| ProcessID | ProcessName | Type | HANDLE |
|---|
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | File | \Device\HarddiskVolume1\Windows |
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | File | \Device\NamedPipe |
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | File | \Device\Mailslot |
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | File | \Device\NamedPipe |
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | File | \Device\Mailslot |
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | File | \Device\NamedPipe |
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | File | \Device\Mailslot |
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | File | \Device\NamedPipe |
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | File | \Device\Mailslot |
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | ALPC Port | \SmApiPort |
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | Directory | \Sessions |
| 248 | \Device\HarddiskVolume1\Windows\System32\smss.exe | Directory | \GLOBAL?? |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \KnownDlls |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \Sessions\BNOLINKS |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | SymbolicLink | \Sessions\BNOLINKS\0 |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \Sessions\0 |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \Sessions\0\DosDevices |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \Windows |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \BaseNamedObjects |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Section | \Windows\SharedSection |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \BaseNamedObjects\Restricted |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | ALPC Port | \Windows\ApiPort |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | ALPC Port | \Windows\SbApiPort |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Event | \BaseNamedObjects\WinSta0_DesktopSwitch |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | WindowStation | \Windows\WindowStations\WinSta0 |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | File | \Device\KsecDD |
| 328 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\PriorityControl |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Directory | \KnownDlls |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\MACHINE |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Directory | \BaseNamedObjects |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Event | \BaseNamedObjects\FirstWinlogonCheck |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | ALPC Port | \RPC Control\WMsgKRpc0A9960 |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | WindowStation | \Windows\WindowStations\WinSta0 |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Desktop | \Winlogon |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | WindowStation | \Windows\WindowStations\WinSta0 |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Desktop | \Disconnect |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Desktop | \Default |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Event | \BaseNamedObjects\UMSServicesStarted |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | File | \Device\NamedPipe\InitShutdown |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | File | \Device\NamedPipe\InitShutdown |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | File | \Device\NamedPipe\InitShutdown |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | ALPC Port | \RPC Control\WindowsShutdown |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | File | \Device\KsecDD |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | File | \Device\Afd |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | File | \Device\Afd |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | File | \Device\NamedPipe\Winsock2\CatalogChangeListener-17c-0 |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | File | \Device\Afd |
| 380 | \Device\HarddiskVolume1\Windows\System32\wininit.exe | File | \Device\Afd |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \KnownDlls |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \Sessions\BNOLINKS |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | SymbolicLink | \Sessions\BNOLINKS\1 |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \Sessions\1 |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \Sessions\1\DosDevices |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \Sessions\1\Windows |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \Sessions\1\BaseNamedObjects |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Section | \Sessions\1\Windows\SharedSection |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | SymbolicLink | \Sessions\1\BaseNamedObjects\Global |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | SymbolicLink | \Sessions\1\BaseNamedObjects\Local |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | SymbolicLink | \Sessions\1\BaseNamedObjects\Session |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Directory | \Sessions\1\BaseNamedObjects\Restricted |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | ALPC Port | \Sessions\1\Windows\ApiPort |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | ALPC Port | \Sessions\1\Windows\SbApiPort |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Event | \Sessions\1\BaseNamedObjects\WinSta0_DesktopSwitch |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | File | \Device\000000a4 |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | File | \Device\00000048 |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | File | \Device\000000a3 |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | File | \Device\00000047 |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | File | \Device\KsecDD |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | File | \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Control Panel\International |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Event | \Sessions\1\BaseNamedObjects\ScNetDrvMsg |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\PriorityControl |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | File | \Device\000000b3 |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | File | \Device\000000b4 |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 392 | \Device\HarddiskVolume1\Windows\System32\csrss.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Directory | \KnownDlls |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Directory | \Sessions\1\BaseNamedObjects |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | ALPC Port | \RPC Control\WMsgKRpc0ACDD1 |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Desktop | \Winlogon |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Desktop | \Disconnect |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Desktop | \Default |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Winlogon\Notifications\Components\GPClient |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Winlogon\Notifications\Components\Profiles |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Winlogon\Notifications\Components\Sens |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Winlogon\Notifications\Components\SessionEnv |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Winlogon\Notifications\Components\TermSrv |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\USER |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | File | \Device\KsecDD |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Event | \Sessions\1\BaseNamedObjects\ThemesStartEvent |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Event | \Sessions\1\BaseNamedObjects\ShellDesktopSwitchEvent |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Event | \BaseNamedObjects\0000000000084ae0_WlballoonKerberosNotificationEventName |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Event | \BaseNamedObjects\0000000000084ab2_WlballoonSmartCardUnlockNotificationEventName |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Event | \BaseNamedObjects\0000000000084ab2_WlballoonKerberosNotificationEventName |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Event | \BaseNamedObjects\0000000000084ae0_WlballoonSmartCardUnlockNotificationEventName |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | File | \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Mutant | \Sessions\1\BaseNamedObjects\HGFSMUTEX |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Section | \Sessions\1\BaseNamedObjects\HGFSMEMORY |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Event | \BaseNamedObjects\0000000000084ab2_WlballoonAlternateCredsNotificationEventName |
| 448 | \Device\HarddiskVolume1\Windows\System32\winlogon.exe | Event | \BaseNamedObjects\0000000000084ae0_WlballoonAlternateCredsNotificationEventName |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Directory | \KnownDlls |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Desktop | \Default |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Directory | \BaseNamedObjects |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Event | \BaseNamedObjects\SC_AutoStartComplete |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\Order |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Event | \BaseNamedObjects\SvcctrlStartEvent_A3752DX |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | ALPC Port | \RPC Control\ntsvcs |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\NamedPipe\ntsvcs |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\NamedPipe\ntsvcs |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\NamedPipe\ntsvcs |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\KsecDD |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | ALPC Port | \RPC Control\LRPC-2e55183b8d6a9b2d4d |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\NamedPipe\scerpc |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\NamedPipe\scerpc |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\NamedPipe\scerpc |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | ALPC Port | \RPC Control\ubpmrpc |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER\S-1-5-20 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER\S-1-5-19 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER\S-1-5-19 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER\S-1-5-20 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER\S-1-5-19 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER\S-1-5-19 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\Afd |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\Afd |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\NamedPipe\Winsock2\CatalogChangeListener-1e4-0 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\Afd |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | File | \Device\Afd |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER\S-1-5-20 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER\S-1-5-19 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Key | \REGISTRY\USER\S-1-5-20 |
| 484 | \Device\HarddiskVolume1\Windows\System32\services.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Directory | \KnownDlls |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | ALPC Port | \SeLsaCommandPort |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | ALPC Port | \RPC Control\lsapolicylookup |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Desktop | \Default |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Directory | \BaseNamedObjects |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Section | \BaseNamedObjects\Debug.Memory.v2.1ec |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Section | \LsaPerformance |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\KsecDD |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SECURITY |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SECURITY\RXACT |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SECURITY\Policy |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Audit |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\KsecDD |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Parameters |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Event | \DSYSDBG.Debug.Trace.Memory.1ec |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Section | \BaseNamedObjects\Debug.Trace.Memory.1ec |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Parameters |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\HostToRealm |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Domains |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\MSV1_0 |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\MSV1_0 |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\HarddiskVolume1\Windows\debug\PASSWD.LOG |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\WDigest |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\WDigest |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Credssp |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Credssp |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\KsecDD |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\NamedPipe\lsass |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | ALPC Port | \RPC Control\LRPC-7012242c24c2b06d2a |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | ALPC