, 28: fontview.exe, 29: forcedos.exe, 30: format.com, 31: framebuf.dll, 32: freecell.exe, 33: fsmg
l, 24: msdtcprf.h, 25: msdtcprf.ini, 26: msdtcprx.dll, 27: msdtctm.dll, 28: msdtcuiu.dll, 29: msdxm.ocx, 30: msdx
27: rasmans.dll, 28: rasmontr.dll, 29: rasmxs.dll, 30: rasphone.exe, 31: rasppp.dll, 32: rasrad.dll, 33: rassapi.dll,
: winfax.dll, 25: winhelp.hlp, 26: winhlp32.exe, 27: winhttp.dll, 28: wininet.dll, 29: winipsec.dll, 30: winlogon.exe
bmp, 28: Fonts, 29: Gone Fishing.bmp, 30: Greenstone.bmp, 31: Help, 32: hh.exe, 33: iis6.log, 34: ime, 35: imsin
adsnw.dll, 36: advapi32.dll, 37: advpack.dll, 38: ahui.exe, 39: alg.exe, 40: alrsvc.dll, 41: amcompat.tlb, 42: ams
f.dll, 32: freecell.exe, 33: fsmgmt.msc, 34: fsquirt.exe, 35: fsusd.dll, 36: fsutil.exe, 37: ftp.exe, 38: ftsrch.dll, 39:
u.dll, 29: msdxm.ocx, 30: msdxmlc.dll, 31: msencode.dll, 32: msexch40.dll, 33: msexcl40.dll, 34: msftedit.dll, 35
, 32: rasrad.dll, 33: rassapi.dll, 34: rasser.dll, 35: rastapi.dll, 36: rastls.dll, 37: rcbdyctl.dll, 38: RcdScan.dll, 39: rc
winipsec.dll, 30: winlogon.exe, 31: winmine.exe, 32: winmm.dll, 33: winmsd.exe, 34: winnls.dll, 35: winntbbu.d
33: iis6.log, 34: ime, 35: imsins.BAK, 36: imsins.log, 37: inf, 38: Installer, 39: java, 40: KB835221.log, 41: KB893
dll, 41: amcompat.tlb, 42: amstream.dll, 43: ansi.sys, 44: apcups.dll, 45: append.exe, 46: apphelp.dll, 47: appm
, 37: ftp.exe, 38: ftsrch.dll, 39: fwcfg.dll, 40: g711codc.ax, 41: gb2312.uce, 42: gcdef.dll, 43: gdi.exe, 44: gdi32.d
sexcl40.dll, 34: msftedit.dll, 35: msg.exe, 36: msg711.acm, 37: msg723.acm, 38: msgina.dll, 39: msgsm32.acm
dyctl.dll, 38: RcdScan.dll, 39: rcimlby.exe, 40: rcp.exe, 41: rdchost.dll, 42: rdpcfgex.dll, 43: rdpclip.exe, 44: rdpdd
34: winnls.dll, 35: winntbbu.dll, 36: winoldap.mod, 37: winrnr.dll, 38: wins, 39: winscard.dll, 40: winshfhc.dll, 41
a, 40: KB835221.log, 41: KB893803v2.log, 42: MedCtrOC.log, 43: Media, 44: msagent, 45: msapps, 46: msdfmap
exe, 46: apphelp.dll, 47: appmgmts.dll, 48: appmgr.dll, 49: appwiz.cpl, 50: arp.exe, 51: asctrls.ocx, 52: asferror.d
def.dll, 43: gdi.exe, 44: gdi32.dll, 45: geo.nls, 46: getmac.exe, 47: getuname.dll, 48: glmf32.dll, 49: glu32.dll, 50
msgina.dll, 39: msgsm32.acm, 40: msgsvc.dll, 41: msh261.drv, 42: msh263.drv, 43: mshearts.exe, 44: mshta.e
x.dll, 43: rdpclip.exe, 44: rdpdd.dll, 45: rdpsnd.dll, 46: rdpwsx.dll, 47: rdsaddin.exe, 48: rdshost.exe, 49: recover.
