OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : GDI Client DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : gdi32 LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : gdi32 ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\SHFOLDER.dll File version : 6.0.2900.2180 Product version : 6.0.2900.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Shell Folder Service FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) InternalName : shfolder LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : shfolder.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 6.00.2900.2180 C:\WINDOWS\system32\ADVAPI32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Advanced Windows 32 Base API FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : advapi32.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : advapi32.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\RPCRT4.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Remote Procedure Call Runtime FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : rpcrt4.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : rpcrt4.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll File version : 6.0.2900.2180 Product version : 6.0.2900.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Shell Light-weight Utility Library FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) InternalName : SHLWAPI LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : SHLWAPI.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 6.00.2900.2180 C:\WINDOWS\system32\ole32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft OLE for Windows FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : OLE32.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : OLE32.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\MPR.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Multiple Provider Router DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : mpr.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : mpr.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\VERSION.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Version Checking and File Installation Libraries FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : version LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : VERSION.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\Program Files\VMware\VMware Tools\sigc-2.0.dll C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll File version : 8.0.50727.762 Product version : 8.0.50727.762 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft\xae C++ Runtime Library FileVersion : 8.00.50727.762 InternalName : MSVCP80.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : MSVCP80.DLL ProductName : Microsoft\xae Visual Studio\xae 2005 ProductVersion : 8.00.50727.762 C:\WINDOWS\system32\WS2_32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Socket 2.0 32-Bit DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : ws2_32.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : ws2_32.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WS2HELP.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Socket 2.0 Helper for Windows NT FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : ws2help.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : ws2help.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL File version : 8.0.50727.762 Product version : 8.0.50727.762 Flags : OS : Windows 32-bit File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : MFCDLL Shared Library - Retail Version FileVersion : 8.00.50727.762 InternalName : MFC80U.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. ProductName : Microsoft\xae Visual Studio\xae 2005 OriginalFilename : MFC80U.DLL ProductVersion : 8.00.50727.762 C:\WINDOWS\system32\WINSPOOL.DRV File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Driver File Date : CompanyName : Microsoft Corporation FileDescription : Windows Spooler Driver FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : winspool.drv LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : winspool.drv ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileVersion : 5.1.2600.2180 InternalName : OLEAUT32.DLL LegalCopyright : Copyright \xa9 Microsoft Corp. 1993-2001. LegalTrademarks : Microsoft\xae is a registered trademark of Microsoft Corporation. Windows\xae is a registered trademark of Microsoft Corporation. ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\mfc42ul.dll File version : 4.2.1.0 Product version : 4.2.1.0 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : MFCDLL Shared Library - Retail Version FileVersion : 4.2.1.0 InternalName : mfc42ul.dll LegalCopyright : Copyright \xa9 1998 OriginalFilename : mfc42ul.dll ProductName : MFC 42 ProductVersion : 4.2.1.0 C:\WINDOWS\system32\snmpapi.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : SNMP Utility Library FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : snmpapi.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : snmpapi.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL File version : 8.0.50727.762 Product version : 8.0.50727.762 Flags : OS : Windows 32-bit File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : MFC Language Specific Resources FileVersion : 8.00.50727.762 InternalName : MFC80ENU.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. ProductName : Microsoft\xae Visual Studio\xae 2005 OriginalFilename : MFC80ENU.DLL ProductVersion : 8.00.50727.762 C:\WINDOWS\system32\uxtheme.dll File version : 6.0.2900.2180 Product version : 6.0.2900.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft UxTheme Library FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) InternalName : UxTheme.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : UxTheme.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 6.00.2900.2180 C:\WINDOWS\system32\wtsapi32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Terminal Server SDK APIs FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : wtsapi32.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : wtsapi32.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WINSTA.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Application File Date : CompanyName : Microsoft Corporation FileDescription : Winstation Library FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : winsta LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : winsta.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\NETAPI32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Net Win32 API DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : NetApi32.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : NetApi32.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\xpsp2res.dll C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File version : 9.0.0.332 Product version : 0.0.0.0 Flags : OS : Windows 32-bit File Type : Dynamic Link Library File Date : CompanyName : Adobe Systems Incorporated FileDescription : Adobe Acrobat SpeedLauncher FileVersion : 9.0.0.2008061200 LegalCopyright : Copyright 1984-2008 Adobe Systems Incorporated and its licensors. All rights reserved. ProductName : Adobe Acrobat ProductVersion : 9.0.0.2008061200 OriginalFilename : AcroSpeedLaunch.exe C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\GDI32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : GDI Client DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : gdi32 LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : gdi32 ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Advanced Windows 32 Base API FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : advapi32.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : advapi32.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\RPCRT4.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Remote Procedure Call Runtime FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : rpcrt4.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : rpcrt4.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\msvcrt.dll File version : 7.0.2600.2180 Product version : 6.1.8638.2180 Flags : OS : Windows NT File Type : Application File Date : CompanyName : Microsoft Corporation FileDescription : Windows NT CRT DLL FileVersion : 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : msvcrt.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : msvcrt.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 7.0.2600.2180 C:\WINDOWS\system32\SHLWAPI.dll File version : 6.0.2900.2180 Product version : 6.0.2900.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Shell Light-weight Utility Library FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) InternalName : SHLWAPI LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : SHLWAPI.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll File version : 8.0.50727.762 Product version : 8.0.50727.762 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft\xae C++ Runtime Library FileVersion : 8.00.50727.762 InternalName : MSVCP80.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : MSVCP80.DLL ProductName : Microsoft\xae Visual Studio\xae 2005 ProductVersion : 8.00.50727.762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll File version : 8.0.50727.762 Product version : 8.0.50727.762 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft\xae C Runtime Library FileVersion : 8.00.50727.762 InternalName : MSVCR80.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : MSVCR80.DLL ProductName : Microsoft\xae Visual Studio\xae 2005 ProductVersion : 8.00.50727.762 C:\WINDOWS\system32\mfc42ul.dll File version : 4.2.1.0 Product version : 4.2.1.0 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : MFCDLL Shared Library - Retail Version FileVersion : 4.2.1.0 InternalName : mfc42ul.dll LegalCopyright : Copyright \xa9 1998 OriginalFilename : mfc42ul.dll ProductName : MFC 42 ProductVersion : 4.2.1.0 C:\WINDOWS\system32\WS2_32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Socket 2.0 32-Bit DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : ws2_32.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : ws2_32.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WS2HELP.