Volatility 3 Framework 1.0.1

PID	Process	Block	Variable	Value

600	csrss.exe	0x110048	ComSpec	C:\WINDOWS\system32\cmd.exe
600	csrss.exe	0x110048	FP_NO_HOST_CHECK	NO
600	csrss.exe	0x110048	NUMBER_OF_PROCESSORS	1
600	csrss.exe	0x110048	OS	Windows_NT
600	csrss.exe	0x110048	Path	C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
600	csrss.exe	0x110048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
600	csrss.exe	0x110048	PROCESSOR_ARCHITECTURE	x86
600	csrss.exe	0x110048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
600	csrss.exe	0x110048	PROCESSOR_LEVEL	6
600	csrss.exe	0x110048	PROCESSOR_REVISION	2502
600	csrss.exe	0x110048	SystemDrive	C:
600	csrss.exe	0x110048	SystemRoot	C:\WINDOWS
600	csrss.exe	0x110048	TEMP	C:\WINDOWS\TEMP
600	csrss.exe	0x110048	TMP	C:\WINDOWS\TEMP
600	csrss.exe	0x110048	windir	C:\WINDOWS
624	winlogon.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
624	winlogon.exe	0x20048	APPDATA	C:\Documents and Settings\Administrator\Application Data
624	winlogon.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
624	winlogon.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
624	winlogon.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
624	winlogon.exe	0x20048	FP_NO_HOST_CHECK	NO
624	winlogon.exe	0x20048	LOGONSERVER	\\SECURITY-91B8EC
624	winlogon.exe	0x20048	NUMBER_OF_PROCESSORS	1
624	winlogon.exe	0x20048	OS	Windows_NT
624	winlogon.exe	0x20048	Path	C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
624	winlogon.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
624	winlogon.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
624	winlogon.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
624	winlogon.exe	0x20048	PROCESSOR_LEVEL	6
624	winlogon.exe	0x20048	PROCESSOR_REVISION	2502
624	winlogon.exe	0x20048	ProgramFiles	C:\Program Files
624	winlogon.exe	0x20048	SystemDrive	C:
624	winlogon.exe	0x20048	SystemRoot	C:\WINDOWS
624	winlogon.exe	0x20048	TEMP	C:\WINDOWS\TEMP
624	winlogon.exe	0x20048	TMP	C:\WINDOWS\TEMP
1032	svchost.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
1032	svchost.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
1032	svchost.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
1032	svchost.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
1032	svchost.exe	0x20048	FP_NO_HOST_CHECK	NO
1032	svchost.exe	0x20048	NUMBER_OF_PROCESSORS	1
1032	svchost.exe	0x20048	OS	Windows_NT
1032	svchost.exe	0x20048	Path	C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
1032	svchost.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
1032	svchost.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
1032	svchost.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
1032	svchost.exe	0x20048	PROCESSOR_LEVEL	6
1032	svchost.exe	0x20048	PROCESSOR_REVISION	2502
1032	svchost.exe	0x20048	ProgramFiles	C:\Program Files
1032	svchost.exe	0x20048	SystemDrive	C:
1032	svchost.exe	0x20048	SystemRoot	C:\WINDOWS
1032	svchost.exe	0x20048	TEMP	C:\WINDOWS\TEMP
1032	svchost.exe	0x20048	TMP	C:\WINDOWS\TEMP
1032	svchost.exe	0x20048	USERPROFILE	C:\Documents and Settings\NetworkService
1032	svchost.exe	0x20048	windir	C:\WINDOWS
1512	explorer.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
1512	explorer.exe	0x20048	APPDATA	C:\Documents and Settings\Administrator\Application Data
1512	explorer.exe	0x20048	CLIENTNAME	Console
1512	explorer.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
1512	explorer.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
1512	explorer.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
1512	explorer.exe	0x20048	FP_NO_HOST_CHECK	NO
1512	explorer.exe	0x20048	HOMEDRIVE	C:
1512	explorer.exe	0x20048	HOMEPATH	\Documents and Settings\Administrator
1512	explorer.exe	0x20048	LOGONSERVER	\\SECURITY-91B8EC
1512	explorer.exe	0x20048	NUMBER_OF_PROCESSORS	1
1512	explorer.exe	0x20048	OS	Windows_NT
1512	explorer.exe	0x20048	Path	C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
1512	explorer.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