nscard.dll, 40: winshfhc.dll, 41: winsock.dll, 42: winspool.drv, 43: winspool.exe, 44: winsrv.dll, 45: winsta.dll, 46
gent, 45: msapps, 46: msdfmap.ini, 47: msgsocm.log, 48: msmqinst.log, 49: mui, 50: netfxocm.log, 51: NOTEPAD
e, 51: asctrls.ocx, 52: asferror.dll, 53: asr_fmt.exe, 54: asr_ldm.exe, 55: asr_pfu.exe, 56: asycfilt.dll, 57: at.exe, 5
48: glmf32.dll, 49: glu32.dll, 50: gpedit.dll, 51: gpedit.msc, 52: gpkcsp.dll, 53: gpkrsrc.dll, 54: gpresult.exe, 55: g
43: mshearts.exe, 44: mshta.exe, 45: mshtml.dll, 46: mshtml.tlb, 47: mshtmled.dll, 48: mshtmler.dll, 49: msi.dl
e, 48: rdshost.exe, 49: recover.exe, 50: redir.exe, 51: reg.exe, 52: regapi.dll, 53: regedt32.exe, 54: regini.exe, 55
4: winsrv.dll, 45: winsta.dll, 46: winstrm.dll, 47: wintrust.dll, 48: winver.exe, 49: WISPTIS.EXE, 50: wkssvc.dll, 51
50: netfxocm.log, 51: NOTEPAD.EXE, 52: ntdtcsetup.log, 53: nview, 54: ocgen.log, 55: ocmsn.log, 56: ODBCINST
xe, 56: asycfilt.dll, 57: at.exe, 58: atkctrs.dll, 59: atl.dll, 60: atmadm.exe, 61: atmfd.dll, 62: atmlib.dll, 63: atmpv
krsrc.dll, 54: gpresult.exe, 55: gptext.dll, 56: gpupdate.exe, 57: graftabl.com, 58: graphics.com, 59: graphics.pro
dll, 48: mshtmler.dll, 49: msi.dll, 50: msident.dll, 51: msidle.dll, 52: msidntld.dll, 53: msieftp.dll, 54: msiexec.exe
egedt32.exe, 54: regini.exe, 55: regsvc.dll, 56: regsvr32.exe, 57: regwiz.exe, 58: regwizc.dll, 59: ReinstallBackup
WISPTIS.EXE, 50: wkssvc.dll, 51: wldap32.dll, 52: wlnotify.dll, 53: wmadmod.dll, 54: wmadmoe.dll, 55: wmasf.dll,
, 55: ocmsn.log, 56: ODBCINST.INI, 57: OEWABLog.txt, 58: Offline Web Pages, 59: oobeact.log, 60: pchealth, 61:
d.dll, 62: atmlib.dll, 63: atmpvcno.dll, 64: atrace.dll, 65: attrib.exe, 66: audiosrv.dll, 67: auditusr.exe, 68: authz.d
graphics.com, 59: graphics.pro, 60: grpconv.exe, 61: h323.tsp, 62: h323log.txt, 63: h323msp.dll, 64: hal.dll, 65:
3: msieftp.dll, 54: msiexec.exe, 55: msihnd.dll, 56: msimg32.dll, 57: msimsg.dll, 58: MSIMTF.dll, 59: msisip.dll, 6
egwizc.dll, 59: ReinstallBackups, 60: relog.exe, 61: remotepg.dll, 62: remotesp.tsp, 63: rend.dll, 64: replace.exe
: wmadmoe.dll, 55: wmasf.dll, 56: wmdmlog.dll, 57: wmdmps.dll, 58: wmerrenu.dll, 59: wmerror.dll, 60: wmi.dll,
oobeact.log, 60: pchealth, 61: PeerNet, 62: Prairie Wind.bmp, 63: Prefetch, 64: Provisioning, 65: pss, 66: regedi
ll, 67: auditusr.exe, 68: authz.dll, 69: autochk.exe, 70: autoconv.exe, 71: autodisc.dll, 72: AUTOEXEC.NT, 73: aut
3: h323msp.dll, 64: hal.dll, 65: hccoin.dll, 66: Hdaudprop.dll, 67: Hdaudpropres.dll, 68: Hdaudpropshortcut.exe,