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Socket 2.0 Helper for Windows NT FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : ws2help.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : ws2help.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\snmpapi.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : SNMP Utility Library FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : snmpapi.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : snmpapi.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\VERSION.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Version Checking and File Installation Libraries FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : version LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : VERSION.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\uxtheme.dll File version : 6.0.2900.2180 Product version : 6.0.2900.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft UxTheme Library FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) InternalName : UxTheme.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : UxTheme.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 6.00.2900.2180 C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msvcrt.dll File version : 7.0.2600.2180 Product version : 6.1.8638.2180 Flags : OS : Windows NT File Type : Application File Date : CompanyName : Microsoft Corporation FileDescription : Windows NT CRT DLL FileVersion : 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : msvcrt.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : msvcrt.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 7.0.2600.2180 C:\WINDOWS\system32\ATL.DLL C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\GDI32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : GDI Client DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : gdi32 LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : gdi32 ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Advanced Windows 32 Base API FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : advapi32.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : advapi32.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\RPCRT4.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Remote Procedure Call Runtime FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : rpcrt4.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : rpcrt4.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll C:\WINDOWS\system32\SHLWAPI.dll File version : 6.0.2900.2180 Product version : 6.0.2900.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Shell Light-weight Utility Library FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) InternalName : SHLWAPI LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : SHLWAPI.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 6.00.2900.2180 C:\WINDOWS\system32\ole32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft OLE for Windows FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : OLE32.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : OLE32.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileVersion : 5.1.2600.2180 InternalName : OLEAUT32.DLL LegalCopyright : Copyright \xa9 Microsoft Corp. 1993-2001. LegalTrademarks : Microsoft\xae is a registered trademark of Microsoft Corporation. Windows\xae is a registered trademark of Microsoft Corporation. ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\wuaucpl.cpl C:\WINDOWS\system32\SHFOLDER.dll File version : 6.0.2900.2180 Product version : 6.0.2900.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Shell Folder Service FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) InternalName : shfolder LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : shfolder.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 6.00.2900.2180 C:\WINDOWS\system32\wuaueng.dll File version : 5.4.3790.2180 Product version : 5.4.3790.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Update AutoUpdate Engine FileVersion : 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) InternalName : wuaueng.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : wuaueng.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.4.3790.2180 C:\WINDOWS\system32\ADVPACK.dll File version : 6.0.2900.2180 Product version : 6.0.2900.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : ADVPACK FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) InternalName : ADVPACK.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : ADVPACK.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 6.00.2900.2180 C:\WINDOWS\system32\VERSION.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Version Checking and File Installation Libraries FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : version LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : VERSION.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\USERENV.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Application File Date : CompanyName : Microsoft Corporation FileDescription : Userenv FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : userenv LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : userenv.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WS2_32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Socket 2.0 32-Bit DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : ws2_32.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : ws2_32.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WS2HELP.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Socket 2.0 Helper for Windows NT FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : ws2help.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : ws2help.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\ESENT.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Server Database Storage Engine FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : esent.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : esent.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WTSAPI32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Terminal Server SDK APIs FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : wtsapi32.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : wtsapi32.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WINSTA.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Application File Date : CompanyName : Microsoft Corporation FileDescription : Winstation Library FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : winsta LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : winsta.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\NETAPI32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Net Win32 API DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : NetApi32.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : NetApi32.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WINSPOOL.DRV File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Driver File Date : CompanyName : Microsoft Corporation FileDescription : Windows Spooler Driver FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : winspool.drv LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : winspool.drv ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll C:\WINDOWS\system32\WINHTTP.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows HTTP Services FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : winhttp.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : winhttp.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WINTRUST.dll File version : 5.131.2600.2180 Product version : 5.131.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft Trust Verification APIs FileVersion : 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : WINTRUST.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : WINTRUST.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll File version : 5.131.2600.2180 Product version : 5.131.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Crypto API32 FileVersion : 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : CRYPT32.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : CRYPT32.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.131.2600.2180 C:\WINDOWS\system32\MSASN1.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : ASN.1 Runtime APIs FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : msasn1.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : msasn1.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\IMAGEHLP.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows NT Image Helper FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : IMAGEHLP.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : IMAGEHLP.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\Cabinet.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft\xae Cabinet File API FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : cabinet.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : cabinet.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\mspatcha.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Application File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft(R) Patch Engine FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : mspatcha.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : mspatcha.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\sfc.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Application File Date : CompanyName : Microsoft Corporation FileDescription : Windows File Protection FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : sfc.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : sfc.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\sfc_os.dll C:\WINDOWS\system32\MSIMG32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : GDIEXT Client DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : gdiext LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : gdiext ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\ShimEng.