Port | \RPC Control\audit |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | ALPC Port | \RPC Control\securityevent |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | ALPC Port | \RPC Control\LSARPC_ENDPOINT |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\IdentityStore\Cache |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | ALPC Port | \RPC Control\lsasspirpc |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\KsecDD |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Event | \BaseNamedObjects\LSA_RPC_SERVER_ACTIVE |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | ALPC Port | \RPC Control\protected_storage |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\NamedPipe\protected_storage |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\NamedPipe\protected_storage |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\NamedPipe\protected_storage |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Event | \BaseNamedObjects\LSA_RPC_SERVER_ACTIVE |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Audit\PerUserAuditing\System |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Audit\AuditPolicy |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SAM\SAM\RXACT |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SAM\SAM |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SAM\SAM\DOMAINS\Builtin |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SAM\SAM\DOMAINS\Account |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | ALPC Port | \RPC Control\samss lpc |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Event | \SAM_SERVICE_STARTED |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\USER\.DEFAULT |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\USER\.DEFAULT |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\IdentityStore\Providers |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\NamedPipe\lsass |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\KsecDD |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\NamedPipe\Winsock2\CatalogChangeListener-1ec-0 |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\Afd |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\Afd |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\Afd |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\Afd |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\Nsi |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Local\Microsoft\Credentials |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\USER |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Roaming\Microsoft\Credentials |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002 |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32 |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\NamedPipe\lsass |
| 492 | \Device\HarddiskVolume1\Windows\System32\lsass.exe | File | \Device\NamedPipe\lsass |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Directory | \KnownDlls |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Key | \REGISTRY\MACHINE |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Directory | \BaseNamedObjects |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | File | \Device\KsecDD |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | File | \Device\PcwDrv |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | ALPC Port | \SmSsWinStationApiPort |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Session | \KernelObjects\Session0 |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Session | \KernelObjects\Session1 |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | ALPC Port | \RPC Control\LRPC-7817dd90b0825c0a22 |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | ALPC Port | \RPC Control\LSMApi |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | File | \Device\NamedPipe\LSM_API_service |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | File | \Device\NamedPipe\LSM_API_service |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | File | \Device\NamedPipe\LSM_API_service |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Terminal Server |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Desktop | \Default |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\lsm.exe.mui |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Event | \KernelObjects\MaximumCommitCondition |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 500 | \Device\HarddiskVolume1\Windows\System32\lsm.exe | ALPC Port | \RPC Control\OLED1CE750043C242EB905CED96FB25 |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \KnownDlls |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Desktop | \Default |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\plugplay |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\plugplay |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\plugplay |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\plugplay |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\PnP_No_Pending_Install_Events |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\PnP_No_Pending_Install_Clients |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\3c0bc021-c8a8-4e07-a973-6b14cbcb2b7e |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\PcwDrv |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\umpo |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Power\SecurityDescriptors |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\0d7dbae2-4294-402a-ba8e-26777e8488cd |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\OLE\Eventlog |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\OLE |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\OLE |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\actkernel |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\COM3 |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\RotHintTable |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Mutant | \BaseNamedObjects\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5} |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9} |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\0d7dbae2-4294-402a-ba8e-26777e8488cd\309dce9b-bef4-4119-9921-a851fb12f0f4 |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\OLE747B385C2B824AF7BAF4A2644596 |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\00000050 |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 604 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99 |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | Directory | \KnownDlls |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | Key | \REGISTRY\MACHINE |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | Desktop | \Default |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | Directory | \BaseNamedObjects |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | File | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 672 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmacthlp.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \KnownDlls |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-20\Control Panel\International |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\LRPC-1d19ca4bc3799bb262 |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\epmapper |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\OLE\Eventlog |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\OLE |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\OLE |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e4$ |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Desktop | \Default |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e4$ |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\Winsock2\CatalogChangeListener-2c0-0 |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\ScmCreatedEvent |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\epmapper |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\epmapper |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\epmapper |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{09680724-2d02-43b1-acbd-d18f3c69f0c3} |
| 704 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \KnownDlls |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e5$ |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Desktop | \Default |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e5$ |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-19\Control Panel\International |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\eventlog |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\eventlog |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\eventlog |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\eventlog |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\eventlog |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\eventlog |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows NT |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\Winsock2\CatalogChangeListener-2fc-0 |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\System.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Application.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Internet Explorer.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Security.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\ThinPrint Diagnostics.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Windows PowerShell.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Palo Alto Networks.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\OAlerts.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Media Center.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Key Management Service.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\HardwareEvents.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\000000ac |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\000000ac |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\000000ac |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\000000ac |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\AudioClientRpc |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\mmGlobalPnpInfo |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\AudioSrv_CanAcceptMMCClient |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\Audiosrv |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NetBt_Wins_Export |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\OLE3443AE959A11438BA8468450C063 |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Interfaces\{f312e50f-5e60-4458-8fda-50c31bae5d53} |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Dhcp\Parameters |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Dhcp\Parameters\Options |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\dhcpcsvc |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Dhcp\Parametersv6 |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Interfaces |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Dhcp\Parametersv6\Options |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Nsi |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Interfaces\{92BC8BAF-485F-4634-8725-EF6B79C35BD0} |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Interfaces\{72444e9b-5bee-4e1b-bca9-db6a187fa8e2} |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{F312E50F-5E60-4458-8FDA-50C31BAE5D53} |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\dhcpcsvc6 |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\NlaPrivatePort1 |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{CADE260F-E201-4024-8A53-536D0827FEDD} |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Audit-Configuration-Client%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\NlaPrivatePort |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\NlaPrivatePort2 |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\NlaPrivatePort3 |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Interfaces\{ebc0f3e0-fee5-437e-94d8-c1d65cb9bdcb} |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Interfaces\{EA0C87A9-F502-4A53-88DC-50EF6BC76782} |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NetBt_Wins_Export |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Interfaces\{cade260f-e201-4024-8a53-536d0827fedd} |
