334 lines
19 KiB
Plaintext
334 lines
19 KiB
Plaintext
Volatility 3 Framework 1.0.1
|
|
|
|
PID Process Block Variable Value
|
|
|
|
600 csrss.exe 0x110048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
600 csrss.exe 0x110048 FP_NO_HOST_CHECK NO
|
|
600 csrss.exe 0x110048 NUMBER_OF_PROCESSORS 1
|
|
600 csrss.exe 0x110048 OS Windows_NT
|
|
600 csrss.exe 0x110048 Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
600 csrss.exe 0x110048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
600 csrss.exe 0x110048 PROCESSOR_ARCHITECTURE x86
|
|
600 csrss.exe 0x110048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
600 csrss.exe 0x110048 PROCESSOR_LEVEL 6
|
|
600 csrss.exe 0x110048 PROCESSOR_REVISION 2502
|
|
600 csrss.exe 0x110048 SystemDrive C:
|
|
600 csrss.exe 0x110048 SystemRoot C:\WINDOWS
|
|
600 csrss.exe 0x110048 TEMP C:\WINDOWS\TEMP
|
|
600 csrss.exe 0x110048 TMP C:\WINDOWS\TEMP
|
|
600 csrss.exe 0x110048 windir C:\WINDOWS
|
|
624 winlogon.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
624 winlogon.exe 0x20048 APPDATA C:\Documents and Settings\Administrator\Application Data
|
|
624 winlogon.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
624 winlogon.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
624 winlogon.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
624 winlogon.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
624 winlogon.exe 0x20048 LOGONSERVER \\SECURITY-91B8EC
|
|
624 winlogon.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
624 winlogon.exe 0x20048 OS Windows_NT
|
|
624 winlogon.exe 0x20048 Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
624 winlogon.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
624 winlogon.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
624 winlogon.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
624 winlogon.exe 0x20048 PROCESSOR_LEVEL 6
|
|
624 winlogon.exe 0x20048 PROCESSOR_REVISION 2502
|
|
624 winlogon.exe 0x20048 ProgramFiles C:\Program Files
|
|
624 winlogon.exe 0x20048 SystemDrive C:
|
|
624 winlogon.exe 0x20048 SystemRoot C:\WINDOWS
|
|
624 winlogon.exe 0x20048 TEMP C:\WINDOWS\TEMP
|
|
624 winlogon.exe 0x20048 TMP C:\WINDOWS\TEMP
|
|
1032 svchost.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
1032 svchost.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
1032 svchost.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
1032 svchost.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
1032 svchost.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
1032 svchost.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
1032 svchost.exe 0x20048 OS Windows_NT
|
|
1032 svchost.exe 0x20048 Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
1032 svchost.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
1032 svchost.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
1032 svchost.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
1032 svchost.exe 0x20048 PROCESSOR_LEVEL 6
|
|
1032 svchost.exe 0x20048 PROCESSOR_REVISION 2502
|
|
1032 svchost.exe 0x20048 ProgramFiles C:\Program Files
|
|
1032 svchost.exe 0x20048 SystemDrive C:
|
|
1032 svchost.exe 0x20048 SystemRoot C:\WINDOWS
|
|
1032 svchost.exe 0x20048 TEMP C:\WINDOWS\TEMP
|
|
1032 svchost.exe 0x20048 TMP C:\WINDOWS\TEMP
|
|
1032 svchost.exe 0x20048 USERPROFILE C:\Documents and Settings\NetworkService
|
|
1032 svchost.exe 0x20048 windir C:\WINDOWS
|
|
1512 explorer.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
1512 explorer.exe 0x20048 APPDATA C:\Documents and Settings\Administrator\Application Data
|
|
1512 explorer.exe 0x20048 CLIENTNAME Console
|
|
1512 explorer.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
1512 explorer.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
1512 explorer.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
1512 explorer.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
1512 explorer.exe 0x20048 HOMEDRIVE C:
|
|
1512 explorer.exe 0x20048 HOMEPATH \Documents and Settings\Administrator
|
|
1512 explorer.exe 0x20048 LOGONSERVER \\SECURITY-91B8EC