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Shim Engine DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : Shim Engine DLL (IAT) LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : Shim Engine DLL (IAT) ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\MSACM32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Driver File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft ACM Audio Filter FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : Microsoft ACM Audio Filter LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : msfltr32.acm ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\UxTheme.dll File version : 6.0.2900.2180 Product version : 6.0.2900.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft UxTheme Library FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) InternalName : UxTheme.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : UxTheme.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 6.00.2900.2180 C:\WINDOWS\system32\mfc42ul.dll File version : 4.2.1.0 Product version : 4.2.1.0 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : MFCDLL Shared Library - Retail Version FileVersion : 4.2.1.0 InternalName : mfc42ul.dll LegalCopyright : Copyright \xa9 1998 OriginalFilename : mfc42ul.dll ProductName : MFC 42 ProductVersion : 4.2.1.0 C:\WINDOWS\system32\snmpapi.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : SNMP Utility Library FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : snmpapi.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : snmpapi.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\xpsp2res.dll C:\WINDOWS\system32\CLBCATQ.DLL C:\WINDOWS\system32\COMRes.dll C:\WINDOWS\system32\wups.dll File version : 5.4.3790.2180 Product version : 5.4.3790.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Update client proxy stub FileVersion : 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) InternalName : wups.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : wups.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.4.3790.2180 C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\msvcrt.dll File version : 7.0.2600.2180 Product version : 6.1.8638.2180 Flags : OS : Windows NT File Type : Application File Date : CompanyName : Microsoft Corporation FileDescription : Windows NT CRT DLL FileVersion : 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : msvcrt.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : msvcrt.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 7.0.2600.2180 C:\WINDOWS\system32\USER32.dll C:\WINDOWS\system32\GDI32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : GDI Client DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : gdi32 LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : gdi32 ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\ShimEng.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Shim Engine DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : Shim Engine DLL (IAT) LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : Shim Engine DLL (IAT) ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\AppPatch\AcGenral.DLL C:\WINDOWS\system32\ADVAPI32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Advanced Windows 32 Base API FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : advapi32.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : advapi32.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\RPCRT4.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Remote Procedure Call Runtime FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : rpcrt4.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : rpcrt4.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WINMM.dll C:\WINDOWS\system32\ole32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft OLE for Windows FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : OLE32.DLL LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : OLE32.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileVersion : 5.1.2600.2180 InternalName : OLEAUT32.DLL LegalCopyright : Copyright \xa9 Microsoft Corp. 1993-2001. LegalTrademarks : Microsoft\xae is a registered trademark of Microsoft Corporation. Windows\xae is a registered trademark of Microsoft Corporation. ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\MSACM32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Driver File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft ACM Audio Filter FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : Microsoft ACM Audio Filter LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : msfltr32.acm ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\VERSION.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Version Checking and File Installation Libraries FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : version LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : VERSION.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHLWAPI.dll File version : 6.0.2900.2180 Product version : 6.0.2900.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Shell Light-weight Utility Library FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) InternalName : SHLWAPI LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : SHLWAPI.DLL ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 6.00.2900.2180 C:\WINDOWS\system32\USERENV.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Application File Date : CompanyName : Microsoft Corporation FileDescription : Userenv FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : userenv LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : userenv.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\UxTheme.dll File version : 6.0.2900.2180 Product version : 6.0.2900.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Microsoft UxTheme Library FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) InternalName : UxTheme.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : UxTheme.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 6.00.2900.2180 C:\WINDOWS\system32\mfc42ul.dll File version : 4.2.1.0 Product version : 4.2.1.0 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : MFCDLL Shared Library - Retail Version FileVersion : 4.2.1.0 InternalName : mfc42ul.dll LegalCopyright : Copyright \xa9 1998 OriginalFilename : mfc42ul.dll ProductName : MFC 42 ProductVersion : 4.2.1.0 C:\WINDOWS\system32\WS2_32.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Socket 2.0 32-Bit DLL FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : ws2_32.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : ws2_32.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\WS2HELP.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Windows Socket 2.0 Helper for Windows NT FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : ws2help.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : ws2help.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\system32\snmpapi.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : SNMP Utility Library FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : snmpapi.dll LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : snmpapi.dll ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll C:\WINDOWS\system32\comctl32.dll C:\WINDOWS\system32\Apphelp.dll File version : 5.1.2600.2180 Product version : 5.1.2600.2180 Flags : OS : Windows NT File Type : Dynamic Link Library File Date : CompanyName : Microsoft Corporation FileDescription : Application Compatibility Client Library FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) InternalName : Apphelp LegalCopyright : \xa9 Microsoft Corporation. All rights reserved. OriginalFilename : Apphelp ProductName : Microsoft\xae Windows\xae Operating System ProductVersion : 5.1.2600.2180 ┌──(kali㉿kali)-[~/Desktop/volatility/volatility_2.5.linux.standalone] └─$ ==== CompanyName : Microsoft Corporation FileDescription : Advanced Wind ========================================================================================================================================================================================== DLLIST ┌──(kali㉿kali)-[~/Desktop/volatility/volatility_2.5.linux.standalone] └─$ ./volatility_2.5_linux_x64 --profile=WinXPSP2x86 -f OCSALY_Case_001/0zapftis.vmem dlllist Volatility Foundation Volatility Framework 2.5 ************************************************************************ System pid: 4 Unable to read PEB for task. ************************************************************************ smss.exe pid: 536 Command line : \SystemRoot\System32\smss.exe Base Size LoadCount Path ---------- ---------- ---------- ---- 0x48580000 0xf000 0xffff \SystemRoot\System32\smss.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll ************************************************************************ csrss.exe pid: 608 Command line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x4a680000 0x5000 0xffff \??\C:\WINDOWS\system32\csrss.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x75b40000 0xb000 0xffff C:\WINDOWS\system32\CSRSRV.dll 0x75b50000 0x10000 0x3 C:\WINDOWS\system32\basesrv.dll 0x75b60000 0x4a000 0x2 C:\WINDOWS\system32\winsrv.dll 0x77d40000 0x90000 0x6 C:\WINDOWS\system32\USER32.dll 0x7c800000 0xf4000 0xe C:\WINDOWS\system32\KERNEL32.dll 0x77f10000 0x46000 0x5 C:\WINDOWS\system32\GDI32.dll 0x75e90000 0xb0000 0x1 C:\WINDOWS\system32\sxs.dll 0x77dd0000 0x9b000 0x3 C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0x3 C:\WINDOWS\system32\RPCRT4.dll ************************************************************************ winlogon.exe pid: 632 Command line : winlogon.exe Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0x80000 0xffff \??\C:\WINDOWS\system32\winlogon.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x776c0000 0x11000 0xffff C:\WINDOWS\system32\AUTHZ.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77a80000 0x94000 0xffff C:\WINDOWS\system32\CRYPT32.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x77b20000 0x12000 0xffff C:\WINDOWS\system32\MSASN1.dll 0x75940000 0x8000 0xffff C:\WINDOWS\system32\NDdeApi.dll 0x75930000 0xa000 0xffff C:\WINDOWS\system32\PROFMAP.dll 0x5b860000 0x54000 0xffff C:\WINDOWS\system32\NETAPI32.dll 0x769c0000 0xb3000 0xffff C:\WINDOWS\system32\USERENV.dll 0x76bf0000 0xb000 0xffff C:\WINDOWS\system32\PSAPI.DLL 0x76bc0000 0xf000 0xffff C:\WINDOWS\system32\REGAPI.dll 0x77fe0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll 0x77920000 0xf3000 0xffff C:\WINDOWS\system32\SETUPAPI.dll 0x77c00000 0x8000 0xffff C:\WINDOWS\system32\VERSION.dll 0x76360000 0x10000 0xffff C:\WINDOWS\system32\WINSTA.dll 0x76c30000 0x2e000 0xffff C:\WINDOWS\system32\WINTRUST.dll 0x76c90000 0x28000 0xffff C:\WINDOWS\system32\IMAGEHLP.dll 0x71ab0000 0x17000 0xffff C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0xffff C:\WINDOWS\system32\WS2HELP.