| 764 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{72444E9B-5BEE-4E1B-BCA9-DB6A187FA8E2} |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \KnownDlls |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Desktop | \Default |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\000000ac |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\000000ac |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\PcwDrv |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Mup\.\. |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\OLEA615FAAC25B545CC9AE71967948C |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \UxSmsApiPort |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\{A2DA10D8-7E2D-4d8f-86B7-4D1C99659749}_PCAEVENT |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\LRPC-b3fb85767bc40b63e5 |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\PCA_DRIVER_INSTALL |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\SuperfetchScenarioNotify |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\MEMORY MANAGEMENT\PrefetchParameters |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\$Extend\$ObjId |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1 |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \Security\TRKWKS_PORT |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \Security\TRKWKS_EVENT |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\System Volume Information\tracking.log |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\trkwks |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\trkwks |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\trkwks |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\trkwks |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Job | \BaseNamedObjects\PCA_{C1816C0A-C056-4C04-B66F-BD66BC297021} |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Mup |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\0000004a |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Nsi |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\RemoteDevicesLPC_API |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\TSUMRPD_PRINT_DRV_LPC_API |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Mutant | \BaseNamedObjects\RasPbFile |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Mutant | \BaseNamedObjects\RasPbFile |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASDLG |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\WMIDataDevice |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\WMIDataDevice |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Network\Connections |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\PCA_DRIVER_INSTALL |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Mutant | \BaseNamedObjects\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\FileInfo |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\SuperfetchParametersChanged |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\SuperfetchTracesReady |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\SuperfetchParametersChanged |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\sysmain.dll.mui |
| 884 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\PrefetchTracesReady |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \KnownDlls |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Desktop | \Default |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Mutant | \BaseNamedObjects\RasPbFile |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \...\MmcssStatusEvent |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\LRPC-6e9560fe2341f406c9 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\IUserProfile2 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\OLE0EC01D4046504C6F847E4750BCB0 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \ThemeApiPort |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\SENS Information Cache |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\SENS Started Event |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\senssvc |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \Sessions\1\BaseNamedObjects\ThemeLoadedEvent |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \AELPort |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\{005F2879-2601-409B-B71C-FB6DB779BFAB}ShellHWDetection |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\{005F2879-2601-409B-B71C-FB6DB779BFAB}ShellHWDetection |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WiaServiceStarted |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\WMIDataDevice |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\PcwDrv |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Tasks\SCHEDLGU.TXT |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\atsvc |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Tasks |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\atsvc |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\atsvc |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\Winsock2\CatalogChangeListener-3c0-0 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{77c17db4-24fb-402a-a1bf-edefd76918bd} |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\IKEEXT |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Nsi |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetworkAccessProtection\NapClient |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{f4f45de0-8c53-4b05-afcf-d30b8f8ed99c} |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WINMGMT_PROVIDER_CANSHUTDOWN |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WINMGMT_COREDLL_CANSHUTDOWN |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\wbem\MOF |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WMI_SysEvent_LodCtr |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WMI_SysEvent_UnLodCtr |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WMI_RevAdap_Set |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WMI_RevAdap_ACK |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WMI_ProcessIdleTasksStart |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WMI_ProcessIdleTasksComplete |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\WMI Writer |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WINMGMT_PROVIDER_CANSHUTDOWN |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Job | \BaseNamedObjects\WmiProviderSubSystemHostJob |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\wbem\Repository\MAPPING2.MAP |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\wbem\Repository\MAPPING1.MAP |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\wbem\Repository\MAPPING3.MAP |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\wbem\Repository\OBJECTS.DATA |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\wbem\Repository\INDEX.BTR |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\Wmi Provider Sub System Counters |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\WMIDataDevice |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Mutant | \BaseNamedObjects\FwtSqmSession101457921_S-1-5-18 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\SqmData_FwtSqmSession101457921_S-1-5-18 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\browser |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Mutant | \BaseNamedObjects\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\LanmanServerNetworkInitialized |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Mutant | \BaseNamedObjects\3a886eb8-fe40-4d0a-b78b-9e0bcb683fb7 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\SrvAdmin |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\SrvAdmin |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Srv2 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\srvsvc |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Mutant | \BaseNamedObjects\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{ff791a6b-1651-4545-befe-dd4e4f05ff46} |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \MmcssApiPort |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\MMF_BITS_s |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Network\Downloader\qmgr0.dat |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Network\Downloader\qmgr1.dat |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\BITS Writer |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\ProgramData\Cyvera\Everyone\Temp\getDll.zip |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \LanmanServerAnnounceEvent |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\LanmanServer\ShareProviders |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\certprop.dll.mui |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\TS Certificate Update Event |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32 |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\Microsoft Smart Card Resource Manager Started |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Epoch |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\srvsvc |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\RotHintTable |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\srvsvc |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\browser |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\browser |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\EVENT_READYROOT/CIMV2SCM EVENT PROVIDER |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\EVENT_READYROOT/CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \...\MmcssStatusEvent |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\srvsvc |
| 960 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \KnownDlls |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e5$ |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Desktop | \Default |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e5$ |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-19\Control Panel\International |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Nsi |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\OLE87B13061A49A44208B8F6275111B |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EventSystem\Eventlog |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\LRPC-dad14238d89a010e9b |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Epoch2 |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32 |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Epoch |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot |
| 688 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \KnownDlls |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e4$ |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Desktop | \Default |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e4$ |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-20\Control Panel\International |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Nsi |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\drivers\etc |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\DNSResolver |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WkssvcToAgentStartEvent |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Mup |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\LanmanDatagramReceiver |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\wkssvc |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WkssvcToAgentStopEvent |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\AgentToWkssvcEvent |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\wkssvc |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\wkssvc |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\wkssvc: MUP finished initializing event |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation\Parameters |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\keysvc |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\keysvc |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\keysvc |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\keysvc |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\keysvc2 |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\System Writer |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\OLEA271F53E9B2548D7B151D99D1002 |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\NlaPrivatePort3 |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\nlaplg |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\WMIDataDevice |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\WMIDataDevice |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\NlaPrivatePort |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\nlaapi |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\winhttp.dll.mui |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32 |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DNSRegisteredAdapters |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\catroot2\edb.log |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\LcRpc |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Mutant | \BaseNamedObjects\TSLicensingLock |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\termsrv.dll.mui |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\AddIns |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\wkssvc |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Termdd |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Termdd |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Termdd |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\TermSrvApi |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Termdd |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Termdd |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Termdd |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\TermSrv_API_service |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\TermSrv_API_service |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NamedPipe\TermSrv_API_service |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\RDPAudioDisabledEvent |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\WinMMConsoleAudioEvent |