1512	explorer.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
1512	explorer.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
1512	explorer.exe	0x20048	PROCESSOR_LEVEL	6
1512	explorer.exe	0x20048	PROCESSOR_REVISION	2502
1512	explorer.exe	0x20048	ProgramFiles	C:\Program Files
1512	explorer.exe	0x20048	SESSIONNAME	Console
1512	explorer.exe	0x20048	SystemDrive	C:
1512	explorer.exe	0x20048	SystemRoot	C:\WINDOWS
1512	explorer.exe	0x20048	TEMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
1752	VMwareTray.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
1752	VMwareTray.exe	0x20048	APPDATA	C:\Documents and Settings\Administrator\Application Data
1752	VMwareTray.exe	0x20048	CLIENTNAME	Console
1752	VMwareTray.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
1752	VMwareTray.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
1752	VMwareTray.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
1752	VMwareTray.exe	0x20048	FP_NO_HOST_CHECK	NO
1752	VMwareTray.exe	0x20048	HOMEDRIVE	C:
1752	VMwareTray.exe	0x20048	HOMEPATH	\Documents and Settings\Administrator
1752	VMwareTray.exe	0x20048	LOGONSERVER	\\SECURITY-91B8EC
1752	VMwareTray.exe	0x20048	NUMBER_OF_PROCESSORS	1
1752	VMwareTray.exe	0x20048	OS	Windows_NT
1752	VMwareTray.exe	0x20048	Path	C:\Program Files\VMware\VMware Tools\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
1752	VMwareTray.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
1752	VMwareTray.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
1752	VMwareTray.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
1752	VMwareTray.exe	0x20048	PROCESSOR_LEVEL	6
1752	VMwareTray.exe	0x20048	PROCESSOR_REVISION	2502
1752	VMwareTray.exe	0x20048	ProgramFiles	C:\Program Files
1752	VMwareTray.exe	0x20048	SESSIONNAME	Console
1752	VMwareTray.exe	0x20048	SystemDrive	C:
1752	VMwareTray.exe	0x20048	SystemRoot	C:\WINDOWS
1752	VMwareTray.exe	0x20048	TEMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
1752	VMwareTray.exe	0x20048	TMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
1752	VMwareTray.exe	0x20048	USERDOMAIN	SECURITY-91B8EC
1752	VMwareTray.exe	0x20048	USERNAME	Administrator
1772	VMwareUser.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
1772	VMwareUser.exe	0x20048	APPDATA	C:\Documents and Settings\Administrator\Application Data
1772	VMwareUser.exe	0x20048	CLIENTNAME	Console
1772	VMwareUser.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
1772	VMwareUser.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
1772	VMwareUser.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
1772	VMwareUser.exe	0x20048	FP_NO_HOST_CHECK	NO
1772	VMwareUser.exe	0x20048	HOMEDRIVE	C:
1772	VMwareUser.exe	0x20048	HOMEPATH	\Documents and Settings\Administrator
1772	VMwareUser.exe	0x20048	LOGONSERVER	\\SECURITY-91B8EC
1772	VMwareUser.exe	0x20048	NUMBER_OF_PROCESSORS	1
1772	VMwareUser.exe	0x20048	OS	Windows_NT
1772	VMwareUser.exe	0x20048	Path	C:\Program Files\VMware\VMware Tools\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
1772	VMwareUser.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
1772	VMwareUser.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
1772	VMwareUser.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
1772	VMwareUser.exe	0x20048	PROCESSOR_LEVEL	6
1772	VMwareUser.exe	0x20048	PROCESSOR_REVISION	2502
1772	VMwareUser.exe	0x20048	ProgramFiles	C:\Program Files
1772	VMwareUser.exe	0x20048	SESSIONNAME	Console
1772	VMwareUser.exe	0x20048	SystemDrive	C:
1772	VMwareUser.exe	0x20048	SystemRoot	C:\WINDOWS
1772	VMwareUser.exe	0x20048	TEMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
1772	VMwareUser.exe	0x20048	TMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
1772	VMwareUser.exe	0x20048	USERDOMAIN	SECURITY-91B8EC
1772	VMwareUser.exe	0x20048	USERNAME	Administrator
1796	AdobeARM.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
1796	AdobeARM.exe	0x20048	APPDATA	C:\Documents and Settings\Administrator\Application Data