58: MSIMTF.dll, 59: msisip.dll, 60: msjet40.dll, 61: msjetoledb40.dll, 62: msjint40.dll, 63: msjter40.dll, 64: msjtes
p, 63: rend.dll, 64: replace.exe, 65: reset.exe, 66: Restore, 67: results.txt, 68: resutils.dll, 69: rexec.exe, 70: riche
ll, 59: wmerror.dll, 60: wmi.dll, 61: wmidx.dll, 62: wmimgmt.msc, 63: wmiprop.dll, 64: wmiscmgr.dll, 65: wmnet
rovisioning, 65: pss, 66: regedit.exe, 67: Registration, 68: REGLOCS.OLD, 69: regopt.log, 70: repair, 71: Resource
.dll, 72: AUTOEXEC.NT, 73: autofmt.exe, 74: autolfn.exe, 75: avicap.dll, 76: avicap32.dll, 77: avifil32.dll, 78: avifi
l, 68: Hdaudpropshortcut.exe, 69: hdwwiz.cpl, 70: help.exe, 71: hhactivex.dll, 72: hhctrl.ocx, 73: hhsetup.dll, 74
dll, 63: msjter40.dll, 64: msjtes40.dll, 65: mslbui.dll, 66: msls31.dll, 67: msltus40.dll, 68: msnetobj.dll, 69: msnss
utils.dll, 69: rexec.exe, 70: riched20.dll, 71: riched32.dll, 72: RMDevice.dll, 73: rnr20.dll, 74: route.exe, 75: routem
, 64: wmiscmgr.dll, 65: wmnetmgr.dll, 66: wmp.dll, 67: wmp.ocx, 68: wmpasf.dll, 69: wmpcd.dll, 70: wmpcore.dl
pt.log, 70: repair, 71: Resources, 72: Rhododendron.bmp, 73: River Sumida.bmp, 74: Santa Fe Stucco.bmp, 75:
p32.dll, 77: avifil32.dll, 78: avifile.dll, 79: avmeter.dll, 80: avtapi.dll, 81: avwav.dll, 82: basesrv.dll, 83: batmeter.
hhctrl.ocx, 73: hhsetup.dll, 74: hid.dll, 75: hidphone.tsp, 76: himem.sys, 77: hlink.dll, 78: hnetcfg.dll, 79: hnetm
dll, 68: msnetobj.dll, 69: msnsspc.dll, 70: msobjs.dll, 71: msoeacct.dll, 72: msoert2.dll, 73: msonpmon.dll, 74: m
20.dll, 74: route.exe, 75: routemon.exe, 76: routetab.dll, 77: rpcns4.dll, 78: rpcrt4.dll, 79: rpcss.dll, 80: rsaci.rat,
69: wmpcd.dll, 70: wmpcore.dll, 71: wmpdxm.dll, 72: wmploc.dll, 73: wmpshell.dll, 74: wmpui.dll, 75: wmsdmod
74: Santa Fe Stucco.bmp, 75: SchedLgU.Txt, 76: security, 77: sessmgr.setup.log, 78: SET3.tmp, 79: SET4.tmp, 8
, 82: basesrv.dll, 83: batmeter.dll, 84: batt.dll, 85: bidispl.dll, 86: bios1.rom, 87: bios4.rom, 88: bitsprx2.dll, 89: b
k.dll, 78: hnetcfg.dll, 79: hnetmon.dll, 80: hnetwiz.dll, 81: homepage.inf, 82: hostname.exe, 83: hotplug.dll, 84:
2.dll, 73: msonpmon.dll, 74: msorc32r.dll, 75: msorcl32.dll, 76: mspaint.exe, 77: mspatcha.dll, 78: mspbde40.dl
.dll, 79: rpcss.dll, 80: rsaci.rat, 81: rsaenh.dll, 82: rsfsaps.dll, 83: rsh.exe, 84: rshx32.dll, 85: rsm.exe, 86: rsmps
l, 74: wmpui.dll, 75: wmsdmod.dll, 76: wmsdmoe.dll, 77: wmsdmoe2.dll, 78: wmspdmod.dll, 79: wmspdmoe.dll
78: SET3.tmp, 79: SET4.tmp, 80: SET8.tmp, 81: setupact.log, 82: setupapi.log, 83: setuperr.log, 84: setuplog.tx