| 1132 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Directory | \KnownDlls |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | WindowStation | \Windows\WindowStations\WinSta0 |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Desktop | \Default |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | WindowStation | \Windows\WindowStations\WinSta0 |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Directory | \BaseNamedObjects |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | File | \Device\KsecDD |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Event | \BaseNamedObjects\RouterPreInitEvent |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | ALPC Port | \RPC Control\spoolss |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | File | \Device\Nsi |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Event | \KernelObjects\MaximumCommitCondition |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | File | \Device\0000004a |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Local Port |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Microsoft Shared Fax Monitor |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4 |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ThinPrint Print Port Monitor for VMWare |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Mutant | \BaseNamedObjects\TpVcW32ListMutex |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Event | \BaseNamedObjects\TpVcW32ListEvent |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Section | \BaseNamedObjects\TpVcW32Queue-Tp-Handle |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Section | \BaseNamedObjects\TpVcW32Queue1 |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Mutant | \BaseNamedObjects\TpVcW32ListMutex |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Event | \BaseNamedObjects\TpVcW32ListEvent |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Section | \BaseNamedObjects\TpVcW32Queue-Tp-Handle |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Section | \BaseNamedObjects\TpVcW32Queue1 |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Function Discovery\RegistryStore\Association DB |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Mutant | \BaseNamedObjects\ThinPrint-L |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001 |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Providers\LanMan Print Services\PortNames |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | ALPC Port | \RPC Control\OLEE15149A8E80A4957B7E0435AA164 |
| 1248 | \Device\HarddiskVolume1\Windows\System32\spoolsv.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \KnownDlls |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e5$ |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Desktop | \Default |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e5$ |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-19\Control Panel\International |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\WFP |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\WFP |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\NXTIPSEC |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\IPSECDOSP |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\WfpAle |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\LRPC-3607a8f0525db62151 |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\PcwDrv |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{09680724-2d02-43b1-acbd-d18f3c69f0c3} |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{454fbbde-081e-45a6-9a1a-a20a54f12581} |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{89c6cff0-cb00-4156-9aa5-452d80afbcdc} |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \BaseNamedObjects\WDI_{df8a2304-112e-4e0c-ac00-4928468c6cb5} |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{f4f45de0-8c53-4b05-afcf-d30b8f8ed99c} |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{77c17db4-24fb-402a-a1bf-edefd76918bd} |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{ff791a6b-1651-4545-befe-dd4e4f05ff46} |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{aea79177-7ea2-4bcc-bbc7-022282e94a37} |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \...\ASqmManifestVersion |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \...\ASqmManifestLoadEvent |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\AdaptiveSqm\ManifestInfo |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\LowCommitCondition |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\HighCommitCondition |
| 1292 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Directory | \KnownDlls |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Desktop | \Default |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Directory | \BaseNamedObjects |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | ALPC Port | \CyveraPort |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Event | \BaseNamedObjects\{1D36BC31-0D75-4A6E-9602-157D85F33268} |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | File | \Device\CyvrMitControl |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | File | \Device\HarddiskVolume1\ProgramData\Cyvera\Prevention |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | File | \Device\HarddiskVolume1\ProgramData\Cyvera\Quarantine |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | File | \Device\CyvrMitControl |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | File | \FileSystem\Filters\FltMgrMsg |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | File | \Device\KsecDD |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Event | \KernelObjects\MaximumCommitCondition |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | ALPC Port | \RPC Control\OLEE36D62F1BD414D6C8F81AAD6EEBD |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\USER\.DEFAULT |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Policies |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\USER\.DEFAULT\Software |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE\SOFTWARE |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Section | \BaseNamedObjects\UrlZonesSM_SYSTEM |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Mutant | \BaseNamedObjects\ZoneAttributeCacheCounterMutex |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Mutant | \BaseNamedObjects\ZonesCacheCounterMutex |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Mutant | \BaseNamedObjects\ZoneAttributeCacheCounterMutex |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion |
| 1356 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cyserver.exe | Mutant | \BaseNamedObjects\ZonesLockedCacheCounterMutex |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Directory | \KnownDlls |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Desktop | \Default |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\USER\.DEFAULT |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\.NETFramework |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Directory | \BaseNamedObjects |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Section | \BaseNamedObjects\Cor_Private_IPCBlock_1400 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Section | \BaseNamedObjects\Cor_Public_IPCBlock_1400 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Event | \BaseNamedObjects\CorDBIPCSetupSyncEvent_1400 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Event | \KernelObjects\LowMemoryCondition |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_64\indexe4.dat |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\KsecDD |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\assembly\pubpol39.dat |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\Cyvera.Common.General.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\Cyvera.Common.Logging.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Mutant | \BaseNamedObjects\CyveraService, Version=4.0.0.23331, Culture=neutral, PublicKeyToken=null_SINGLE_INSTANCE_MUTEX |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\Nlog.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\NLog.Targets.Syslog.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\Afd |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Section | \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Mutant | \BaseNamedObjects\NLog-FileLock-c:/programdata/cyvera/logs/service_win-rn4a1d7im6l.log |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\ProgramData\Cyvera\Logs\Service_WIN-RN4A1D7IM6L.log |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\Cyvera.Common.Interfaces.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\Cyvera.Client.Interfaces.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\Cyvera.Common.ApiCommunication.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\SimpleInjector.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\Cyvera.Client.Backend.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\Cyvera.Common.ApiContracts.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\Afd |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Section | \BaseNamedObjects\netfxcustomperfcounters.1.0.net clr networking |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\Afd |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\RestSharp.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\Newtonsoft.Json.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\Cassia.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\SharpBITS.Base.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\Afd |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | ALPC Port | \CyveraLegacyServer |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\CyvrMitControl |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Event | \KernelObjects\MaximumCommitCondition |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | ALPC Port | \RPC Control\OLE832A1459D15543DBA9A50B4F8A67 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\CyvrMitControl |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Palo Alto Networks\Traps\EventConsumer\TrapsService_TrapsV2 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | ALPC Port | \RPC Control\ESMRpc |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\Afd |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Section | \BaseNamedObjects\netfxcustomperfcounters.1.0servicemodelservice 3.0.0.0 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Section | \BaseNamedObjects\net.pipe:EbmV0LnBpcGU6Ly8rL0NZVkVSQUNPTlNPTEUv |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\NamedPipe\1aebf2bd-fb90-4b83-bcc5-3b7e35dd9737 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\Nsi |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Event | \BaseNamedObjects\{13A73834-7BBE-4602-BF65-E164B1C2F7F3} |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Mutant | \BaseNamedObjects\RasPbFile |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CyveraService_RASAPI32 |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\Afd |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\Afd |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CyveraService_RASMANCS |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\USER\.DEFAULT |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Key | \REGISTRY\USER |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | Event | \BaseNamedObjects\{1D36BC31-0D75-4A6E-9602-157D85F33268} |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\ICSharpCode.SharpZipLib.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.XmlSerializers.dll |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\Afd |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\activeds.dll.mui |
| 1400 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\CyveraService.exe | File | \Device\Afd |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | Directory | \KnownDlls |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | Key | \REGISTRY\MACHINE |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | Desktop | \Default |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | Directory | \BaseNamedObjects |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | File | \Device\NamedPipe\dbxsvc |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | File | \Device\NamedPipe\dbxsvc |
| 1492 | \Device\HarddiskVolume1\Windows\System32\DbxSvc.exe | File | \Device\NamedPipe\dbxsvc |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \KnownDlls |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e5$ |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Desktop | \Default |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e5$ |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-19\Control Panel\International |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Epoch |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Epoch2 |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Nsi |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\LRPC-5ff6ae1375973f5e70 |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\OLE77C28C9D7EAB4E7CA88CD697C3DF |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\wcncsvc.wcnprpc |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\wcncsvc.transport |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1712 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Directory | \KnownDlls |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Desktop | \Default |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Directory | \BaseNamedObjects |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | ALPC Port | \TlaServer |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | File | \Device\CyvrMitControl |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | File | \Device\HarddiskVolume1\Windows\Temp |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | ALPC Port | \RPC Control\TasWorkerServer |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | File | \Device\HarddiskVolume1\ProgramData\Cyvera\LocalSystem\wfcache |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | File | \Device\HarddiskVolume1\ProgramData\Cyvera\LocalSystem\wfcache.log |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | ALPC Port | \RPC Control\WFRpc |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | ALPC Port | \RPC Control\DBRpc |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | File | \Device\KsecDD |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | File | \Device\KsecDD |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32 |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | File | \Device\HarddiskVolume1\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 1756 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaservice.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Directory | \KnownDlls |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Key | \REGISTRY\MACHINE |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Desktop | \Default |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Directory | \BaseNamedObjects |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\ProgramData\VMware\VMware VGAuth\logfile.txt.0 |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\HarddiskVolume1\ProgramData\VMware\VMware VGAuth\logfile.txt.0 |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Key | \REGISTRY\USER\.DEFAULT |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | File | \Device\NamedPipe\vgauth-service |