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x75970000 0xf7000 0x2 C:\WINDOWS\system32\MSGINA.dll 0x7c9c0000 0x814000 0x10 C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0x1b C:\WINDOWS\system32\SHLWAPI.dll 0x5d090000 0x97000 0x7 C:\WINDOWS\system32\COMCTL32.dll 0x74320000 0x3d000 0x2 C:\WINDOWS\system32\ODBC32.dll 0x763b0000 0x49000 0x2 C:\WINDOWS\system32\comdlg32.dll 0x773d0000 0x102000 0x3 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x20000000 0x17000 0x1 C:\WINDOWS\system32\odbcint.dll 0x776e0000 0x23000 0x1 C:\WINDOWS\system32\SHSVCS.dll 0x76bb0000 0x5000 0x2 C:\WINDOWS\system32\sfc.dll 0x76c60000 0x2a000 0x5 C:\WINDOWS\system32\sfc_os.dll 0x774e0000 0x13c000 0x19 C:\WINDOWS\system32\ole32.dll 0x77b40000 0x22000 0x1 C:\WINDOWS\system32\Apphelp.dll 0x723d0000 0x1c000 0x7 C:\WINDOWS\system32\WINSCARD.DLL 0x76f50000 0x8000 0x7 C:\WINDOWS\system32\WTSAPI32.dll 0x75e90000 0xb0000 0x1 C:\WINDOWS\system32\sxs.dll 0x5ad70000 0x38000 0x5 C:\WINDOWS\system32\uxtheme.dll 0x76b40000 0x2d000 0x12 C:\WINDOWS\system32\WINMM.dll 0x76600000 0x1d000 0x2 C:\WINDOWS\system32\cscdll.dll 0x75950000 0x1a000 0x6 C:\WINDOWS\system32\WlNotify.dll 0x73000000 0x26000 0x6 C:\WINDOWS\system32\WINSPOOL.DRV 0x71b20000 0x12000 0x7 C:\WINDOWS\system32\MPR.dll 0x0ffd0000 0x28000 0x1 C:\WINDOWS\system32\rsaenh.dll 0x71bf0000 0x13000 0x4 C:\WINDOWS\system32\SAMLIB.dll 0x77c70000 0x23000 0x1 C:\WINDOWS\system32\msv1_0.dll 0x76d60000 0x19000 0x1 C:\WINDOWS\system32\iphlpapi.dll 0x76f60000 0x2c000 0x3 C:\WINDOWS\system32\wldap32.dll 0x77a20000 0x54000 0x1 C:\WINDOWS\system32\cscui.dll 0x76d40000 0x18000 0x1 C:\WINDOWS\system32\MPRAPI.dll 0x77cc0000 0x32000 0x1 C:\WINDOWS\system32\ACTIVEDS.dll 0x76e10000 0x25000 0x1 C:\WINDOWS\system32\adsldpc.dll 0x76b20000 0x11000 0x1 C:\WINDOWS\system32\ATL.DLL 0x77120000 0x8c000 0x4 C:\WINDOWS\system32\OLEAUT32.dll 0x76e80000 0xe000 0x1 C:\WINDOWS\system32\rtutils.dll 0x014a0000 0x2c5000 0x2 C:\WINDOWS\system32\xpsp2res.dll 0x77050000 0xc5000 0x2 C:\WINDOWS\system32\COMRes.dll 0x76fd0000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL 0x77690000 0x21000 0x1 C:\WINDOWS\system32\NTMARTA.DLL 0x72d20000 0x9000 0x6 C:\WINDOWS\system32\wdmaud.drv 0x72d10000 0x8000 0x2 C:\WINDOWS\system32\msacm32.drv 0x77be0000 0x15000 0x2 C:\WINDOWS\system32\MSACM32.dll 0x77bd0000 0x7000 0x1 C:\WINDOWS\system32\midimap.dll ************************************************************************ services.exe pid: 676 Command line : C:\WINDOWS\system32\services.exe Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0x1c000 0xffff C:\WINDOWS\system32\services.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x769c0000 0xb3000 0xffff C:\WINDOWS\system32\USERENV.dll 0x758e0000 0x50000 0xffff C:\WINDOWS\system32\SCESRV.dll 0x776c0000 0x11000 0xffff C:\WINDOWS\system32\AUTHZ.dll 0x758c0000 0x1f000 0xffff C:\WINDOWS\system32\umpnpmgr.dll 0x76360000 0x10000 0xffff C:\WINDOWS\system32\WINSTA.dll 0x5b860000 0x54000 0xffff C:\WINDOWS\system32\NETAPI32.dll 0x5f770000 0xc000 0xffff C:\WINDOWS\system32\NCObjAPI.DLL 0x76080000 0x65000 0xffff C:\WINDOWS\system32\MSVCP60.dll 0x5cb70000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x76b40000 0x2d000 0x2 C:\WINDOWS\system32\WINMM.dll 0x774e0000 0x13c000 0x2 C:\WINDOWS\system32\ole32.dll 0x77120000 0x8c000 0x1 C:\WINDOWS\system32\OLEAUT32.dll 0x77be0000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll 0x77c00000 0x8000 0x3 C:\WINDOWS\system32\VERSION.dll 0x7c9c0000 0x814000 0x1 C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0x3 C:\WINDOWS\system32\SHLWAPI.dll 0x5ad70000 0x38000 0x1 C:\WINDOWS\system32\UxTheme.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71ab0000 0x17000 0x3 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0x2 C:\WINDOWS\system32\WS2HELP.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x77fe0000 0x11000 0x3 C:\WINDOWS\system32\secur32.dll 0x77b40000 0x22000 0x1 C:\WINDOWS\system32\Apphelp.dll 0x77b70000 0x11000 0x1 C:\WINDOWS\system32\eventlog.dll 0x76bf0000 0xb000 0x1 C:\WINDOWS\system32\PSAPI.DLL 0x76f50000 0x8000 0x1 C:\WINDOWS\system32\wtsapi32.dll ************************************************************************ lsass.exe pid: 688 Command line : C:\WINDOWS\system32\lsass.exe Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0x6000 0xffff C:\WINDOWS\system32\lsass.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x75730000 0xb4000 0xffff C:\WINDOWS\system32\LSASRV.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77fe0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x74440000 0x6a000 0xffff C:\WINDOWS\system32\SAMSRV.dll 0x76790000 0xc000 0xffff C:\WINDOWS\system32\cryptdll.dll 0x76f20000 0x27000 0xffff C:\WINDOWS\system32\DNSAPI.dll 0x71ab0000 0x17000 0xffff C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0xffff C:\WINDOWS\system32\WS2HELP.dll 0x77b20000 0x12000 0xffff C:\WINDOWS\system32\MSASN1.dll 0x5b860000 0x54000 0xffff C:\WINDOWS\system32\NETAPI32.dll 0x71bf0000 0x13000 0xffff C:\WINDOWS\system32\SAMLIB.dll 0x71b20000 0x12000 0xffff C:\WINDOWS\system32\MPR.dll 0x767a0000 0x13000 0xffff C:\WINDOWS\system32\NTDSAPI.dll 0x76f60000 0x2c000 0xffff C:\WINDOWS\system32\WLDAP32.dll 0x5cb70000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x76b40000 0x2d000 0x2 C:\WINDOWS\system32\WINMM.dll 0x774e0000 0x13c000 0x4 C:\WINDOWS\system32\ole32.dll 0x77120000 0x8c000 0x2 C:\WINDOWS\system32\OLEAUT32.dll 0x77be0000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll 0x77c00000 0x8000 0x2 C:\WINDOWS\system32\VERSION.dll 0x7c9c0000 0x814000 0x2 C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0x4 C:\WINDOWS\system32\SHLWAPI.dll 0x769c0000 0xb3000 0x8 C:\WINDOWS\system32\USERENV.dll 0x5ad70000 0x38000 0x3 C:\WINDOWS\system32\UxTheme.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x20000000 0xe000 0x1 C:\WINDOWS\system32\msprivs.dll 0x71cf0000 0x4b000 0x2 C:\WINDOWS\system32\kerberos.dll 0x77c70000 0x23000 0x4 C:\WINDOWS\system32\msv1_0.dll 0x76d60000 0x19000 0x7 C:\WINDOWS\system32\iphlpapi.dll 0x744b0000 0x65000 0x2 C:\WINDOWS\system32\netlogon.dll 0x767c0000 0x2c000 0x2 C:\WINDOWS\system32\w32time.dll 0x76080000 0x65000 0x2 C:\WINDOWS\system32\MSVCP60.dll 0x767f0000 0x27000 0x1 C:\WINDOWS\system32\schannel.dll 0x77a80000 0x94000 0x3 C:\WINDOWS\system32\CRYPT32.dll 0x74380000 0xf000 0x1 C:\WINDOWS\system32\wdigest.dll 0x0ffd0000 0x28000 0x1 C:\WINDOWS\system32\rsaenh.dll 0x74410000 0x2e000 0x1 C:\WINDOWS\system32\scecli.dll 0x77920000 0xf3000 0x1 C:\WINDOWS\system32\SETUPAPI.dll 0x743e0000 0x2f000 0x1 C:\WINDOWS\system32\ipsecsvc.dll 0x776c0000 0x11000 0x1 C:\WINDOWS\system32\AUTHZ.dll 0x75d90000 0xce000 0x1 C:\WINDOWS\system32\oakley.DLL 0x74370000 0xb000 0x1 C:\WINDOWS\system32\WINIPSEC.DLL 0x71a50000 0x3f000 0x2 C:\WINDOWS\system32\mswsock.dll 0x662b0000 0x58000 0x1 C:\WINDOWS\system32\hnetcfg.dll 0x71a90000 0x8000 0x1 C:\WINDOWS\System32\wshtcpip.dll 0x743a0000 0xb000 0x1 C:\WINDOWS\system32\pstorsvc.dll 0x743c0000 0x1b000 0x1 C:\WINDOWS\system32\psbase.dll 0x68100000 0x24000 0x1 C:\WINDOWS\system32\dssenh.dll ************************************************************************ vmacthlp.exe pid: 832 Command line : "C:\Program Files\VMware\VMware Tools\vmacthlp.exe" Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x00400000 0x58000 0xffff C:\Program Files\VMware\VMware Tools\vmacthlp.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x78130000 0x9b000 0xffff C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x76780000 0x9000 0xffff C:\WINDOWS\system32\SHFOLDER.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x774e0000 0x13c000 0xffff C:\WINDOWS\system32\ole32.dll 0x7c420000 0x87000 0xffff C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71ab0000 0x17000 0x2 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0x1 C:\WINDOWS\system32\WS2HELP.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x77c00000 0x8000 0x1 C:\WINDOWS\system32\VERSION.dll 0x77f60000 0x76000 0x3 C:\WINDOWS\system32\SHLWAPI.dll 0x773d0000 0x102000 0x3 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x3 C:\WINDOWS\system32\comctl32.dll ************************************************************************ svchost.exe pid: 848 Command line : C:\WINDOWS\system32\svchost -k DcomLaunch Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0x6000 0xffff C:\WINDOWS\system32\svchost.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x5cb70000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x77d40000 0x90000 0x37 C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0x26 C:\WINDOWS\system32\GDI32.dll 0x76b40000 0x2d000 0x2 C:\WINDOWS\system32\WINMM.dll 0x774e0000 0x13c000 0xb C:\WINDOWS\system32\ole32.dll 0x77c10000 0x58000 0x2f C:\WINDOWS\system32\msvcrt.dll 0x77120000 0x8c000 0x6 C:\WINDOWS\system32\OLEAUT32.dll 0x77be0000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll 0x77c00000 0x8000 0x5 C:\WINDOWS\system32\VERSION.dll 0x7c9c0000 0x814000 0x2 C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0x5 C:\WINDOWS\system32\SHLWAPI.dll 0x769c0000 0xb3000 0x4 C:\WINDOWS\system32\USERENV.dll 0x5ad70000 0x38000 0x1 C:\WINDOWS\system32\UxTheme.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71ab0000 0x17000 0x4 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0x3 C:\WINDOWS\system32\WS2HELP.