os4.rom, 88: bitsprx2.dll, 89: bitsprx3.dll, 90: blackbox.dll, 91: blastcln.exe, 92: bootcfg.exe, 93: bootok.exe, 94
name.exe, 83: hotplug.dll, 84: hticons.dll, 85: html.iec, 86: httpapi.dll, 87: htui.dll, 88: hypertrm.dll, 89: iac25_32
mspatcha.dll, 78: mspbde40.dll, 79: mspmsnsv.dll, 80: mspmsp.dll, 81: msports.dll, 82: msprivs.dll, 83: msr2c.dl
x32.dll, 85: rsm.exe, 86: rsmps.dll, 87: rsmsink.exe, 88: rsmui.exe, 89: rsnotify.exe, 90: rsop.msc, 91: rsopprov.e
spdmod.dll, 79: wmspdmoe.dll, 80: wmstream.dll, 81: wmv8ds32.ax, 82: wmvcore.dll, 83: wmvdmod.dll, 84: wm
3: setuperr.log, 84: setuplog.txt, 85: SHELLNEW, 86: Soap Bubbles.bmp, 87: SoftwareDistribution, 88: srchasst, 8
ootcfg.exe, 93: bootok.exe, 94: bootvid.dll, 95: bootvrfy.exe, 96: bopomofo.uce, 97: browselc.dll, 98: browser.dll
88: hypertrm.dll, 89: iac25_32.ax, 90: ias, 91: iasacct.dll, 92: iasads.dll, 93: iashlpr.dll, 94: iasnap.dll, 95: iaspol
ll, 82: msprivs.dll, 83: msr2c.dll, 84: msr2cenu.dll, 85: msratelc.dll, 86: msrating.dll, 87: msrclr40.dll, 88: msrd2x
e, 90: rsop.msc, 91: rsopprov.exe, 92: rsvp.exe, 93: rsvp.ini, 94: rsvpcnts.h, 95: rsvpmsg.dll, 96: rsvpperf.dll, 97:
e.dll, 83: wmvdmod.dll, 84: wmvdmoe2.dll, 85: wmvds32.ax, 86: wow32.dll, 87: wowdeb.exe, 88: wowexec.exe,
wareDistribution, 88: srchasst, 89: Sti_Trace.log, 90: stsystra.exe, 91: system, 92: system.ini, 93: system32, 94: t
7: browselc.dll, 98: browser.dll, 99: browseui.dll, 100: browsewm.dll, 101: bthci.dll, 102: bthprops.cpl, 103: bths
pr.dll, 94: iasnap.dll, 95: iaspolcy.dll, 96: iasrad.dll, 97: iasrecst.dll, 98: iassam.dll, 99: iassdo.dll, 100: iassvcs.dll
dll, 87: msrclr40.dll, 88: msrd2x40.dll, 89: msrd3x40.dll, 90: msrecr40.dll, 91: msrepl40.dll, 92: msrle32.dll, 93: m
vpmsg.dll, 96: rsvpperf.dll, 97: rsvpsp.dll, 98: rtcshare.exe, 99: rtipxmib.dll, 100: rtm.dll, 101: rtutils.dll, 102: run
wowdeb.exe, 88: wowexec.exe, 89: wowfax.dll, 90: wowfaxui.dll, 91: wpa.dbl, 92: wpabaln.exe, 93: wpnpinst.exe
system.ini, 93: system32, 94: tabletoc.log, 95: TASKMAN.EXE, 96: Tasks, 97: Temp, 98: tsoc.log, 99: twain.dll, 10
l, 102: bthprops.cpl, 103: bthserv.dll, 104: btpanui.dll, 105: cabinet.dll, 106: cabview.dll, 107: cacls.exe, 108: ca
99: iassdo.dll, 100: iassvcs.dll, 101: icaapi.dll, 102: iccvid.dll, 103: icfgnt5.dll, 104: icm32.dll, 105: icmp.dll, 106
epl40.dll, 92: msrle32.dll, 93: mssap.dll, 94: msscds32.ax, 95: msscp.dll, 96: msscript.ocx, 97: mssign32.dll, 98
rtm.dll, 101: rtutils.dll, 102: runas.exe, 103: rundll32.exe, 104: runonce.exe, 105: rwinsta.exe, 106: s24NCfg.dll,