| 1784 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Directory | \KnownDlls |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Desktop | \Default |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Directory | \BaseNamedObjects |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\Temp\vmware-vmsvc.log |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Event | \BaseNamedObjects\VMwareToolsQuitEvent_vmsvc |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Event | \BaseNamedObjects\VMwareToolsDumpStateEvent_vmsvc |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\vmci |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\KsecDD |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\VMUpgradeHelper |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Event | \KernelObjects\MaximumCommitCondition |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | ALPC Port | \RPC Control\OLE1C317C381446435593E4D72B2A29 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\Nsi |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\.DEFAULT |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\LOADPERF_MUTEX |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PERFLIB |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\.NET Memory Cache 4.0_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NETFramework\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ASP.NET\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\ASP.NET_4.0.30319_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\aspnet_state\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BITS\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\BITS_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ESENT\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\ESENT_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Lsa\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\Lsa_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\MSSCNTRS_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Outlook\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\Outlook_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfDisk\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfNet\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfOS\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfProc\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\rdyboost\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\rdyboost_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Spooler\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\Spooler_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TermService\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\TermService_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGatherer\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\UGatherer_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\UGTHRSVC_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\usbhub\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\usbhub_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WmiApRpl\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_718 |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi\Performance |
| 1816 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Mutant | \BaseNamedObjects\WSearchIdxPi_Perf_Library_Lock_PID_718 |
| 1996 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaworker.exe | Directory | \KnownDlls |
| 1996 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaworker.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1996 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaworker.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1996 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\tlaworker.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Directory | \KnownDlls |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e4$ |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Desktop | \Default |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e4$ |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Directory | \BaseNamedObjects |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\KsecDD |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Section | \BaseNamedObjects\Wmi Provider Sub System Counters |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Event | \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Event | \KernelObjects\MaximumCommitCondition |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | ALPC Port | \RPC Control\OLE5B55455ACE6E4DD8A97CBAC9F1D0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\Nsi |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\WMIDataDevice |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PERFLIB |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET Memory Cache 4.0_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NETFramework\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ASP.NET\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ASP.NET_4.0.30319_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\aspnet_state\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BITS\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\BITS_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ESENT\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ESENT_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Lsa\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Lsa_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\MSSCNTRS_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Outlook\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Outlook_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfDisk\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfNet\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfOS\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfProc\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\rdyboost\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\rdyboost_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Spooler\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Spooler_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TermService\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\TermService_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGatherer\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\UGatherer_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\UGTHRSVC_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\usbhub\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\usbhub_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WmiApRpl\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi\Performance |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\WSearchIdxPi_Perf_Library_Lock_PID_5f0 |
| 1520 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Event | \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Directory | \KnownDlls |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4 |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Desktop | \Default |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Key | \REGISTRY\MACHINE |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Directory | \BaseNamedObjects |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Key | \REGISTRY\USER\.DEFAULT |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Section | \BaseNamedObjects\TPC-SHM |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Event | \BaseNamedObjects\TP-FOLLOWPQUITEVENTGLOBAL |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\ThinPrint\TPAutoConnect |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\ThinPrint\TPAutoConnect |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Event | \BaseNamedObjects\TPC-Req1 |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Event | \BaseNamedObjects\TPC-Req2 |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Event | \BaseNamedObjects\TPC-Req3 |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Event | \BaseNamedObjects\TPC-Ack1 |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 2136 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \KnownDlls |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-20\Control Panel\International |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\BFE_Notify_Event_{aea79177-7ea2-4bcc-bbc7-022282e94a37} |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Epoch |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e4$ |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Desktop | \Default |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e4$ |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\IPSEC_POLICY_CHANGE_EVENT |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\IPSEC_POLICY_CHANGE_NOTIFY |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Event | \BaseNamedObjects\IPSEC_GP_REFRESH_EVENT |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Afd |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\Nsi |
| 2520 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\LRPC-cf92cfb0e05afb0984 |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \KnownDlls |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Directory | \BaseNamedObjects |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-19\Control Panel\International |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e5$ |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Desktop | \Default |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e5$ |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | Key | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | ALPC Port | \RPC Control\BthServEp |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\USBPDO-4 |
| 2556 | \Device\HarddiskVolume1\Windows\System32\svchost.exe | File | \Device\KsecDD |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Directory | \KnownDlls |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Desktop | \Default |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Directory | \BaseNamedObjects |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\KsecDD |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Event | \KernelObjects\MaximumCommitCondition |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | ALPC Port | \RPC Control\OLE49EC07A93D4D4002B8F3B8869891 |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Event | \BaseNamedObjects\COM+ Tracker Push Event |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Event | \BaseNamedObjects\COM+ Tracker Init Event |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Event | \BaseNamedObjects\COM+ Tracker Init Event |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{AD04059E-F15F-4806-84A4-640A0F6AFB11}.crmlog |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\System32\comsvcs.dll |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\System32\stdole2.tlb |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\COM3\Eventlog |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Event | \BaseNamedObjects\COM+ Tracker Push Event |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\MSDTC\Tracing |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\KsecDD |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\MSDTC\Tracing |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\MSDTC\Tracing |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | ALPC Port | \RPC Control\LRPC-d8144c43b692070501 |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\Nsi |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID |
| 2604 | \Device\HarddiskVolume1\Windows\System32\dllhost.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\COM3 |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Directory | \KnownDlls |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4 |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Desktop | \Default |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\MACHINE |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Directory | \Sessions\1\BaseNamedObjects |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Section | \BaseNamedObjects\TPC-SHM |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | File | \Device\KsecDD |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Event | \BaseNamedObjects\TP-FOLLOWPQUITEVENTGLOBAL |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Mutant | \Sessions\1\BaseNamedObjects\TP_HIGHLANDER_MUTEX |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Event | \Sessions\1\BaseNamedObjects\TP-CREATE-PRINTERS |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Mutant | \Sessions\1\BaseNamedObjects\TP_HIGHLANDER_MUTEX |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | File | \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | File | \Device\Nsi |
| 2792 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\TPAutoConnect.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\ThinPrint\TPAutoConnect |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Directory | \KnownDlls |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | ALPC Port | \RPC Control\console-0x0000000000000B00-lpc-handle |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Desktop | \Default |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\conhost.exe.mui |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Directory | \Sessions\1\BaseNamedObjects |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Event | \BaseNamedObjects\ConsoleEvent-0x0000000000000B00 |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 2816 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Directory | \KnownDlls |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e4$ |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Desktop | \Default |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e4$ |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\msdtc.exe.mui |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Directory | \BaseNamedObjects |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | File | \Device\KsecDD |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\MSDTC\Tracing |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\MSDTC\Tracing |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\MSDTC\Tracing |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\MSDTC\Tracing |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\MSDTC\Tracing |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\MSDTC\Tracing |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | File | \Device\KsecDD |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\MSDTC\Tracing |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\MSDTC\Changed |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | ALPC Port | \RPC Control\LRPC-b96e244fa3a0041580 |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\USER\S-1-5-20\Control Panel\International |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | File | \Device\HarddiskVolume1\Windows\System32\Msdtc\MSDTC.LOG |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Section | \BaseNamedObjects\MSDTC_STATS_FILE |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Mutant | \BaseNamedObjects\MSDTC_STATS_EVENT |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\msdtcVSp1res.dll.mui |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Event | \KernelObjects\MaximumCommitCondition |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2952 | \Device\HarddiskVolume1\Windows\System32\msdtc.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | Directory | \KnownDlls |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | Desktop | \Default |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | Key | \REGISTRY\MACHINE |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | Directory | \Sessions\1\BaseNamedObjects |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | ALPC Port | \Sessions\1\BaseNamedObjects\Dwm-50DA-ApiPort-5702 |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 2728 | \Device\HarddiskVolume1\Windows\System32\dwm.exe | File | \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Directory | \KnownDlls |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4 |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\MSF\Registration\Listen |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Desktop | \Default |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Directory | \Sessions\1\BaseNamedObjects |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Section | \Sessions\1\BaseNamedObjects\Groove:FileWatermark:Fl45nf+6PBi4TVM9AjDXheQnGAk= |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Section | \Sessions\1\BaseNamedObjects\windows_shell_global_counters |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | File | \Device\KsecDD |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows NT\CurrentVersion |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Event | \KernelObjects\MaximumCommitCondition |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 2812 | \Device\HarddiskVolume1\Windows\explorer.exe | File | \Device\NamedPipe\DropboxDataPipe |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Directory | \KnownDlls |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Desktop | \Default |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Directory | \Sessions\1\BaseNamedObjects |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \Sessions\1\BaseNamedObjects\windows_shell_global_counters |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\Temp\vmware-vmusr.log |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Event | \Sessions\1\BaseNamedObjects\VMwareToolsQuitEvent_vmusr |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Event | \Sessions\1\BaseNamedObjects\VMwareToolsDumpStateEvent_vmusr |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\vmci |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\KsecDD |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\ThinPrint\TPAutoConnect |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\gameux.dll.mui |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Event | \Sessions\1\BaseNamedObjects\WinSta0_DesktopSwitch |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\vmci |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Roaming\Microsoft\Windows\Recent |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.chm\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dmp\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.h\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.job\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lib\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msc\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msu\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdb\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pfx\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pl\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rll\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\OpenWithList |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\vmci |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Roaming\Microsoft\Windows\Start Menu |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Event | \KernelObjects\MaximumCommitCondition |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}\PropertyBag |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows NT\CurrentVersion |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4 |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 2648 | \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe | ALPC Port | \RPC Control\OLEDD40A63106CD4CF9817333F35C2E |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Directory | \KnownDlls |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Desktop | \Default |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | File | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\en-US\cytray.exe.mui |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Key | \REGISTRY\MACHINE |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Directory | \Sessions\1\BaseNamedObjects |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Event | \Sessions\1\BaseNamedObjects\CyTray |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Event | \BaseNamedObjects\{13A73834-7BBE-4602-BF65-E164B1C2F7F3} |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | File | \Device\KsecDD |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Palo Alto Networks\Traps |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Section | \Sessions\1\BaseNamedObjects\windows_shell_global_counters |
| 2480 | \Device\HarddiskVolume1\Program Files\Palo Alto Networks\Traps\cytray.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Directory | \KnownDlls |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Directory | \KnownDlls32 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Windows |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Directory | \KnownDlls32 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Desktop | \Default |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Directory | \Sessions\1\BaseNamedObjects |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\KsecDD |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\en-US\KernelBase.dll.mui |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Section | \Sessions\1\BaseNamedObjects\windows_shell_global_counters |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Event | \KernelObjects\MaximumCommitCondition |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | ALPC Port | \RPC Control\OLE93B3F00C2883467AA9E9CDA6A27D |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\wbem\wbemdisp.tlb |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Event | \BaseNamedObjects\DropboxEvent_FLUSH_AND_TERMINATE_3820 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\KsecDD |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Local\Dropbox\instance_db\instance.dbx |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Mutant | \BaseNamedObjects\Dropbox_S-1-5-21-2670198844-744346536-2988945080-1000 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Local\Dropbox\instance1\config.dbx |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\Nsi |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Mutant | \Sessions\1\BaseNamedObjects\__DDrawCheckExclMode__ |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Direct3D |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Mutant | \Sessions\1\BaseNamedObjects\__DDrawExclMode__ |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Local\Dropbox\instance1\config.dbx |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Local\Dropbox\instance_db\instance.dbx |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Local\Dropbox\instance1\config.dbx |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\en-US\kernel32.dll.mui |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Policies |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Mutant | \Sessions\1\BaseNamedObjects\_!MSFTHISTORY!_ |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Mutant | \Sessions\1\BaseNamedObjects\c:!users!foo!appdata!local!microsoft!windows!temporary internet files!content.ie5! |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Section | \Sessions\1\BaseNamedObjects\C:_Users_foo_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_65536 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Mutant | \Sessions\1\BaseNamedObjects\c:!users!foo!appdata!roaming!microsoft!windows!cookies! |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Roaming\Microsoft\Windows\Cookies\index.dat |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Section | \Sessions\1\BaseNamedObjects\C:_Users_foo_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Mutant | \Sessions\1\BaseNamedObjects\c:!users!foo!appdata!local!microsoft!windows!history!history.ie5! |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Section | \Sessions\1\BaseNamedObjects\C:_Users_foo_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_65536 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Mutant | \Sessions\1\BaseNamedObjects\WininetConnectionMutex |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Mutant | \Sessions\1\BaseNamedObjects\WininetProxyRegistryMutex |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Mutant | \Sessions\1\BaseNamedObjects\WininetStartupMutex |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Mutant | \Sessions\1\BaseNamedObjects\RasPbFile |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Dropbox_RASAPI32 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Dropbox_RASMANCS |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\Afd |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\wbem\en-US\wmiutils.dll.mui |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\stdole2.tlb |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\Afd |