|
|
1512 explorer.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
1512 explorer.exe 0x20048 OS Windows_NT
|
|
1512 explorer.exe 0x20048 Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
1512 explorer.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
1512 explorer.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
1512 explorer.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
1512 explorer.exe 0x20048 PROCESSOR_LEVEL 6
|
|
1512 explorer.exe 0x20048 PROCESSOR_REVISION 2502
|
|
1512 explorer.exe 0x20048 ProgramFiles C:\Program Files
|
|
1512 explorer.exe 0x20048 SESSIONNAME Console
|
|
1512 explorer.exe 0x20048 SystemDrive C:
|
|
1512 explorer.exe 0x20048 SystemRoot C:\WINDOWS
|
|
1512 explorer.exe 0x20048 TEMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
1752 VMwareTray.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
1752 VMwareTray.exe 0x20048 APPDATA C:\Documents and Settings\Administrator\Application Data
|
|
1752 VMwareTray.exe 0x20048 CLIENTNAME Console
|
|
1752 VMwareTray.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
1752 VMwareTray.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
1752 VMwareTray.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
1752 VMwareTray.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
1752 VMwareTray.exe 0x20048 HOMEDRIVE C:
|
|
1752 VMwareTray.exe 0x20048 HOMEPATH \Documents and Settings\Administrator
|
|
1752 VMwareTray.exe 0x20048 LOGONSERVER \\SECURITY-91B8EC
|
|
1752 VMwareTray.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
1752 VMwareTray.exe 0x20048 OS Windows_NT
|
|
1752 VMwareTray.exe 0x20048 Path C:\Program Files\VMware\VMware Tools\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
1752 VMwareTray.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
1752 VMwareTray.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
1752 VMwareTray.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
1752 VMwareTray.exe 0x20048 PROCESSOR_LEVEL 6
|
|
1752 VMwareTray.exe 0x20048 PROCESSOR_REVISION 2502
|
|
1752 VMwareTray.exe 0x20048 ProgramFiles C:\Program Files
|
|
1752 VMwareTray.exe 0x20048 SESSIONNAME Console
|
|
1752 VMwareTray.exe 0x20048 SystemDrive C:
|
|
1752 VMwareTray.exe 0x20048 SystemRoot C:\WINDOWS
|
|
1752 VMwareTray.exe 0x20048 TEMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
1752 VMwareTray.exe 0x20048 TMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
1752 VMwareTray.exe 0x20048 USERDOMAIN SECURITY-91B8EC
|
|
1752 VMwareTray.exe 0x20048 USERNAME Administrator
|
|
1772 VMwareUser.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
1772 VMwareUser.exe 0x20048 APPDATA C:\Documents and Settings\Administrator\Application Data
|
|
1772 VMwareUser.exe 0x20048 CLIENTNAME Console
|
|
1772 VMwareUser.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
1772 VMwareUser.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
1772 VMwareUser.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
1772 VMwareUser.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
1772 VMwareUser.exe 0x20048 HOMEDRIVE C:
|
|
1772 VMwareUser.exe 0x20048 HOMEPATH \Documents and Settings\Administrator
|
|
1772 VMwareUser.exe 0x20048 LOGONSERVER \\SECURITY-91B8EC
|
|
1772 VMwareUser.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
1772 VMwareUser.exe 0x20048 OS Windows_NT
|
|
1772 VMwareUser.exe 0x20048 Path C:\Program Files\VMware\VMware Tools\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
1772 VMwareUser.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
1772 VMwareUser.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
1772 VMwareUser.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
1772 VMwareUser.exe 0x20048 PROCESSOR_LEVEL 6
|
|
1772 VMwareUser.exe 0x20048 PROCESSOR_REVISION 2502
|
|
1772 VMwareUser.exe 0x20048 ProgramFiles C:\Program Files
|
|
1772 VMwareUser.exe 0x20048 SESSIONNAME Console
|
|
1772 VMwareUser.exe 0x20048 SystemDrive C:
|
|
1772 VMwareUser.exe 0x20048 SystemRoot C:\WINDOWS
|
|
1772 VMwareUser.exe 0x20048 TEMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