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x77690000 0x21000 0x1 C:\WINDOWS\system32\NTMARTA.DLL 0x76f60000 0x2c000 0x2 C:\WINDOWS\system32\WLDAP32.dll 0x71bf0000 0x13000 0x1 C:\WINDOWS\system32\SAMLIB.dll 0x76a80000 0x63000 0x1 c:\windows\system32\rpcss.dll 0x77fe0000 0x11000 0x4 c:\windows\system32\Secur32.dll 0x20000000 0x2c5000 0x1 C:\WINDOWS\system32\xpsp2res.dll 0x76fd0000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 0x2 C:\WINDOWS\system32\COMRes.dll 0x760f0000 0x53000 0x1 c:\windows\system32\termsrv.dll 0x74f70000 0x6000 0x1 c:\windows\system32\ICAAPI.dll 0x77920000 0xf3000 0x1 c:\windows\system32\SETUPAPI.dll 0x76c30000 0x2e000 0x1 C:\WINDOWS\system32\WINTRUST.dll 0x77a80000 0x94000 0x3 C:\WINDOWS\system32\CRYPT32.dll 0x77b20000 0x12000 0x2 C:\WINDOWS\system32\MSASN1.dll 0x76c90000 0x28000 0x1 C:\WINDOWS\system32\IMAGEHLP.dll 0x776c0000 0x11000 0x1 c:\windows\system32\AUTHZ.dll 0x75110000 0x1f000 0x1 c:\windows\system32\mstlsapi.dll 0x77cc0000 0x32000 0x1 c:\windows\system32\ACTIVEDS.dll 0x76e10000 0x25000 0x1 c:\windows\system32\adsldpc.dll 0x5b860000 0x54000 0x3 C:\WINDOWS\system32\NETAPI32.dll 0x76b20000 0x11000 0x1 c:\windows\system32\ATL.DLL 0x76bc0000 0xf000 0x1 C:\WINDOWS\system32\REGAPI.dll 0x0ffd0000 0x28000 0x1 C:\WINDOWS\system32\rsaenh.dll ************************************************************************ svchost.exe pid: 916 Command line : C:\WINDOWS\system32\svchost -k rpcss Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0x6000 0xffff C:\WINDOWS\system32\svchost.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x5cb70000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x77d40000 0x90000 0x21 C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0x1a C:\WINDOWS\system32\GDI32.dll 0x76b40000 0x2d000 0x2 C:\WINDOWS\system32\WINMM.dll 0x774e0000 0x13c000 0x6 C:\WINDOWS\system32\ole32.dll 0x77c10000 0x58000 0x2b C:\WINDOWS\system32\msvcrt.dll 0x77120000 0x8c000 0x3 C:\WINDOWS\system32\OLEAUT32.dll 0x77be0000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll 0x77c00000 0x8000 0x3 C:\WINDOWS\system32\VERSION.dll 0x7c9c0000 0x814000 0x1 C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0x3 C:\WINDOWS\system32\SHLWAPI.dll 0x769c0000 0xb3000 0x2 C:\WINDOWS\system32\USERENV.dll 0x5ad70000 0x38000 0x1 C:\WINDOWS\system32\UxTheme.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x76a80000 0x63000 0x1 c:\windows\system32\rpcss.dll 0x71ab0000 0x17000 0xe c:\windows\system32\WS2_32.dll 0x71aa0000 0x8000 0x12 c:\windows\system32\WS2HELP.dll 0x77fe0000 0x11000 0x2 c:\windows\system32\Secur32.dll 0x20000000 0x2c5000 0x1 C:\WINDOWS\system32\xpsp2res.dll 0x0ffd0000 0x28000 0x1 C:\WINDOWS\system32\rsaenh.dll 0x71a50000 0x3f000 0x5 C:\WINDOWS\system32\mswsock.dll 0x662b0000 0x58000 0x1 C:\WINDOWS\system32\hnetcfg.dll 0x71a90000 0x8000 0x1 C:\WINDOWS\System32\wshtcpip.dll 0x76f20000 0x27000 0x2 C:\WINDOWS\system32\DNSAPI.dll 0x76d60000 0x19000 0x1 C:\WINDOWS\system32\iphlpapi.dll 0x76fb0000 0x8000 0x1 C:\WINDOWS\System32\winrnr.dll 0x76f60000 0x2c000 0x1 C:\WINDOWS\system32\WLDAP32.dll 0x76fc0000 0x6000 0x1 C:\WINDOWS\system32\rasadhlp.dll 0x76fd0000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 0x2 C:\WINDOWS\system32\COMRes.dll ************************************************************************ svchost.exe pid: 964 Command line : C:\WINDOWS\System32\svchost.exe -k netsvcs Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0x6000 0xffff C:\WINDOWS\System32\svchost.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x5cb70000 0x26000 0x1 C:\WINDOWS\System32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x77d40000 0x90000 0x240 C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0x161 C:\WINDOWS\system32\GDI32.dll 0x76b40000 0x2d000 0x9 C:\WINDOWS\System32\WINMM.dll 0x774e0000 0x13c000 0x8f C:\WINDOWS\system32\ole32.dll 0x77c10000 0x58000 0x256 C:\WINDOWS\system32\msvcrt.dll 0x77120000 0x8c000 0x5f C:\WINDOWS\system32\OLEAUT32.dll 0x77be0000 0x15000 0x1 C:\WINDOWS\System32\MSACM32.dll 0x77c00000 0x8000 0x1c C:\WINDOWS\system32\VERSION.dll 0x7c9c0000 0x814000 0xe C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0x37 C:\WINDOWS\system32\SHLWAPI.dll 0x769c0000 0xb3000 0x11 C:\WINDOWS\system32\USERENV.dll 0x5ad70000 0x38000 0x4 C:\WINDOWS\System32\UxTheme.dll 0x10000000 0x59000 0x1 C:\WINDOWS\System32\mfc42ul.dll 0x71ab0000 0x17000 0x58 C:\WINDOWS\System32\WS2_32.dll 0x71aa0000 0x8000 0x32 C:\WINDOWS\System32\WS2HELP.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\System32\snmpapi.dll 0x773d0000 0x102000 0x9 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x4 C:\WINDOWS\system32\comctl32.dll 0x77690000 0x21000 0x1 C:\WINDOWS\System32\NTMARTA.DLL 0x76f60000 0x2c000 0x16 C:\WINDOWS\system32\WLDAP32.dll 0x71bf0000 0x13000 0xa C:\WINDOWS\System32\SAMLIB.dll 0x20000000 0x2c5000 0x2 C:\WINDOWS\System32\xpsp2res.dll 0x776e0000 0x23000 0x4 c:\windows\system32\shsvcs.dll 0x76360000 0x10000 0x12 C:\WINDOWS\System32\WINSTA.dll 0x5b860000 0x54000 0x4f C:\WINDOWS\system32\NETAPI32.dll 0x76d80000 0x1e000 0x4 c:\windows\system32\dhcpcsvc.dll 0x76f20000 0x27000 0xe c:\windows\system32\DNSAPI.dll 0x76d60000 0x19000 0x11 c:\windows\system32\iphlpapi.dll 0x77fe0000 0x11000 0x28 c:\windows\system32\Secur32.dll 0x0ffd0000 0x28000 0x1 C:\WINDOWS\System32\rsaenh.dll 0x77620000 0x6e000 0x2 c:\windows\system32\wzcsvc.dll 0x76e80000 0xe000 0x1c c:\windows\system32\rtutils.dll 0x76d30000 0x4000 0x4 c:\windows\system32\WMI.dll 0x77a80000 0x94000 0x1e C:\WINDOWS\system32\CRYPT32.dll 0x77b20000 0x12000 0x14 C:\WINDOWS\system32\MSASN1.dll 0x76f50000 0x8000 0xb c:\windows\system32\WTSAPI32.dll 0x606b0000 0x10d000 0x4 c:\windows\system32\ESENT.dll 0x76b20000 0x11000 0x15 c:\windows\system32\ATL.DLL 0x76b70000 0x1f000 0x3 C:\WINDOWS\System32\rastls.dll 0x754d0000 0x80000 0x4 C:\WINDOWS\system32\CRYPTUI.dll 0x76c30000 0x2e000 0x8 C:\WINDOWS\system32\WINTRUST.dll 0x76c90000 0x28000 0x8 C:\WINDOWS\system32\IMAGEHLP.dll 0x771b0000 0xa6000 0x5 C:\WINDOWS\system32\WININET.dll 0x76d40000 0x18000 0x6 C:\WINDOWS\System32\MPRAPI.dll 0x77cc0000 0x32000 0x6 C:\WINDOWS\System32\ACTIVEDS.dll 0x76e10000 0x25000 0x6 C:\WINDOWS\System32\adsldpc.dll 0x77920000 0xf3000 0xc C:\WINDOWS\System32\SETUPAPI.dll 0x76ee0000 0x3c000 0x7 C:\WINDOWS\System32\RASAPI32.dll 0x76e90000 0x12000 0x9 C:\WINDOWS\System32\rasman.dll 0x76eb0000 0x2f000 0x8 C:\WINDOWS\System32\TAPI32.dll 0x767f0000 0x27000 0x3 C:\WINDOWS\System32\SCHANNEL.dll 0x723d0000 0x1c000 0x3 C:\WINDOWS\System32\WinSCard.dll 0x76bd0000 0x14000 0x2 C:\WINDOWS\System32\raschap.dll 0x77c70000 0x23000 0x1 C:\WINDOWS\system32\msv1_0.dll 0x76fd0000 0x7f000 0x5 C:\WINDOWS\System32\CLBCATQ.DLL 0x77050000 0xc5000 0x11 C:\WINDOWS\System32\COMRes.dll 0x77300000 0x32000 0x1 c:\windows\system32\schedsvc.dll 0x767a0000 0x13000 0x8 c:\windows\system32\NTDSAPI.dll 0x74f50000 0x5000 0x1 C:\WINDOWS\System32\MSIDLE.DLL 0x708b0000 0xd000 0x1 c:\windows\system32\audiosrv.dll 0x76e40000 0x23000 0x1 c:\windows\system32\wkssvc.dll 0x76ce0000 0x12000 0x1 c:\windows\system32\cryptsvc.dll 0x77b90000 0x32000 0x1 c:\windows\system32\certcli.dll 0x74f90000 0x9000 0x1 c:\windows\system32\dmserver.dll 0x74f80000 0x9000 0x1 c:\windows\system32\ersvc.dll 0x77710000 0x41000 0x3 c:\windows\system32\es.dll 0x74f40000 0xc000 0x1 c:\windows\pchealth\helpctr\binaries\pchsvc.dll 0x75090000 0x1a000 0x1 c:\windows\system32\srvsvc.dll 0x77d00000 0x33000 0x1 c:\windows\system32\netman.dll 0x76400000 0x1a6000 0x4 c:\windows\system32\netshell.dll 0x76c00000 0x2e000 0x4 c:\windows\system32\credui.dll 0x73030000 0x10000 0x1 c:\windows\system32\WZCSAPI.DLL 0x662b0000 0x58000 0x6 C:\WINDOWS\System32\HNETCFG.DLL 0x73d20000 0x8000 0x1 c:\windows\system32\seclogon.dll 0x722d0000 0xd000 0x1 c:\windows\system32\sens.dll 0x751a0000 0x2e000 0x1 c:\windows\system32\srsvc.dll 0x74ad0000 0x8000 0x1 c:\windows\system32\POWRPROF.dll 0x75070000 0x19000 0x1 c:\windows\system32\trkwks.dll 0x767c0000 0x2c000 0x3 c:\windows\system32\w32time.dll 0x76080000 0x65000 0x13 c:\windows\system32\MSVCP60.dll 0x71a50000 0x3f000 0x5 C:\WINDOWS\system32\mswsock.dll 0x71a90000 0x8000 0x1 C:\WINDOWS\System32\wshtcpip.dll 0x59490000 0x28000 0x1 c:\windows\system32\wbem\wmisvc.dll 0x753e0000 0x6d000 0x1 C:\WINDOWS\system32\VSSAPI.DLL 0x50000000 0x5000 0x1 c:\windows\system32\wuauserv.dll 0x50040000 0x119000 0x1 C:\WINDOWS\system32\wuaueng.dll 0x75260000 0x29000 0x1 C:\WINDOWS\System32\ADVPACK.dll 0x76780000 0x9000 0x1 C:\WINDOWS\System32\SHFOLDER.dll 0x73000000 0x26000 0x1 C:\WINDOWS\System32\WINSPOOL.DRV 0x4d4f0000 0x58000 0x3 C:\WINDOWS\System32\WINHTTP.dll 0x75150000 0x14000 0x1 C:\WINDOWS\System32\Cabinet.dll 0x600a0000 0xb000 0x1 C:\WINDOWS\System32\mspatcha.dll 0x76bb0000 0x5000 0x1 C:\WINDOWS\System32\sfc.dll 0x76c60000 0x2a000 0x2 C:\WINDOWS\System32\sfc_os.dll 0x76da0000 0x15000 0x1 c:\windows\system32\browser.dll 0x4c0a0000 0x17000 0x1 c:\windows\system32\wscsvc.dll 0x7d1e0000 0x2b2000 0x1 c:\windows\system32\msi.dll 0x75290000 0x37000 0xf C:\WINDOWS\system32\wbem\wbemcomn.dll 0x75e90000 0xb0000 0x1 C:\WINDOWS\System32\SXS.DLL 0x76620000 0x13a000 0x3 C:\WINDOWS\system32\comsvcs.dll 0x750f0000 0x13000 0x3 C:\WINDOWS\system32\MTXCLU.DLL 0x71ad0000 0x9000 0x3 C:\WINDOWS\system32\WSOCK32.dll 0x75130000 0x14000 0x3 C:\WINDOWS\system32\colbact.DLL 0x76d10000 0x11000 0x3 C:\WINDOWS\System32\CLUSAPI.DLL 0x750b0000 0x12000 0x1 C:\WINDOWS\System32\RESUTILS.DLL 0x66460000 0x55000 0x1 c:\windows\system32\ipnathlp.dll 0x776c0000 0x11000 0x2 c:\windows\system32\AUTHZ.dll 0x762c0000 0x85000 0x1 C:\WINDOWS\System32\Wbem\wbemcore.dll 0x75310000 0x3f000 0x4 C:\WINDOWS\System32\Wbem\esscli.dll 0x75690000 0x76000 0x8 C:\WINDOWS\System32\Wbem\FastProx.dll 0x75020000 0x1b000 0x1 C:\WINDOWS\system32\wbem\wmiutils.dll 0x75200000 0x2e000 0x1 C:\WINDOWS\system32\wbem\repdrvfs.dll 0x597f0000 0x6d000 0x1 C:\WINDOWS\system32\wbem\wmiprvsd.dll 0x5f770000 0xc000 0x2 C:\WINDOWS\system32\NCObjAPI.DLL 0x75390000 0x46000 0x1 C:\WINDOWS\system32\wbem\wbemess.dll 0x76fc0000 0x6000 0x1 C:\WINDOWS\System32\rasadhlp.dll 0x506a0000 0x6b000 0x1 C:\WINDOWS\system32\wuapi.dll 0x5f740000 0xe000 0x1 C:\WINDOWS\system32\wbem\ncprov.dll 0x755f0000 0x9a000 0x1 C:\WINDOWS\system32\netcfgx.dll 0x73d30000 0x17000 0x1 C:\WINDOWS\system32\wbem\wbemcons.dll 0x71d40000 0x1c000 0x1 C:\WINDOWS\system32\actxprxy.dll 0x76de0000 0x23000 0x1 C:\WINDOWS\system32\upnp.dll 0x74f00000 0xc000 0x1 C:\WINDOWS\system32\SSDPAPI.dll 0x768d0000 0xa4000 0x1 C:\WINDOWS\System32\RASDLG.dll 0x77b40000 0x22000 0x1 C:\WINDOWS\system32\Apphelp.dll 0x50640000 0xd000 0x1 C:\WINDOWS\system32\wups.dll ************************************************************************ svchost.exe pid: 1020 Command line : C:\WINDOWS\system32\svchost.exe -k NetworkService Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0x6000 0xffff C:\WINDOWS\system32\svchost.