wpabaln.exe, 93: wpnpinst.exe, 94: write.exe, 95: ws2help.dll, 96: ws2_32.dll, 97: wscntfy.exe, 98: wscript.exe, 9
p, 98: tsoc.log, 99: twain.dll, 100: twain_32, 101: twain_32.dll, 102: twunk_16.exe, 103: twunk_32.exe, 104: vb.in
iew.dll, 107: cacls.exe, 108: calc.exe, 109: camocx.dll, 110: capesnpn.dll, 111: cards.dll, 112: CatRoot, 113: CatR
4: icm32.dll, 105: icmp.dll, 106: icmui.dll, 107: icsxml, 108: icwdial.dll, 109: icwphbk.dll, 110: ideograf.uce, 111:
cript.ocx, 97: mssign32.dll, 98: mssip32.dll, 99: MSSTDFMT.DLL, 100: msswch.dll, 101: msswchx.exe, 102: msta
rwinsta.exe, 106: s24NCfg.dll, 107: safrcdlg.dll, 108: safrdm.dll, 109: safrslv.dll, 110: samlib.dll, 111: samsrv.dll,
wscntfy.exe, 98: wscript.exe, 99: wscsvc.dll, 100: wscui.cpl, 101: wsecedit.dll, 102: wshatm.dll, 103: wshbth.dll
103: twunk_32.exe, 104: vb.ini, 105: vbaddin.ini, 106: vmmreg32.dll, 107: Web, 108: wiadebug.log, 109: wiase
rds.dll, 112: CatRoot, 113: CatRoot2, 114: catsrv.dll, 115: catsrvps.dll, 116: catsrvut.dll, 117: ccfgnt.dll, 118: cdf
hbk.dll, 110: ideograf.uce, 111: idq.dll, 112: ie4uinit.exe, 113: ieakeng.dll, 114: ieaksie.dll, 115: ieakui.dll, 116: ie
101: msswchx.exe, 102: mstask.dll, 103: mstext40.dll, 104: mstime.dll, 105: mstinit.exe, 106: mstlsapi.dll, 107
10: samlib.dll, 111: samsrv.dll, 112: sapi.cpl.manifest, 113: savedump.exe, 114: sbe.dll, 115: sbeio.dll, 116: sc.e
2: wshatm.dll, 103: wshbth.dll, 104: wshcon.dll, 105: wshext.dll, 106: wship6.dll, 107: wshisn.dll, 108: wshnetbs
108: wiadebug.log, 109: wiaservc.log, 110: win.ini, 111: WindowsShell.Manifest, 112: WindowsUpdate.log, 113:
ut.dll, 117: ccfgnt.dll, 118: cdfview.dll, 119: cdm.dll, 120: cdmodem.dll, 121: cdosys.dll, 122: cdplayer.exe.mani
aksie.dll, 115: ieakui.dll, 116: iedkcs32.dll, 117: ieencode.dll, 118: iepeers.dll, 119: iernonce.dll, 120: iesetup.dll
init.exe, 106: mstlsapi.dll, 107: mstsc.exe, 108: mstscax.dll, 109: msutb.dll, 110: msv1_0.dll, 111: msvbvm50.d
sbe.dll, 115: sbeio.dll, 116: sc.exe, 117: scarddlg.dll, 118: scardssp.dll, 119: scardsvr.exe, 120: sccbase.dll, 121:
107: wshisn.dll, 108: wshnetbs.dll, 109: wshom.ocx, 110: WshRm.dll, 111: wshtcpip.dll, 112: wsnmp32.dll, 113:
112: WindowsUpdate.log, 113: winhelp.exe, 114: winhlp32.exe, 115: winnt.bmp, 116: winnt256.bmp, 117: WinS
sys.dll, 122: cdplayer.exe.manifest, 123: certcli.dll, 124: certmgr.dll, 125: certmgr.msc, 126: cewmdm.dll, 127: c
9: iernonce.dll, 120: iesetup.dll, 121: ieuinit.inf, 122: iexpress.exe, 123: ifmon.dll, 124: ifsutil.dll, 125: igmpagnt.d
msv1_0.dll, 111: msvbvm50.dll, 112: msvbvm60.dll, 113: msvcirt.dll, 114: msvcp50.dll, 115: msvcp60.dll, 116:
svr.exe, 120: sccbase.dll, 121: sccsccp.dll, 122: scecli.dll, 123: scesrv.dll, 124: schannel.dll, 125: schedsvc.dll, 12
pip.dll, 112: wsnmp32.dll, 113: wsock32.dll, 114: wstdecod.dll, 115: wstpager.ax, 116: wstrenderer.ax, 117: wtsa
116: winnt256.bmp, 117: WinSxS, 118: wmsetup.log, 119: WMSysPr9.prx, 120: Zapotec.bmp, 121: _default.pif
msc, 126: cewmdm.dll, 127: cfgbkend.dll, 128: cfgmgr32.dll, 129: charmap.exe, 130: chcp.com, 131: chkdsk.ex
124: ifsutil.dll, 125: igmpagnt.dll, 126: iissuba.dll, 127: ils.dll, 128: imaadp32.acm, 129: imagehlp.dll, 130: imap
p50.dll, 115: msvcp60.dll, 116: msvcrt.dll, 117: msvcrt20.dll, 118: msvcrt40.dll, 119: msvfw32.dll, 120: msvidc3
hannel.dll, 125: schedsvc.dll, 126: schtasks.exe, 127: sclgntfy.dll, 128: SCP32.DLL, 129: scredir.dll, 130: scriptpw
116: wstrenderer.ax, 117: wtsapi32.dll, 118: wuapi.dll, 119: wuauclt.exe, 120: wuauclt1.exe, 121: wuaucpl.cpl, 1
130: chcp.com, 131: chkdsk.exe, 132: chkntfs.exe, 133: ciadmin.dll, 134: ciadv.msc, 135: cic.dll, 136: cidaemon
, 129: imagehlp.dll, 130: imapi.exe, 131: IME, 132: imeshare.dll, 133: imgutil.dll, 134: imm32.dll, 135: inetcfg.d
19: msvfw32.dll, 120: msvidc32.dll, 121: msvidctl.dll, 122: msvideo.dll, 123: msw3prt.dll, 124: mswdat10.dll, 12
129: scredir.dll, 130: scriptpw.dll, 131: scrnsave.scr, 132: scrobj.dll, 133: scrrun.dll, 134: sdbinst.exe, 135: sdhc
auclt1.exe, 121: wuaucpl.cpl, 122: wuaucpl.cpl.manifest, 123: wuaueng.dll, 124: wuaueng1.dll, 125: wuauserv.d
sc, 135: cic.dll, 136: cidaemon.exe, 137: ciodm.dll, 138: cipher.exe, 139: cisvc.exe, 140: ckcnv.exe, 141: clb.dll,
134: imm32.dll, 135: inetcfg.dll, 136: inetcomm.dll, 137: inetcpl.cpl, 138: inetcplc.dll, 139: inetmib1.dll, 140: ine
3prt.dll, 124: mswdat10.dll, 125: mswebdvd.dll, 126: mswmdm.dll, 127: mswsock.dll, 128: mswstr10.dll, 129: m
dll, 134: sdbinst.exe, 135: sdhcinst.dll, 136: sdpblb.dll, 137: secedit.exe, 138: seclogon.dll, 139: secpol.msc, 140
wuaueng1.dll, 125: wuauserv.dll, 126: wucltui.dll, 127: wupdmgr.exe, 128: wups.dll, 129: wuweb.dll, 130: wzcdl
e, 140: ckcnv.exe, 141: clb.dll, 142: clbcatex.dll, 143: clbcatq.dll, 144: cleanmgr.exe, 145: cliconf.chm, 146: clico
c.dll, 139: inetmib1.dll, 140: inetpp.dll, 141: inetppui.dll, 142: inetres.dll, 143: inetsrv, 144: infosoft.dll, 145: initp
.dll, 128: mswstr10.dll, 129: msxbde40.dll, 130: msxml.dll, 131: msxml2.dll, 132: msxml2r.dll, 133: msxml3.dll,
ogon.dll, 139: secpol.msc, 140: secupd.dat, 141: secupd.sig, 142: secur32.dll, 143: security.dll, 144: sendcmsg.