1772 VMwareUser.exe 0x20048 TMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
1772 VMwareUser.exe 0x20048 USERDOMAIN SECURITY-91B8EC
|
|
1772 VMwareUser.exe 0x20048 USERNAME Administrator
|
|
1796 AdobeARM.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
1796 AdobeARM.exe 0x20048 APPDATA C:\Documents and Settings\Administrator\Application Data
|
|
1796 AdobeARM.exe 0x20048 CLIENTNAME Console
|
|
1796 AdobeARM.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
1796 AdobeARM.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
1796 AdobeARM.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
1796 AdobeARM.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
1796 AdobeARM.exe 0x20048 HOMEDRIVE C:
|
|
1796 AdobeARM.exe 0x20048 HOMEPATH \Documents and Settings\Administrator
|
|
1796 AdobeARM.exe 0x20048 LOGONSERVER \\SECURITY-91B8EC
|
|
1796 AdobeARM.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
1796 AdobeARM.exe 0x20048 OS Windows_NT
|
|
1796 AdobeARM.exe 0x20048 Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
1796 AdobeARM.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
1796 AdobeARM.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
1796 AdobeARM.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
1796 AdobeARM.exe 0x20048 PROCESSOR_LEVEL 6
|
|
1796 AdobeARM.exe 0x20048 PROCESSOR_REVISION 2502
|
|
1796 AdobeARM.exe 0x20048 ProgramFiles C:\Program Files
|
|
1796 AdobeARM.exe 0x20048 SESSIONNAME Console
|
|
1796 AdobeARM.exe 0x20048 SystemDrive C:
|
|
1796 AdobeARM.exe 0x20048 SystemRoot C:\WINDOWS
|
|
1796 AdobeARM.exe 0x20048 TEMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
1796 AdobeARM.exe 0x20048 TMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
1796 AdobeARM.exe 0x20048 USERDOMAIN SECURITY-91B8EC
|
|
1796 AdobeARM.exe 0x20048 USERNAME Administrator
|
|
1796 AdobeARM.exe 0x20048 USERPROFILE C:\Documents and Settings\Administrator
|
|
252 vmtoolsd.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
252 vmtoolsd.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
252 vmtoolsd.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
252 vmtoolsd.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
252 vmtoolsd.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
252 vmtoolsd.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
252 vmtoolsd.exe 0x20048 OS Windows_NT
|
|
252 vmtoolsd.exe 0x20048 Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
252 vmtoolsd.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
252 vmtoolsd.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
252 vmtoolsd.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
252 vmtoolsd.exe 0x20048 PROCESSOR_LEVEL 6
|
|
252 vmtoolsd.exe 0x20048 PROCESSOR_REVISION 2502
|
|
252 vmtoolsd.exe 0x20048 ProgramFiles C:\Program Files
|
|
252 vmtoolsd.exe 0x20048 SystemDrive C:
|
|
252 vmtoolsd.exe 0x20048 SystemRoot C:\WINDOWS
|
|
252 vmtoolsd.exe 0x20048 TEMP C:\WINDOWS\TEMP
|
|
252 vmtoolsd.exe 0x20048 TMP C:\WINDOWS\TEMP
|
|
252 vmtoolsd.exe 0x20048 USERPROFILE C:\Documents and Settings\LocalService
|
|
252 vmtoolsd.exe 0x20048 windir C:\WINDOWS
|
|
992 wmiprvse.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
992 wmiprvse.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
992 wmiprvse.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
992 wmiprvse.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
992 wmiprvse.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
992 wmiprvse.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
992 wmiprvse.exe 0x20048 OS Windows_NT
|
|
992 wmiprvse.exe 0x20048 Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
992 wmiprvse.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
992 wmiprvse.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
992 wmiprvse.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
992 wmiprvse.exe 0x20048 PROCESSOR_LEVEL 6
|
|
992 wmiprvse.exe 0x20048 PROCESSOR_REVISION 2502
|
|
992 wmiprvse.exe 0x20048 ProgramFiles C:\Program Files
|
|