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x5cb70000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x77d40000 0x90000 0x14 C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0x10 C:\WINDOWS\system32\GDI32.dll 0x76b40000 0x2d000 0x2 C:\WINDOWS\system32\WINMM.dll 0x774e0000 0x13c000 0x2 C:\WINDOWS\system32\ole32.dll 0x77c10000 0x58000 0xf C:\WINDOWS\system32\msvcrt.dll 0x77120000 0x8c000 0x1 C:\WINDOWS\system32\OLEAUT32.dll 0x77be0000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll 0x77c00000 0x8000 0x1 C:\WINDOWS\system32\VERSION.dll 0x7c9c0000 0x814000 0x1 C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0x3 C:\WINDOWS\system32\SHLWAPI.dll 0x769c0000 0xb3000 0x1 C:\WINDOWS\system32\USERENV.dll 0x5ad70000 0x38000 0x1 C:\WINDOWS\system32\UxTheme.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x76770000 0xd000 0x1 c:\windows\system32\dnsrslvr.dll 0x76f20000 0x27000 0x1 c:\windows\system32\DNSAPI.dll 0x71ab0000 0x17000 0x3 c:\windows\system32\WS2_32.dll 0x71aa0000 0x8000 0x2 c:\windows\system32\WS2HELP.dll 0x76d60000 0x19000 0x2 c:\windows\system32\iphlpapi.dll ************************************************************************ svchost.exe pid: 1148 Command line : C:\WINDOWS\system32\svchost.exe -k LocalService Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0x6000 0xffff C:\WINDOWS\system32\svchost.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x5cb70000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x77d40000 0x90000 0x45 C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0x3a C:\WINDOWS\system32\GDI32.dll 0x76b40000 0x2d000 0x2 C:\WINDOWS\system32\WINMM.dll 0x774e0000 0x13c000 0xe C:\WINDOWS\system32\ole32.dll 0x77c10000 0x58000 0x55 C:\WINDOWS\system32\msvcrt.dll 0x77120000 0x8c000 0x6 C:\WINDOWS\system32\OLEAUT32.dll 0x77be0000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll 0x77c00000 0x8000 0x4 C:\WINDOWS\system32\VERSION.dll 0x7c9c0000 0x814000 0x3 C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0x9 C:\WINDOWS\system32\SHLWAPI.dll 0x769c0000 0xb3000 0x1 C:\WINDOWS\system32\USERENV.dll 0x5ad70000 0x38000 0x1 C:\WINDOWS\system32\UxTheme.dll 0x773d0000 0x102000 0x3 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x77690000 0x21000 0x1 C:\WINDOWS\system32\NTMARTA.DLL 0x76f60000 0x2c000 0x1 C:\WINDOWS\system32\WLDAP32.dll 0x71bf0000 0x13000 0x1 C:\WINDOWS\system32\SAMLIB.dll 0x20000000 0x2c5000 0x1 C:\WINDOWS\system32\xpsp2res.dll 0x74c40000 0x6000 0x1 c:\windows\system32\lmhsvc.dll 0x76d60000 0x19000 0x2 c:\windows\system32\iphlpapi.dll 0x71ab0000 0x17000 0x24 c:\windows\system32\WS2_32.dll 0x71aa0000 0x8000 0x25 c:\windows\system32\WS2HELP.dll 0x5a6e0000 0x15000 0x1 c:\windows\system32\webclnt.dll 0x771b0000 0xa6000 0x1 C:\WINDOWS\system32\WININET.dll 0x77a80000 0x94000 0x1 C:\WINDOWS\system32\CRYPT32.dll 0x77b20000 0x12000 0x1 C:\WINDOWS\system32\MSASN1.dll 0x77fe0000 0x11000 0x2 C:\WINDOWS\system32\Secur32.dll 0x77260000 0x9c000 0x1 C:\WINDOWS\system32\urlmon.dll 0x71ad0000 0x9000 0x1 C:\WINDOWS\system32\wsock32.dll 0x76af0000 0x12000 0x1 c:\windows\system32\regsvc.dll 0x765e0000 0x14000 0x1 c:\windows\system32\ssdpsrv.dll 0x662b0000 0x58000 0x3 C:\WINDOWS\system32\hnetcfg.dll 0x76fd0000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 0x2 C:\WINDOWS\system32\COMRes.dll 0x71a50000 0x3f000 0x2 C:\WINDOWS\system32\mswsock.dll 0x71a90000 0x8000 0x1 C:\WINDOWS\System32\wshtcpip.dll ************************************************************************ spoolsv.exe pid: 1260 Command line : C:\WINDOWS\system32\spoolsv.exe Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0x10000 0xffff C:\WINDOWS\system32\spoolsv.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x5cb70000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x76b40000 0x2d000 0x2 C:\WINDOWS\system32\WINMM.dll 0x774e0000 0x13c000 0x18 C:\WINDOWS\system32\ole32.dll 0x77120000 0x8c000 0xa C:\WINDOWS\system32\OLEAUT32.dll 0x77be0000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll 0x77c00000 0x8000 0xa C:\WINDOWS\system32\VERSION.dll 0x7c9c0000 0x814000 0x2 C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0x5 C:\WINDOWS\system32\SHLWAPI.dll 0x769c0000 0xb3000 0x6 C:\WINDOWS\system32\USERENV.dll 0x5ad70000 0x38000 0x1 C:\WINDOWS\system32\UxTheme.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71ab0000 0x17000 0x29 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0x20 C:\WINDOWS\system32\WS2HELP.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x742e0000 0x15000 0xd C:\WINDOWS\system32\SPOOLSS.DLL 0x76f20000 0x27000 0x4 C:\WINDOWS\system32\DNSAPI.dll 0x76d60000 0x19000 0x1 C:\WINDOWS\system32\iphlpapi.dll 0x76fc0000 0x6000 0x1 C:\WINDOWS\system32\rasadhlp.dll 0x75bb0000 0x56000 0x4 C:\WINDOWS\system32\localspl.dll 0x77fe0000 0x11000 0x5 C:\WINDOWS\system32\Secur32.dll 0x76c60000 0x2a000 0x4 C:\WINDOWS\system32\sfc_os.dll 0x76c30000 0x2e000 0x5 C:\WINDOWS\system32\WINTRUST.dll 0x77a80000 0x94000 0xa C:\WINDOWS\system32\CRYPT32.dll 0x77b20000 0x12000 0xb C:\WINDOWS\system32\MSASN1.dll 0x76c90000 0x28000 0x5 C:\WINDOWS\system32\IMAGEHLP.dll 0x73000000 0x26000 0x4 C:\WINDOWS\system32\winspool.drv 0x5b860000 0x54000 0x6 C:\WINDOWS\system32\netapi32.dll 0x742a0000 0xe000 0x1 C:\WINDOWS\system32\cnbjmon.dll 0x74280000 0x7000 0x1 C:\WINDOWS\system32\pjlmon.dll 0x72400000 0xe000 0x1 C:\WINDOWS\system32\tcpmon.dll 0x00cf0000 0x48000 0x1 C:\WINDOWS\system32\TPVMMon.dll 0x00d50000 0x1c000 0x1 C:\WINDOWS\system32\TPVMW32.dll 0x723f0000 0x7000 0x1 C:\WINDOWS\system32\usbmon.dll 0x00de0000 0x5a000 0x1 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\TPWinPrn.dll 0x71ad0000 0x9000 0x1 C:\WINDOWS\system32\WSOCK32.dll 0x76d10000 0x11000 0x2 C:\WINDOWS\system32\CLUSAPI.dll 0x750b0000 0x12000 0x1 C:\WINDOWS\system32\RESUTILS.dll 0x71a50000 0x3f000 0x2 C:\WINDOWS\System32\mswsock.dll 0x76fb0000 0x8000 0x1 C:\WINDOWS\System32\winrnr.dll 0x76f60000 0x2c000 0x2 C:\WINDOWS\system32\WLDAP32.dll 0x71bf0000 0x13000 0x1 C:\WINDOWS\system32\SAMLIB.dll 0x75c10000 0x23000 0x1 C:\WINDOWS\system32\win32spl.dll 0x71c80000 0x7000 0x1 C:\WINDOWS\system32\NETRAP.dll 0x767a0000 0x13000 0x1 C:\WINDOWS\system32\NTDSAPI.dll 0x76fd0000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 0x2 C:\WINDOWS\system32\COMRes.dll 0x20000000 0x2c5000 0x1 C:\WINDOWS\system32\xpsp2res.dll 0x74300000 0x15000 0x1 C:\WINDOWS\system32\inetpp.dll ************************************************************************ VMwareService.e pid: 1444 Command line : "C:\Program Files\VMware\VMware Tools\VMwareService.exe" Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x00400000 0xdb000 0xffff C:\Program Files\VMware\VMware Tools\VMwareService.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x78130000 0x9b000 0xffff C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x77c00000 0x8000 0xffff C:\WINDOWS\system32\VERSION.dll 0x77f60000 0x76000 0xffff C:\WINDOWS\system32\SHLWAPI.dll 0x7c9c0000 0x814000 0xffff C:\WINDOWS\system32\SHELL32.dll 0x774e0000 0x13c000 0xffff C:\WINDOWS\system32\ole32.dll 0x77120000 0x8c000 0xffff C:\WINDOWS\system32\OLEAUT32.dll 0x71ab0000 0x17000 0xffff C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0xffff C:\WINDOWS\system32\WS2HELP.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x76780000 0x9000 0x1 C:\WINDOWS\system32\shfolder.dll 0x76d60000 0x19000 0x1 C:\WINDOWS\system32\IpHlpApi.dll 0x5ad70000 0x38000 0x2 C:\WINDOWS\system32\uxtheme.dll 0x769c0000 0xb3000 0x1 C:\WINDOWS\system32\userenv.dll 0x76fd0000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 0x2 C:\WINDOWS\system32\COMRes.dll 0x77690000 0x21000 0x1 C:\WINDOWS\system32\NTMARTA.DLL 0x76f60000 0x2c000 0x1 C:\WINDOWS\system32\WLDAP32.dll 0x71bf0000 0x13000 0x1 C:\WINDOWS\system32\SAMLIB.dll 0x5e760000 0xa000 0x1 C:\WINDOWS\system32\perfos.dll 0x5e750000 0xd000 0x1 C:\WINDOWS\system32\perfproc.dll 0x5e790000 0x9000 0x1 C:\WINDOWS\system32\perfdisk.dll ************************************************************************ alg.exe pid: 1616 Command line : C:\WINDOWS\System32\alg.exe Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0xd000 0xffff C:\WINDOWS\System32\alg.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x76b20000 0x11000 0xffff C:\WINDOWS\System32\ATL.DLL 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x774e0000 0x13c000 0xffff C:\WINDOWS\system32\ole32.dll 0x77120000 0x8c000 0xffff C:\WINDOWS\system32\OLEAUT32.dll 0x71ad0000 0x9000 0xffff C:\WINDOWS\System32\WSOCK32.dll 0x71ab0000 0x17000 0xffff C:\WINDOWS\System32\WS2_32.dll 0x71aa0000 0x8000 0xffff C:\WINDOWS\System32\WS2HELP.dll 0x71a50000 0x3f000 0xffff C:\WINDOWS\System32\MSWSOCK.DLL 0x5cb70000 0x26000 0x1 C:\WINDOWS\System32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x76b40000 0x2d000 0x2 C:\WINDOWS\System32\WINMM.dll 0x77be0000 0x15000 0x1 C:\WINDOWS\System32\MSACM32.dll 0x77c00000 0x8000 0x3 C:\WINDOWS\system32\VERSION.dll 0x7c9c0000 0x814000 0x1 C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0x3 C:\WINDOWS\system32\SHLWAPI.dll 0x769c0000 0xb3000 0x1 C:\WINDOWS\system32\USERENV.dll 0x5ad70000 0x38000 0x1 C:\WINDOWS\System32\UxTheme.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x76fd0000 0x7f000 0x2 C:\WINDOWS\System32\CLBCATQ.DLL 0x77050000 0xc5000 0x2 C:\WINDOWS\System32\COMRes.dll 0x20000000 0x2c5000 0x1 C:\WINDOWS\System32\xpsp2res.dll 0x662b0000 0x58000 0x2 C:\WINDOWS\system32\hnetcfg.dll 0x71a90000 0x8000 0x1 C:\WINDOWS\System32\wshtcpip.dll ************************************************************************ wscntfy.exe pid: 1920 Command line : C:\WINDOWS\system32\wscntfy.exe Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0x6000 0xffff C:\WINDOWS\system32\wscntfy.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x7c9c0000 0x814000 0xffff C:\WINDOWS\system32\SHELL32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x77f60000 0x76000 0xffff C:\WINDOWS\system32\SHLWAPI.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71ab0000 0x17000 0x2 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0x1 C:\WINDOWS\system32\WS2HELP.