1796	AdobeARM.exe	0x20048	CLIENTNAME	Console
1796	AdobeARM.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
1796	AdobeARM.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
1796	AdobeARM.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
1796	AdobeARM.exe	0x20048	FP_NO_HOST_CHECK	NO
1796	AdobeARM.exe	0x20048	HOMEDRIVE	C:
1796	AdobeARM.exe	0x20048	HOMEPATH	\Documents and Settings\Administrator
1796	AdobeARM.exe	0x20048	LOGONSERVER	\\SECURITY-91B8EC
1796	AdobeARM.exe	0x20048	NUMBER_OF_PROCESSORS	1
1796	AdobeARM.exe	0x20048	OS	Windows_NT
1796	AdobeARM.exe	0x20048	Path	C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
1796	AdobeARM.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
1796	AdobeARM.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
1796	AdobeARM.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
1796	AdobeARM.exe	0x20048	PROCESSOR_LEVEL	6
1796	AdobeARM.exe	0x20048	PROCESSOR_REVISION	2502
1796	AdobeARM.exe	0x20048	ProgramFiles	C:\Program Files
1796	AdobeARM.exe	0x20048	SESSIONNAME	Console
1796	AdobeARM.exe	0x20048	SystemDrive	C:
1796	AdobeARM.exe	0x20048	SystemRoot	C:\WINDOWS
1796	AdobeARM.exe	0x20048	TEMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
1796	AdobeARM.exe	0x20048	TMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
1796	AdobeARM.exe	0x20048	USERDOMAIN	SECURITY-91B8EC
1796	AdobeARM.exe	0x20048	USERNAME	Administrator
1796	AdobeARM.exe	0x20048	USERPROFILE	C:\Documents and Settings\Administrator
252	vmtoolsd.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
252	vmtoolsd.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
252	vmtoolsd.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
252	vmtoolsd.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
252	vmtoolsd.exe	0x20048	FP_NO_HOST_CHECK	NO
252	vmtoolsd.exe	0x20048	NUMBER_OF_PROCESSORS	1
252	vmtoolsd.exe	0x20048	OS	Windows_NT
252	vmtoolsd.exe	0x20048	Path	C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
252	vmtoolsd.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
252	vmtoolsd.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
252	vmtoolsd.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
252	vmtoolsd.exe	0x20048	PROCESSOR_LEVEL	6
252	vmtoolsd.exe	0x20048	PROCESSOR_REVISION	2502
252	vmtoolsd.exe	0x20048	ProgramFiles	C:\Program Files
252	vmtoolsd.exe	0x20048	SystemDrive	C:
252	vmtoolsd.exe	0x20048	SystemRoot	C:\WINDOWS
252	vmtoolsd.exe	0x20048	TEMP	C:\WINDOWS\TEMP
252	vmtoolsd.exe	0x20048	TMP	C:\WINDOWS\TEMP
252	vmtoolsd.exe	0x20048	USERPROFILE	C:\Documents and Settings\LocalService
252	vmtoolsd.exe	0x20048	windir	C:\WINDOWS
992	wmiprvse.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
992	wmiprvse.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
992	wmiprvse.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
992	wmiprvse.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
992	wmiprvse.exe	0x20048	FP_NO_HOST_CHECK	NO
992	wmiprvse.exe	0x20048	NUMBER_OF_PROCESSORS	1
992	wmiprvse.exe	0x20048	OS	Windows_NT
992	wmiprvse.exe	0x20048	Path	C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
992	wmiprvse.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
992	wmiprvse.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
992	wmiprvse.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
992	wmiprvse.exe	0x20048	PROCESSOR_LEVEL	6
992	wmiprvse.exe	0x20048	PROCESSOR_REVISION	2502
992	wmiprvse.exe	0x20048	ProgramFiles	C:\Program Files
992	wmiprvse.exe	0x20048	SystemDrive	C:
992	wmiprvse.exe	0x20048	SystemRoot	C:\WINDOWS
992	wmiprvse.exe	0x20048	TEMP	C:\WINDOWS\TEMP
992	wmiprvse.exe	0x20048	TMP	C:\WINDOWS\TEMP
992	wmiprvse.exe	0x20048	USERPROFILE	C:\WINDOWS\system32\config\systemprofile
992	wmiprvse.exe	0x20048	windir	C:\WINDOWS
1132	wuauclt.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
1132	wuauclt.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
1132	wuauclt.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