dll, 129: wuweb.dll, 130: wzcdlg.dll, 131: wzcsapi.dll, 132: wzcsvc.dll, 133: xactsrv.dll, 134: xcopy.exe, 135: xenr
xe, 145: cliconf.chm, 146: cliconfg.dll, 147: cliconfg.exe, 148: cliconfg.rll, 149: clipbrd.exe, 150: clipsrv.exe, 151:
tsrv, 144: infosoft.dll, 145: initpki.dll, 146: INKED.DLL, 147: input.dll, 148: inseng.dll, 149: instcat.sql, 150: intl.cp
msxml2r.dll, 133: msxml3.dll, 134: msxml3r.dll, 135: msxml4.dll, 136: msxml4r.dll, 137: msxmlr.dll, 138: msyu
3: security.dll, 144: sendcmsg.dll, 145: sendmail.dll, 146: sens.dll, 147: sensapi.dll, 148: senscfg.dll, 149: serialu
v.dll, 134: xcopy.exe, 135: xenroll.dll, 136: xircom, 137: xmlprov.dll, 138: xmlprovi.dll, 139: xolehlp.dll, 140: xpob
pbrd.exe, 150: clipsrv.exe, 151: clusapi.dll, 152: cmcfg32.dll, 153: cmd.exe, 154: cmdial32.dll, 155: cmdl32.exe,
dll, 149: instcat.sql, 150: intl.cpl, 151: iologmsg.dll, 152: ipconf.tsp, 153: ipconfig.exe, 154: iphlpapi.dll, 155: ipm
dll, 137: msxmlr.dll, 138: msyuv.dll, 139: mtxclu.dll, 140: mtxdm.dll, 141: mtxex.dll, 142: mtxlegih.dll, 143: mtxo
l, 148: senscfg.dll, 149: serialui.dll, 150: servdeps.dll, 151: services.exe, 152: services.msc, 153: serwvdrv.dll, 1
.dll, 139: xolehlp.dll, 140: xpob2res.dll, 141: xpsp1res.dll, 142: xpsp2res.dll, 143: zipfldr.dll
cmdial32.dll, 155: cmdl32.exe, 156: cmdlib.wsc, 157: cmmgr32.hlp, 158: cmmon32.exe, 159: cmos.ram, 160: cm
exe, 154: iphlpapi.dll, 155: ipmontr.dll, 156: ipnathlp.dll, 157: ippromon.dll, 158: iprop.dll, 159: iprtprio.dll, 160:
ll, 142: mtxlegih.dll, 143: mtxoci.dll, 144: mui, 145: mycomput.dll, 146: mydocs.dll, 147: narrator.exe, 148: narr
vices.msc, 153: serwvdrv.dll, 154: sessmgr.exe, 155: sethc.exe, 156: Setup, 157: setup.bmp, 158: setup.exe, 15
zipfldr.dll