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x77c00000 0x8000 0x1 C:\WINDOWS\system32\VERSION.dll 0x773d0000 0x102000 0x2 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x20000000 0x2c5000 0x1 C:\WINDOWS\system32\xpsp2res.dll 0x5ad70000 0x38000 0x2 C:\WINDOWS\system32\uxtheme.dll ************************************************************************ explorer.exe pid: 1956 Command line : C:\WINDOWS\Explorer.EXE Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x01000000 0xff000 0xffff C:\WINDOWS\Explorer.EXE 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f60000 0x76000 0xffff C:\WINDOWS\system32\SHLWAPI.dll 0x7c9c0000 0x814000 0xffff C:\WINDOWS\system32\SHELL32.dll 0x774e0000 0x13c000 0xffff C:\WINDOWS\system32\ole32.dll 0x77120000 0x8c000 0xffff C:\WINDOWS\system32\OLEAUT32.dll 0x75f80000 0xfc000 0xffff C:\WINDOWS\system32\BROWSEUI.dll 0x77760000 0x16c000 0xffff C:\WINDOWS\system32\SHDOCVW.dll 0x77a80000 0x94000 0xffff C:\WINDOWS\system32\CRYPT32.dll 0x77b20000 0x12000 0xffff C:\WINDOWS\system32\MSASN1.dll 0x754d0000 0x80000 0xffff C:\WINDOWS\system32\CRYPTUI.dll 0x76c30000 0x2e000 0xffff C:\WINDOWS\system32\WINTRUST.dll 0x76c90000 0x28000 0xffff C:\WINDOWS\system32\IMAGEHLP.dll 0x5b860000 0x54000 0xffff C:\WINDOWS\system32\NETAPI32.dll 0x771b0000 0xa6000 0xffff C:\WINDOWS\system32\WININET.dll 0x76f60000 0x2c000 0xffff C:\WINDOWS\system32\WLDAP32.dll 0x77c00000 0x8000 0xffff C:\WINDOWS\system32\VERSION.dll 0x5ad70000 0x38000 0xffff C:\WINDOWS\system32\UxTheme.dll 0x5cb70000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x76b40000 0x2d000 0x10 C:\WINDOWS\system32\WINMM.dll 0x77be0000 0x15000 0x3 C:\WINDOWS\system32\MSACM32.dll 0x769c0000 0xb3000 0x4 C:\WINDOWS\system32\USERENV.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71ab0000 0x17000 0xa C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0x9 C:\WINDOWS\system32\WS2HELP.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x773d0000 0x102000 0x11 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x72d20000 0x9000 0x6 C:\WINDOWS\system32\wdmaud.drv 0x72d10000 0x8000 0x2 C:\WINDOWS\system32\msacm32.drv 0x77bd0000 0x7000 0x1 C:\WINDOWS\system32\midimap.dll 0x71a50000 0x3f000 0x2 C:\WINDOWS\system32\mswsock.dll 0x662b0000 0x58000 0x1 C:\WINDOWS\system32\hnetcfg.dll 0x71a90000 0x8000 0x1 C:\WINDOWS\System32\wshtcpip.dll 0x76fc0000 0x6000 0x1 C:\WINDOWS\system32\rasadhlp.dll 0x77b40000 0x22000 0x2 C:\WINDOWS\system32\appHelp.dll 0x76fd0000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 0x2 C:\WINDOWS\system32\COMRes.dll 0x77a20000 0x54000 0x2 C:\WINDOWS\System32\cscui.dll 0x76600000 0x1d000 0x2 C:\WINDOWS\System32\CSCDLL.dll 0x5ba60000 0x71000 0x1 C:\WINDOWS\system32\themeui.dll 0x77fe0000 0x11000 0x3 C:\WINDOWS\system32\Secur32.dll 0x76380000 0x5000 0x1 C:\WINDOWS\system32\MSIMG32.dll 0x20000000 0x2c5000 0x1 C:\WINDOWS\system32\xpsp2res.dll 0x71d40000 0x1c000 0x1 C:\WINDOWS\system32\actxprxy.dll 0x71bf0000 0x13000 0x1 C:\WINDOWS\system32\SAMLIB.dll 0x77920000 0xf3000 0x5 C:\WINDOWS\system32\SETUPAPI.dll 0x76400000 0x1a6000 0x1 C:\WINDOWS\system32\NETSHELL.dll 0x76e80000 0xe000 0x1 C:\WINDOWS\system32\rtutils.dll 0x76c00000 0x2e000 0x1 C:\WINDOWS\system32\credui.dll 0x76b20000 0x11000 0x1 C:\WINDOWS\system32\ATL.DLL 0x76d60000 0x19000 0x1 C:\WINDOWS\system32\iphlpapi.dll 0x77260000 0x9c000 0x2 C:\WINDOWS\system32\urlmon.dll 0x7d1e0000 0x2b2000 0x1 C:\WINDOWS\system32\msi.dll 0x76360000 0x10000 0x3 C:\WINDOWS\system32\WINSTA.dll 0x74b30000 0x46000 0x1 C:\WINDOWS\system32\webcheck.dll 0x71ad0000 0x9000 0x1 C:\WINDOWS\system32\WSOCK32.dll 0x76280000 0x21000 0x2 C:\WINDOWS\system32\stobject.dll 0x74af0000 0xa000 0x2 C:\WINDOWS\system32\BatMeter.dll 0x74ad0000 0x8000 0x4 C:\WINDOWS\system32\POWRPROF.dll 0x76f50000 0x8000 0x2 C:\WINDOWS\system32\WTSAPI32.dll 0x75e90000 0xb0000 0x1 C:\WINDOWS\system32\SXS.DLL ************************************************************************ VMwareTray.exe pid: 184 Command line : "C:\Program Files\VMware\VMware Tools\VMwareTray.exe" Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x00400000 0x66000 0xffff C:\Program Files\VMware\VMware Tools\VMwareTray.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x78130000 0x9b000 0xffff C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x7c9c0000 0x814000 0xffff C:\WINDOWS\system32\SHELL32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x77f60000 0x76000 0xffff C:\WINDOWS\system32\SHLWAPI.dll 0x10000000 0x82000 0xffff C:\Program Files\VMware\VMware Tools\VMControlPanel.cpl 0x774e0000 0x13c000 0xffff C:\WINDOWS\system32\ole32.dll 0x782e0000 0x10f000 0xffff C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL 0x763b0000 0x49000 0xffff C:\WINDOWS\system32\COMDLG32.dll 0x5d090000 0x97000 0xffff C:\WINDOWS\system32\COMCTL32.dll 0x00390000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71ab0000 0x17000 0x2 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0x1 C:\WINDOWS\system32\WS2HELP.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x77c00000 0x8000 0x1 C:\WINDOWS\system32\VERSION.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d360000 0xe000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL 0x76780000 0x9000 0x2 C:\WINDOWS\system32\shfolder.dll 0x5ad70000 0x38000 0x2 C:\WINDOWS\system32\uxtheme.dll ************************************************************************ VMwareUser.exe pid: 192 Command line : "C:\Program Files\VMware\VMware Tools\VMwareUser.exe" Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x00400000 0x137000 0xffff C:\Program Files\VMware\VMware Tools\VMwareUser.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x78130000 0x9b000 0xffff C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x76780000 0x9000 0xffff C:\WINDOWS\system32\SHFOLDER.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x7c9c0000 0x814000 0xffff C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0xffff C:\WINDOWS\system32\SHLWAPI.dll 0x774e0000 0x13c000 0xffff C:\WINDOWS\system32\ole32.dll 0x76b40000 0x2d000 0xffff C:\WINDOWS\system32\WINMM.dll 0x71b20000 0x12000 0xffff C:\WINDOWS\system32\MPR.dll 0x77c00000 0x8000 0xffff C:\WINDOWS\system32\VERSION.dll 0x10000000 0x10000 0xffff C:\Program Files\VMware\VMware Tools\sigc-2.0.dll 0x7c420000 0x87000 0xffff C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll 0x71ab0000 0x17000 0xffff C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0xffff C:\WINDOWS\system32\WS2HELP.dll 0x782e0000 0x10f000 0xffff C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL 0x73000000 0x26000 0xffff C:\WINDOWS\system32\WINSPOOL.DRV 0x77120000 0x8c000 0xffff C:\WINDOWS\system32\OLEAUT32.dll 0x00390000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x5d360000 0xe000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL 0x5ad70000 0x38000 0x2 C:\WINDOWS\system32\uxtheme.dll 0x76f50000 0x8000 0x1 C:\WINDOWS\system32\wtsapi32.dll 0x76360000 0x10000 0x1 C:\WINDOWS\system32\WINSTA.dll 0x5b860000 0x54000 0x1 C:\WINDOWS\system32\NETAPI32.dll 0x20000000 0x2c5000 0x1 C:\WINDOWS\system32\xpsp2res.dll ************************************************************************ reader_sl.exe pid: 228 Command line : "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x00400000 0xa000 0xffff C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x7c9c0000 0x814000 0xffff C:\WINDOWS\system32\SHELL32.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77f60000 0x76000 0xffff C:\WINDOWS\system32\SHLWAPI.dll 0x7c420000 0x87000 0xffff C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll 0x78130000 0x9b000 0xffff C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71ab0000 0x17000 0x2 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0x1 C:\WINDOWS\system32\WS2HELP.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x77c00000 0x8000 0x1 C:\WINDOWS\system32\VERSION.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x5ad70000 0x38000 0x2 C:\WINDOWS\system32\uxtheme.dll ************************************************************************ wuauclt.exe pid: 400 Command line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3c4]SUSDSf6f1f89b8c664547b701fa0a7f1b4cf6 Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x00400000 0x1e000 0xffff C:\WINDOWS\system32\wuauclt.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x76b20000 0x11000 0xffff C:\WINDOWS\system32\ATL.DLL 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x77dd0000 0x9b000 0xffff C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xffff C:\WINDOWS\system32\RPCRT4.dll 0x773d0000 0x102000 0xffff C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll 0x77f60000 0x76000 0xffff C:\WINDOWS\system32\SHLWAPI.dll 0x774e0000 0x13c000 0xffff C:\WINDOWS\system32\ole32.dll 0x77120000 0x8c000 0xffff C:\WINDOWS\system32\OLEAUT32.dll 0x50940000 0x2a000 0xffff C:\WINDOWS\system32\wuaucpl.cpl 0x76780000 0x9000 0xffff C:\WINDOWS\system32\SHFOLDER.dll 0x50040000 0x119000 0xffff C:\WINDOWS\system32\wuaueng.dll 0x75260000 0x29000 0xffff C:\WINDOWS\system32\ADVPACK.dll 0x77c00000 0x8000 0xffff C:\WINDOWS\system32\VERSION.dll 0x769c0000 0xb3000 0xffff C:\WINDOWS\system32\USERENV.dll 0x71ab0000 0x17000 0xffff C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0xffff C:\WINDOWS\system32\WS2HELP.dll 0x606b0000 0x10d000 0xffff C:\WINDOWS\system32\ESENT.dll 0x76f50000 0x8000 0xffff C:\WINDOWS\system32\WTSAPI32.dll 0x76360000 0x10000 0xffff C:\WINDOWS\system32\WINSTA.dll 0x5b860000 0x54000 0xffff C:\WINDOWS\system32\NETAPI32.dll 0x73000000 0x26000 0xffff C:\WINDOWS\system32\WINSPOOL.DRV 0x77920000 0xf3000 0xffff C:\WINDOWS\system32\SETUPAPI.dll 0x4d4f0000 0x58000 0xffff C:\WINDOWS\system32\WINHTTP.dll 0x76c30000 0x2e000 0xffff C:\WINDOWS\system32\WINTRUST.dll 0x77a80000 0x94000 0xffff C:\WINDOWS\system32\CRYPT32.dll 0x77b20000 0x12000 0xffff C:\WINDOWS\system32\MSASN1.dll 0x76c90000 0x28000 0xffff C:\WINDOWS\system32\IMAGEHLP.dll 0x75150000 0x14000 0xffff C:\WINDOWS\system32\Cabinet.dll 0x600a0000 0xb000 0xffff C:\WINDOWS\system32\mspatcha.dll 0x76bb0000 0x5000 0xffff C:\WINDOWS\system32\sfc.dll 0x76c60000 0x2a000 0xffff C:\WINDOWS\system32\sfc_os.dll 0x76380000 0x5000 0xffff C:\WINDOWS\system32\MSIMG32.dll 0x7c9c0000 0x814000 0xffff C:\WINDOWS\system32\SHELL32.dll 0x5cb70000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x76b40000 0x2d000 0x2 C:\WINDOWS\system32\WINMM.dll 0x77be0000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll 0x5ad70000 0x38000 0x3 C:\WINDOWS\system32\UxTheme.