1132	wuauclt.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
1132	wuauclt.exe	0x20048	FP_NO_HOST_CHECK	NO
1132	wuauclt.exe	0x20048	NUMBER_OF_PROCESSORS	1
1132	wuauclt.exe	0x20048	OS	Windows_NT
1132	wuauclt.exe	0x20048	Path	C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
1132	wuauclt.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
1132	wuauclt.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
1132	wuauclt.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
1132	wuauclt.exe	0x20048	PROCESSOR_LEVEL	6
1132	wuauclt.exe	0x20048	PROCESSOR_REVISION	2502
1132	wuauclt.exe	0x20048	ProgramFiles	C:\Program Files
1132	wuauclt.exe	0x20048	SystemDrive	C:
1132	wuauclt.exe	0x20048	SystemRoot	C:\WINDOWS
1132	wuauclt.exe	0x20048	TEMP	C:\WINDOWS\TEMP
1132	wuauclt.exe	0x20048	TMP	C:\WINDOWS\TEMP
1132	wuauclt.exe	0x20048	USERPROFILE	C:\Documents and Settings\NetworkService
1132	wuauclt.exe	0x20048	windir	C:\WINDOWS
3692	AcroRd32.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
3692	AcroRd32.exe	0x20048	APPDATA	C:\Documents and Settings\Administrator\Application Data
3692	AcroRd32.exe	0x20048	CLIENTNAME	Console
3692	AcroRd32.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
3692	AcroRd32.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
3692	AcroRd32.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
3692	AcroRd32.exe	0x20048	FP_NO_HOST_CHECK	NO
3692	AcroRd32.exe	0x20048	HOMEDRIVE	C:
3692	AcroRd32.exe	0x20048	HOMEPATH	\Documents and Settings\Administrator
3692	AcroRd32.exe	0x20048	LOGONSERVER	\\SECURITY-91B8EC
3692	AcroRd32.exe	0x20048	NUMBER_OF_PROCESSORS	1
3692	AcroRd32.exe	0x20048	OS	Windows_NT
3692	AcroRd32.exe	0x20048	Path	C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins;C:\Program Files\Adobe\Reader 9.0\Reader\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
3692	AcroRd32.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
3692	AcroRd32.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
3692	AcroRd32.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
3692	AcroRd32.exe	0x20048	PROCESSOR_LEVEL	6
3692	AcroRd32.exe	0x20048	PROCESSOR_REVISION	2502
3692	AcroRd32.exe	0x20048	ProgramFiles	C:\Program Files
3692	AcroRd32.exe	0x20048	SESSIONNAME	Console
3692	AcroRd32.exe	0x20048	SystemDrive	C:
3692	AcroRd32.exe	0x20048	SystemRoot	C:\WINDOWS
3692	AcroRd32.exe	0x20048	TEMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
3692	AcroRd32.exe	0x20048	TMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
3692	AcroRd32.exe	0x20048	USERDOMAIN	SECURITY-91B8EC
3692	AcroRd32.exe	0x20048	USERNAME	Administrator
3692	AcroRd32.exe	0x20048	USERPROFILE	C:\Documents and Settings\Administrator
3692	AcroRd32.exe	0x20048	windir	C:\WINDOWS
3728	AcroRd32Info.ex	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
3728	AcroRd32Info.ex	0x20048	APPDATA	C:\Documents and Settings\Administrator\Application Data
3728	AcroRd32Info.ex	0x20048	CLIENTNAME	Console
3728	AcroRd32Info.ex	0x20048	CommonProgramFiles	C:\Program Files\Common Files
3728	AcroRd32Info.ex	0x20048	COMPUTERNAME	SECURITY-91B8EC
3728	AcroRd32Info.ex	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
3728	AcroRd32Info.ex	0x20048	FP_NO_HOST_CHECK	NO
3728	AcroRd32Info.ex	0x20048	HOMEDRIVE	C:
3728	AcroRd32Info.ex	0x20048	HOMEPATH	\Documents and Settings\Administrator
3728	AcroRd32Info.ex	0x20048	LOGONSERVER	\\SECURITY-91B8EC
3728	AcroRd32Info.ex	0x20048	NUMBER_OF_PROCESSORS	1
3728	AcroRd32Info.ex	0x20048	OS	Windows_NT
3728	AcroRd32Info.ex	0x20048	Path	C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
3728	AcroRd32Info.ex	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
3728	AcroRd32Info.ex	0x20048	PROCESSOR_ARCHITECTURE	x86
3728	AcroRd32Info.ex	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
3728	AcroRd32Info.ex	0x20048	PROCESSOR_LEVEL	6
3728	AcroRd32Info.ex	0x20048	PROCESSOR_REVISION	2502
3728	AcroRd32Info.ex	0x20048	ProgramFiles	C:\Program Files
3728	AcroRd32Info.ex	0x20048	SESSIONNAME	Console