| 3820 | \Device\HarddiskVolume1\Program Files (x86)\Dropbox\Client\Dropbox.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Local\Dropbox\instance1\config.dbx |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Directory | \KnownDlls |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Directory | \KnownDlls32 |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | File | \Device\HarddiskVolume1\Windows |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Directory | \KnownDlls32 |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64 |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Desktop | \Default |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Directory | \Sessions\1\BaseNamedObjects |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | File | \Device\KsecDD |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Event | \Sessions\1\BaseNamedObjects\SunJavaUpdateShutdownEvent |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\en-US\KernelBase.dll.mui |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Mutant | \Sessions\1\BaseNamedObjects\SunJavaUpdateSchedulerMutex |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Section | \Sessions\1\BaseNamedObjects\windows_shell_global_counters |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | File | \Device\KsecDD |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | File | \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Event | \KernelObjects\MaximumCommitCondition |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Section | \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Mutant | \Sessions\1\BaseNamedObjects\ZonesCounterMutex |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Policies |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Section | \Sessions\1\BaseNamedObjects\UrlZonesSM_foo |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Mutant | \Sessions\1\BaseNamedObjects\ZoneAttributeCacheCounterMutex |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Mutant | \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Mutant | \Sessions\1\BaseNamedObjects\ZoneAttributeCacheCounterMutex |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Mutant | \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows NT\CurrentVersion |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 3912 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Directory | \KnownDlls |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Desktop | \Default |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | WindowStation | \Windows\WindowStations\msswindowstation |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Directory | \BaseNamedObjects |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\USER\.DEFAULT |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Mutant | \BaseNamedObjects\SearchServiceMUT |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\KsecDD |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | ALPC Port | \RPC Control\OLEE495D7801E50444C98015211C89E |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\UGATHERER |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\UGathererObj |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\UGTHRSVC |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\UGthrSvcObj |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Event | \KernelObjects\MaximumCommitCondition |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Desktop | \mssrestricteddesk |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | WindowStation | \Windows\WindowStations\msswindowstation |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Databases |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\PluginManagers |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\PluginManagers\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Databases |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\PluginManagers\1 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Databases\Windows |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\PluginManagers\2 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\Projects |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\Projects\SystemIndex |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\Projects\SystemIndex |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000001.db |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{68999478-2757-4BAF-A8F0-07F00B21B0FC}.2.ver0x0000000000000002.db |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{BB9D958C-3900-48CE-84F0-804A8CBB86D0}.2.ver0x0000000000000001.db |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\Projects\SystemIndex\ActivePlugins |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\1 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\10 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\11 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\12 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\13 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\14 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\15 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\2 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\3 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\4 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\5 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\6 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\7 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\8 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths\9 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\{S-1-5-21-2670198844-744346536-2988945080-1000} |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\{S-1-5-21-2670198844-744346536-2988945080-1000}\Paths |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\{S-1-5-21-2670198844-744346536-2988945080-1000}\Paths\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\{S-1-5-21-2670198844-744346536-2988945080-1000}\Paths\1 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\1 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\5 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Extensions |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Mappings |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StreamLog |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols\Csc\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols\File\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols\StickyNotes\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols\Mapi\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols\IEHistory\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols\IERSS\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols\SharePointWorkspaceSearch\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols\OneIndex14\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StreamLog |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.153.gthr |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.153.Crwl |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\Projects\SystemIndex\ActivePlugins\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\Projects\SystemIndex\Plugins |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\Projects\SystemIndex\Plugins\0 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\Projects\SystemIndex\Plugins\1 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\WSearchIdxPi |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\WseIdxPm |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wsb |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.dir |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\NamedPipe\MsFteWds |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Mutant | \BaseNamedObjects\WindowsSearchService_EfsRegKeysMutex |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\MSSearch Service Writer |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Event | \BaseNamedObjects\TermSrvReadyEvent |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\USER |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\PropertyBag |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | Section | \BaseNamedObjects\windows_shell_global_counters |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.ci |
| 3952 | \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.dir |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Directory | \KnownDlls |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Desktop | \Default |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | WindowStation | \Windows\WindowStations\Service-0x0-3e7$ |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Directory | \BaseNamedObjects |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\KsecDD |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Section | \BaseNamedObjects\Wmi Provider Sub System Counters |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Event | \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Event | \KernelObjects\MaximumCommitCondition |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | ALPC Port | \RPC Control\OLE1D6F0466AFCE4E81823D857232C4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Classes |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\LOADPERF_MUTEX |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PERFLIB |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\USER\.DEFAULT\Control Panel\International |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NET Memory Cache 4.0_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NETFramework\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ASP.NET\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ASP.NET_4.0.30319_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\aspnet_state\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BITS\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\BITS_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ESENT\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ESENT_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Lsa\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Lsa_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\MSSCNTRS_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Outlook\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Outlook_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfDisk\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfNet\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfOS\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfProc\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\rdyboost\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\rdyboost_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Spooler\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Spooler_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TermService\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\TermService_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGatherer\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\UGatherer_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\UGTHRSVC_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\usbhub\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\usbhub_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WmiApRpl\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi\Performance |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Mutant | \BaseNamedObjects\WSearchIdxPi_Perf_Library_Lock_PID_fa4 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Event | \BaseNamedObjects\CLR_PerfMon_DoneEnumEvent |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Event | \BaseNamedObjects\CLR_PerfMon_StartEnumEvent |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Section | \BaseNamedObjects\Cor_Public_IPCBlock_1400 |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319\Names |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\WMIDataDevice |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\Nsi |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | Event | \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\WMIDataDevice |
| 4004 | \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe | File | \Device\PcwDrv |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Directory | \KnownDlls |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Directory | \KnownDlls32 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | File | \Device\HarddiskVolume1\Windows |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Directory | \KnownDlls32 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | File | \Device\HarddiskVolume1\Users\foo\Desktop |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | File | \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Desktop | \Default |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | File | \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Directory | \Sessions\1\BaseNamedObjects |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PERFLIB |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET Memory Cache 4.0_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NETFramework\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ASP.NET\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\ASP.NET_4.0.30319_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\aspnet_state\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BITS\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\BITS_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ESENT\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\ESENT_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Lsa\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\Lsa_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\MSSCNTRS_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Outlook\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\Outlook_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfDisk\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfNet\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfOS\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfProc\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\rdyboost\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\rdyboost_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Spooler\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\Spooler_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TermService\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\TermService_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGatherer\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\UGatherer_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\UGTHRSVC_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\usbhub\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\usbhub_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WmiApRpl\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi\Performance |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Mutant | \Sessions\1\BaseNamedObjects\WSearchIdxPi_Perf_Library_Lock_PID_de4 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Event | \Sessions\1\BaseNamedObjects\Procexp32bitServerEvent |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Event | \Sessions\1\BaseNamedObjects\Procexp32bitClientEvent |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Section | \Sessions\1\BaseNamedObjects\Procexp32bitSection |