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x20000000 0x2c5000 0x1 C:\WINDOWS\system32\xpsp2res.dll 0x76fd0000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 0x2 C:\WINDOWS\system32\COMRes.dll 0x50640000 0xd000 0x1 C:\WINDOWS\system32\wups.dll ************************************************************************ cmd.exe pid: 544 Command line : "C:\WINDOWS\system32\cmd.exe" Service Pack 2 Base Size LoadCount Path ---------- ---------- ---------- ---- 0x4ad00000 0x61000 0xffff C:\WINDOWS\system32\cmd.exe 0x7c900000 0xb0000 0xffff C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf4000 0xffff C:\WINDOWS\system32\kernel32.dll 0x77c10000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll 0x77d40000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll 0x77f10000 0x46000 0xffff C:\WINDOWS\system32\GDI32.dll 0x5cb70000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL 0x77dd0000 0x9b000 0x17 C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x91000 0xb C:\WINDOWS\system32\RPCRT4.dll 0x76b40000 0x2d000 0x2 C:\WINDOWS\system32\WINMM.dll 0x774e0000 0x13c000 0x2 C:\WINDOWS\system32\ole32.dll 0x77120000 0x8c000 0x1 C:\WINDOWS\system32\OLEAUT32.dll 0x77be0000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll 0x77c00000 0x8000 0x3 C:\WINDOWS\system32\VERSION.dll 0x7c9c0000 0x814000 0x1 C:\WINDOWS\system32\SHELL32.dll 0x77f60000 0x76000 0x3 C:\WINDOWS\system32\SHLWAPI.dll 0x769c0000 0xb3000 0x1 C:\WINDOWS\system32\USERENV.dll 0x5ad70000 0x38000 0x1 C:\WINDOWS\system32\UxTheme.dll 0x10000000 0x59000 0x1 C:\WINDOWS\system32\mfc42ul.dll 0x71ab0000 0x17000 0x2 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 0x1 C:\WINDOWS\system32\WS2HELP.dll 0x71f60000 0x8000 0x1 C:\WINDOWS\system32\snmpapi.dll 0x773d0000 0x102000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5d090000 0x97000 0x1 C:\WINDOWS\system32\comctl32.dll 0x77b40000 0x22000 0x1 C:\WINDOWS\system32\Apphelp.dll ========================================================================= ┌──(kali㉿kali)-[~/Desktop/volatility/volatility_2.5.linux.standalone] └─$ ./volatility_2.5_linux_x64 --profile=WinXPSP2x86 -f OCSALY_Case_001/0zapftis.vmem getsids Volatility Foundation Volatility Framework 2.5 System (4): S-1-5-18 (Local System) System (4): S-1-5-32-544 (Administrators) System (4): S-1-1-0 (Everyone) System (4): S-1-5-11 (Authenticated Users) smss.exe (536): S-1-5-18 (Local System) smss.exe (536): S-1-5-32-544 (Administrators) smss.exe (536): S-1-1-0 (Everyone) smss.exe (536): S-1-5-11 (Authenticated Users) csrss.exe (608): S-1-5-18 (Local System) csrss.exe (608): S-1-5-32-544 (Administrators) csrss.exe (608): S-1-1-0 (Everyone) csrss.exe (608): S-1-5-11 (Authenticated Users) winlogon.exe (632): S-1-5-18 (Local System) winlogon.exe (632): S-1-5-32-544 (Administrators) winlogon.exe (632): S-1-1-0 (Everyone) winlogon.exe (632): S-1-5-11 (Authenticated Users) services.exe (676): S-1-5-18 (Local System) services.exe (676): S-1-5-32-544 (Administrators) services.exe (676): S-1-1-0 (Everyone) services.exe (676): S-1-5-11 (Authenticated Users) lsass.exe (688): S-1-5-18 (Local System) lsass.exe (688): S-1-5-32-544 (Administrators) lsass.exe (688): S-1-1-0 (Everyone) lsass.exe (688): S-1-5-11 (Authenticated Users) vmacthlp.exe (832): S-1-5-18 (Local System) vmacthlp.exe (832): S-1-5-32-544 (Administrators) vmacthlp.exe (832): S-1-1-0 (Everyone) vmacthlp.exe (832): S-1-5-11 (Authenticated Users) svchost.exe (848): S-1-5-18 (Local System) svchost.exe (848): S-1-5-32-544 (Administrators) svchost.exe (848): S-1-1-0 (Everyone) svchost.exe (848): S-1-5-11 (Authenticated Users) svchost.exe (916): S-1-5-20 (NT Authority) svchost.exe (916): S-1-5-20 (NT Authority) svchost.exe (916): S-1-1-0 (Everyone) svchost.exe (916): S-1-5-32-545 (Users) svchost.exe (916): S-1-5-6 (Service) svchost.exe (916): S-1-5-11 (Authenticated Users) svchost.exe (916): S-1-5-5-0-54905 (Logon Session) svchost.exe (916): S-1-2-0 (Local (Users with the ability to log in locally)) svchost.exe (916): S-1-1-0 (Everyone) svchost.exe (916): S-1-5-11 (Authenticated Users) svchost.exe (916): S-1-2-0 (Local (Users with the ability to log in locally)) svchost.exe (916): S-1-5-32-545 (Users) svchost.exe (964): S-1-5-18 (Local System) svchost.exe (964): S-1-5-32-544 (Administrators) svchost.exe (964): S-1-1-0 (Everyone) svchost.exe (964): S-1-5-11 (Authenticated Users) svchost.exe (1020): S-1-5-20 (NT Authority) svchost.exe (1020): S-1-5-20 (NT Authority) svchost.exe (1020): S-1-1-0 (Everyone) svchost.exe (1020): S-1-5-32-545 (Users) svchost.exe (1020): S-1-5-6 (Service) svchost.exe (1020): S-1-5-11 (Authenticated Users) svchost.exe (1020): S-1-5-5-0-57076 (Logon Session) svchost.exe (1020): S-1-2-0 (Local (Users with the ability to log in locally)) svchost.exe (1020): S-1-1-0 (Everyone) svchost.exe (1020): S-1-5-11 (Authenticated Users) svchost.exe (1020): S-1-2-0 (Local (Users with the ability to log in locally)) svchost.exe (1020): S-1-5-32-545 (Users) svchost.exe (1148): S-1-5-19 (NT Authority) svchost.exe (1148): S-1-5-19 (NT Authority) svchost.exe (1148): S-1-1-0 (Everyone) svchost.exe (1148): S-1-5-32-545 (Users) svchost.exe (1148): S-1-5-6 (Service) svchost.exe (1148): S-1-5-11 (Authenticated Users) svchost.exe (1148): S-1-5-5-0-57864 (Logon Session) svchost.exe (1148): S-1-2-0 (Local (Users with the ability to log in locally)) svchost.exe (1148): S-1-1-0 (Everyone) svchost.exe (1148): S-1-5-11 (Authenticated Users) svchost.exe (1148): S-1-2-0 (Local (Users with the ability to log in locally)) svchost.exe (1148): S-1-5-32-545 (Users) spoolsv.exe (1260): S-1-5-18 (Local System) spoolsv.exe (1260): S-1-5-32-544 (Administrators) spoolsv.exe (1260): S-1-1-0 (Everyone) spoolsv.exe (1260): S-1-5-11 (Authenticated Users) VMwareService.e (1444): S-1-5-18 (Local System) VMwareService.e (1444): S-1-5-32-544 (Administrators) VMwareService.e (1444): S-1-1-0 (Everyone) VMwareService.e (1444): S-1-5-11 (Authenticated Users) alg.exe (1616): S-1-5-19 (NT Authority) alg.exe (1616): S-1-5-19 (NT Authority) alg.exe (1616): S-1-1-0 (Everyone) alg.exe (1616): S-1-5-32-545 (Users) alg.exe (1616): S-1-5-6 (Service) alg.exe (1616): S-1-5-11 (Authenticated Users) alg.exe (1616): S-1-5-5-0-73075 (Logon Session) alg.exe (1616): S-1-2-0 (Local (Users with the ability to log in locally)) alg.exe (1616): S-1-1-0 (Everyone) alg.exe (1616): S-1-5-11 (Authenticated Users) alg.exe (1616): S-1-2-0 (Local (Users with the ability to log in locally)) alg.exe (1616): S-1-5-32-545 (Users) wscntfy.exe (1920): S-1-5-21-839522115-73586283-2147125571-500 (Administrator) wscntfy.exe (1920): S-1-5-21-839522115-73586283-2147125571-513 (Domain Users) wscntfy.exe (1920): S-1-1-0 (Everyone) wscntfy.exe (1920): S-1-5-32-544 (Administrators) wscntfy.exe (1920): S-1-5-32-545 (Users) wscntfy.exe (1920): S-1-5-4 (Interactive) wscntfy.exe (1920): S-1-5-11 (Authenticated Users) wscntfy.exe (1920): S-1-5-5-0-59067 (Logon Session) wscntfy.exe (1920): S-1-2-0 (Local (Users with the ability to log in locally)) explorer.exe (1956): S-1-5-21-839522115-73586283-2147125571-500 (Administrator) explorer.exe (1956): S-1-5-21-839522115-73586283-2147125571-513 (Domain Users) explorer.exe (1956): S-1-1-0 (Everyone) explorer.exe (1956): S-1-5-32-544 (Administrators) explorer.exe (1956): S-1-5-32-545 (Users) explorer.exe (1956): S-1-5-4 (Interactive) explorer.exe (1956): S-1-5-11 (Authenticated Users) explorer.exe (1956): S-1-5-5-0-59067 (Logon Session) explorer.exe (1956): S-1-2-0 (Local (Users with the ability to log in locally)) VMwareTray.exe (184): S-1-5-21-839522115-73586283-2147125571-500 (Administrator) VMwareTray.exe (184): S-1-5-21-839522115-73586283-2147125571-513 (Domain Users) VMwareTray.exe (184): S-1-1-0 (Everyone) VMwareTray.exe (184): S-1-5-32-544 (Administrators) VMwareTray.exe (184): S-1-5-32-545 (Users) VMwareTray.exe (184): S-1-5-4 (Interactive) VMwareTray.exe (184): S-1-5-11 (Authenticated Users) VMwareTray.exe (184): S-1-5-5-0-59067 (Logon Session) VMwareTray.exe (184): S-1-2-0 (Local (Users with the ability to log in locally)) VMwareUser.exe (192): S-1-5-21-839522115-73586283-2147125571-500 (Administrator) VMwareUser.exe (192): S-1-5-21-839522115-73586283-2147125571-513 (Domain Users) VMwareUser.exe (192): S-1-1-0 (Everyone) VMwareUser.exe (192): S-1-5-32-544 (Administrators) VMwareUser.exe (192): S-1-5-32-545 (Users) VMwareUser.exe (192): S-1-5-4 (Interactive) VMwareUser.exe (192): S-1-5-11 (Authenticated Users) VMwareUser.exe (192): S-1-5-5-0-59067 (Logon Session) VMwareUser.exe (192): S-1-2-0 (Local (Users with the ability to log in locally)) reader_sl.exe (228): S-1-5-21-839522115-73586283-2147125571-500 (Administrator) reader_sl.exe (228): S-1-5-21-839522115-73586283-2147125571-513 (Domain Users) reader_sl.exe (228): S-1-1-0 (Everyone) reader_sl.exe (228): S-1-5-32-544 (Administrators) reader_sl.exe (228): S-1-5-32-545 (Users) reader_sl.exe (228): S-1-5-4 (Interactive) reader_sl.exe (228): S-1-5-11 (Authenticated Users) reader_sl.exe (228): S-1-5-5-0-59067 (Logon Session) reader_sl.exe (228): S-1-2-0 (Local (Users with the ability to log in locally)) wuauclt.exe (400): S-1-5-18 (Local System) wuauclt.exe (400): S-1-5-32-544 (Administrators) wuauclt.exe (400): S-1-1-0 (Everyone) wuauclt.exe (400): S-1-5-11 (Authenticated Users) cmd.exe (544): S-1-5-21-839522115-73586283-2147125571-500 (Administrator) cmd.exe (544): S-1-5-21-839522115-73586283-2147125571-513 (Domain Users) cmd.exe (544): S-1-1-0 (Everyone) cmd.exe (544): S-1-5-32-544 (Administrators) cmd.exe (544): S-1-5-32-545 (Users) cmd.exe (544): S-1-5-4 (Interactive) cmd.exe (544): S-1-5-11 (Authenticated Users) cmd.exe (544): S-1-5-5-0-59067 (Logon Session) cmd.exe (544): S-1-2-0 (Local (Users with the ability to log in locally)) ┌──(kali㉿kali)-[~/Desktop/volatility/volatility_2.5.linux.standalone] └─$