3728	AcroRd32Info.ex	0x20048	SystemDrive	C:
3728	AcroRd32Info.ex	0x20048	SystemRoot	C:\WINDOWS
3728	AcroRd32Info.ex	0x20048	TEMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
3728	AcroRd32Info.ex	0x20048	TMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
3728	AcroRd32Info.ex	0x20048	USERDOMAIN	SECURITY-91B8EC
3728	AcroRd32Info.ex	0x20048	USERNAME	Administrator
3728	AcroRd32Info.ex	0x20048	USERPROFILE	C:\Documents and Settings\Administrator
3728	AcroRd32Info.ex	0x20048	windir	C:\WINDOWS
3968	rundll32.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
3968	rundll32.exe	0x20048	APPDATA	C:\Documents and Settings\Administrator\Application Data
3968	rundll32.exe	0x20048	CLIENTNAME	Console
3968	rundll32.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
3968	rundll32.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
3968	rundll32.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
3968	rundll32.exe	0x20048	FP_NO_HOST_CHECK	NO
3968	rundll32.exe	0x20048	HOMEDRIVE	C:
3968	rundll32.exe	0x20048	HOMEPATH	\Documents and Settings\Administrator
3968	rundll32.exe	0x20048	LOGONSERVER	\\SECURITY-91B8EC
3968	rundll32.exe	0x20048	NUMBER_OF_PROCESSORS	1
3968	rundll32.exe	0x20048	OS	Windows_NT
3968	rundll32.exe	0x20048	Path	C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins;C:\Program Files\Adobe\Reader 9.0\Reader\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
3968	rundll32.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
3968	rundll32.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
3968	rundll32.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
3968	rundll32.exe	0x20048	PROCESSOR_LEVEL	6
3968	rundll32.exe	0x20048	PROCESSOR_REVISION	2502
3968	rundll32.exe	0x20048	ProgramFiles	C:\Program Files
3968	rundll32.exe	0x20048	SESSIONNAME	Console
3968	rundll32.exe	0x20048	SystemDrive	C:
3968	rundll32.exe	0x20048	SystemRoot	C:\WINDOWS
3968	rundll32.exe	0x20048	TEMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
3968	rundll32.exe	0x20048	TMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
3968	rundll32.exe	0x20048	USERDOMAIN	SECURITY-91B8EC
3968	rundll32.exe	0x20048	USERNAME	Administrator
3968	rundll32.exe	0x20048	USERPROFILE	C:\Documents and Settings\Administrator
3968	rundll32.exe	0x20048	windir	C:\WINDOWS
3976	Netlogon.exe	0x20048	ALLUSERSPROFILE	C:\Documents and Settings\All Users
3976	Netlogon.exe	0x20048	APPDATA	C:\Documents and Settings\Administrator\Application Data
3976	Netlogon.exe	0x20048	CLIENTNAME	Console
3976	Netlogon.exe	0x20048	CommonProgramFiles	C:\Program Files\Common Files
3976	Netlogon.exe	0x20048	COMPUTERNAME	SECURITY-91B8EC
3976	Netlogon.exe	0x20048	ComSpec	C:\WINDOWS\system32\cmd.exe
3976	Netlogon.exe	0x20048	FP_NO_HOST_CHECK	NO
3976	Netlogon.exe	0x20048	HOMEDRIVE	C:
3976	Netlogon.exe	0x20048	HOMEPATH	\Documents and Settings\Administrator
3976	Netlogon.exe	0x20048	LOGONSERVER	\\SECURITY-91B8EC
3976	Netlogon.exe	0x20048	NUMBER_OF_PROCESSORS	1
3976	Netlogon.exe	0x20048	OS	Windows_NT
3976	Netlogon.exe	0x20048	Path	C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
3976	Netlogon.exe	0x20048	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
3976	Netlogon.exe	0x20048	PROCESSOR_ARCHITECTURE	x86
3976	Netlogon.exe	0x20048	PROCESSOR_IDENTIFIER	x86 Family 6 Model 37 Stepping 2, GenuineIntel
3976	Netlogon.exe	0x20048	PROCESSOR_LEVEL	6
3976	Netlogon.exe	0x20048	PROCESSOR_REVISION	2502
3976	Netlogon.exe	0x20048	ProgramFiles	C:\Program Files
3976	Netlogon.exe	0x20048	SESSIONNAME	Console
3976	Netlogon.exe	0x20048	SystemDrive	C:
3976	Netlogon.exe	0x20048	SystemRoot	C:\WINDOWS
3976	Netlogon.exe	0x20048	TEMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
3976	Netlogon.exe	0x20048	TMP	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
3976	Netlogon.exe	0x20048	USERDOMAIN	SECURITY-91B8EC
3976	Netlogon.exe	0x20048	USERNAME	Administrator
3976	Netlogon.exe	0x20048	USERPROFILE	C:\Documents and Settings\Administrator
3976	Netlogon.exe	0x20048	windir	C:\WINDOWS