| 3556 | \Device\HarddiskVolume1\Users\foo\Desktop\ko.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Directory | \KnownDlls |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | File | \Device\HarddiskVolume1\Users\foo\Desktop |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Desktop | \Default |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Directory | \Sessions\1\BaseNamedObjects |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PERFLIB |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\.NET Memory Cache 4.0_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NETFramework\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ASP.NET\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\ASP.NET_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\ASP.NET_4.0.30319_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\aspnet_state\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\aspnet_state_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BITS\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\BITS_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ESENT\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\ESENT_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Lsa\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\Lsa_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\MSSCNTRS_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Outlook\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\Outlook_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfDisk\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfNet\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfOS\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfProc\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\rdyboost\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\rdyboost_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Spooler\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\Spooler_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TermService\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\TermService_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGatherer\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\UGatherer_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\UGTHRSVC_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\usbhub\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\usbhub_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WmiApRpl\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi\Performance |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Mutant | \Sessions\1\BaseNamedObjects\WSearchIdxPi_Perf_Library_Lock_PID_d1c |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Sysinternals\Process Explorer |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | File | \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | File | \Device\KsecDD |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Section | \Sessions\1\BaseNamedObjects\windows_shell_global_counters |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows NT\CurrentVersion |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Event | \KernelObjects\MaximumCommitCondition |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | Section | \BaseNamedObjects\__ComCatalogCache__ |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | File | \Device\HarddiskVolume1\Windows\Registration\R00000000000c.clb |
| 3356 | \Device\HarddiskVolume1\Users\foo\AppData\Local\Temp\ko64.exe | File | \Device\NamedPipe\DropboxDataPipe |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Directory | \KnownDlls |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Directory | \KnownDlls32 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Windows |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Directory | \KnownDlls32 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Desktop | \Default |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Directory | \Sessions\1\BaseNamedObjects |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\KsecDD |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\SunJavaUpdateCheckerMutex |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Section | \Sessions\1\BaseNamedObjects\windows_shell_global_counters |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy\jucheck |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\en-US\KernelBase.dll.mui |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows NT\CurrentVersion |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Event | \Sessions\1\BaseNamedObjects\SunJavaUpdateShutdownEvent |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Event | \Sessions\1\BaseNamedObjects\SunJavaUpdateRecheckUpdateEvent |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Policies |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\_!MSFTHISTORY!_ |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\c:!users!foo!appdata!local!microsoft!windows!temporary internet files!content.ie5! |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Section | \Sessions\1\BaseNamedObjects\C:_Users_foo_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_65536 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\c:!users!foo!appdata!roaming!microsoft!windows!cookies! |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Roaming\Microsoft\Windows\Cookies\index.dat |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Section | \Sessions\1\BaseNamedObjects\C:_Users_foo_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\c:!users!foo!appdata!local!microsoft!windows!history!history.ie5! |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Section | \Sessions\1\BaseNamedObjects\C:_Users_foo_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_65536 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\WininetStartupMutex |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\WininetConnectionMutex |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\WininetProxyRegistryMutex |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\SystemCertificates\My |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\RasPbFile |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\jucheck_RASAPI32 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\jucheck_RASMANCS |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000_CLASSES |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\Nsi |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\ZoneAttributeCacheCounterMutex |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\ZonesCounterMutex |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Section | \Sessions\1\BaseNamedObjects\UrlZonesSM_foo |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\ZoneAttributeCacheCounterMutex |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Internet Explorer\IETld |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Mutant | \Sessions\1\BaseNamedObjects\!IETld!Mutex |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\en-US\urlmon.dll.mui |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\Afd |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\Afd |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Roaming\Microsoft\SystemCertificates\My |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\KsecDD |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\SystemCertificates\My |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\SystemCertificates\CA |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\SystemCertificates\Disallowed |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\SystemCertificates\Root |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\SystemCertificates\TrustedPeople |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\SystemCertificates\SmartCardRoot |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\SystemCertificates\trust |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Policies\Microsoft\SystemCertificates |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Users\foo\AppData\Roaming\Microsoft\SystemCertificates\My |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy\jucheck |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy\jucheck |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | File | \Device\HarddiskVolume1\Windows\SysWOW64\en-US\winhttp.dll.mui |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Event | \Sessions\1\BaseNamedObjects\SunJavaUpdateShutdownEvent |
| 2384 | \Device\HarddiskVolume1\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Directory | \KnownDlls |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | File | \Device\HarddiskVolume1\Users\foo\Desktop\New folder |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4 |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Desktop | \Default |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Key | \REGISTRY\MACHINE |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Directory | \Sessions\1\BaseNamedObjects |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Event | \Sessions\1\BaseNamedObjects\swchost |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Section | \Sessions\1\BaseNamedObjects\windows_shell_global_counters |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | File | \Device\KsecDD |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000\Software\Microsoft\Windows NT\CurrentVersion |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| 3780 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\wft.exe | Key | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Directory | \KnownDlls |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Directory | \KnownDlls32 |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\HarddiskVolume1\Windows |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Directory | \KnownDlls32 |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\HarddiskVolume1\Users\foo\Desktop\New folder |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Directory | \Sessions\1\BaseNamedObjects |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\hnd.html |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\HarddiskVolume1\Windows\System32\catroot2\edb.log |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\HarddiskVolume1\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\HarddiskVolume1\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\Afd |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\Afd |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | Key | \REGISTRY\MACHINE\SYSTEM\Cyvera\Channel |
| 3680 | \Device\HarddiskVolume1\Users\foo\Desktop\New folder\GetHandle.exe | File | \Device\Afd |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Directory | \KnownDlls |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | File | \Device\HarddiskVolume1\Windows\System32 |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | ALPC Port | \RPC Control\console-0x000000000000010C-lpc-handle |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Desktop | \Default |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | WindowStation | \Sessions\1\Windows\WindowStations\WinSta0 |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | File | \Device\HarddiskVolume1\Windows\System32\en-US\conhost.exe.mui |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Directory | \Sessions\1\BaseNamedObjects |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Event | \BaseNamedObjects\ConsoleEvent-0x000000000000010C |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | File | \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | File | \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6 |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | File | \Device\KsecDD |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Key | \REGISTRY\USER\S-1-5-21-2670198844-744346536-2988945080-1000 |
| 268 | \Device\HarddiskVolume1\Windows\System32\conhost.exe | Section | \Sessions\1\BaseNamedObjects\windows_shell_global_counters |