992 wmiprvse.exe 0x20048 SystemDrive C:
|
|
992 wmiprvse.exe 0x20048 SystemRoot C:\WINDOWS
|
|
992 wmiprvse.exe 0x20048 TEMP C:\WINDOWS\TEMP
|
|
992 wmiprvse.exe 0x20048 TMP C:\WINDOWS\TEMP
|
|
992 wmiprvse.exe 0x20048 USERPROFILE C:\WINDOWS\system32\config\systemprofile
|
|
992 wmiprvse.exe 0x20048 windir C:\WINDOWS
|
|
1132 wuauclt.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
1132 wuauclt.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
1132 wuauclt.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
1132 wuauclt.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
1132 wuauclt.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
1132 wuauclt.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
1132 wuauclt.exe 0x20048 OS Windows_NT
|
|
1132 wuauclt.exe 0x20048 Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
1132 wuauclt.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
1132 wuauclt.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
1132 wuauclt.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
1132 wuauclt.exe 0x20048 PROCESSOR_LEVEL 6
|
|
1132 wuauclt.exe 0x20048 PROCESSOR_REVISION 2502
|
|
1132 wuauclt.exe 0x20048 ProgramFiles C:\Program Files
|
|
1132 wuauclt.exe 0x20048 SystemDrive C:
|
|
1132 wuauclt.exe 0x20048 SystemRoot C:\WINDOWS
|
|
1132 wuauclt.exe 0x20048 TEMP C:\WINDOWS\TEMP
|
|
1132 wuauclt.exe 0x20048 TMP C:\WINDOWS\TEMP
|
|
1132 wuauclt.exe 0x20048 USERPROFILE C:\Documents and Settings\NetworkService
|
|
1132 wuauclt.exe 0x20048 windir C:\WINDOWS
|
|
3692 AcroRd32.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
3692 AcroRd32.exe 0x20048 APPDATA C:\Documents and Settings\Administrator\Application Data
|
|
3692 AcroRd32.exe 0x20048 CLIENTNAME Console
|
|
3692 AcroRd32.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
3692 AcroRd32.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
3692 AcroRd32.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
3692 AcroRd32.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
3692 AcroRd32.exe 0x20048 HOMEDRIVE C:
|
|
3692 AcroRd32.exe 0x20048 HOMEPATH \Documents and Settings\Administrator
|
|
3692 AcroRd32.exe 0x20048 LOGONSERVER \\SECURITY-91B8EC
|
|
3692 AcroRd32.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
3692 AcroRd32.exe 0x20048 OS Windows_NT
|
|
3692 AcroRd32.exe 0x20048 Path C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins;C:\Program Files\Adobe\Reader 9.0\Reader\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
3692 AcroRd32.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
3692 AcroRd32.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
3692 AcroRd32.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
3692 AcroRd32.exe 0x20048 PROCESSOR_LEVEL 6
|
|
3692 AcroRd32.exe 0x20048 PROCESSOR_REVISION 2502
|
|
3692 AcroRd32.exe 0x20048 ProgramFiles C:\Program Files
|
|
3692 AcroRd32.exe 0x20048 SESSIONNAME Console
|
|
3692 AcroRd32.exe 0x20048 SystemDrive C:
|
|
3692 AcroRd32.exe 0x20048 SystemRoot C:\WINDOWS
|
|
3692 AcroRd32.exe 0x20048 TEMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
3692 AcroRd32.exe 0x20048 TMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
3692 AcroRd32.exe 0x20048 USERDOMAIN SECURITY-91B8EC
|
|
3692 AcroRd32.exe 0x20048 USERNAME Administrator
|
|
3692 AcroRd32.exe 0x20048 USERPROFILE C:\Documents and Settings\Administrator
|
|
3692 AcroRd32.exe 0x20048 windir C:\WINDOWS
|
|
3728 AcroRd32Info.ex 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
3728 AcroRd32Info.ex 0x20048 APPDATA C:\Documents and Settings\Administrator\Application Data
|
|
3728 AcroRd32Info.ex 0x20048 CLIENTNAME Console
|
|
3728 AcroRd32Info.ex 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
3728 AcroRd32Info.ex 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
3728 AcroRd32Info.ex 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
3728 AcroRd32Info.ex 0x20048 FP_NO_HOST_CHECK NO
|
|
3728 AcroRd32Info.ex 0x20048 HOMEDRIVE C:
|
|
3728 AcroRd32Info.ex 0x20048 HOMEPATH \Documents and Settings\Administrator
|
|
3728 AcroRd32Info.ex 0x20048 LOGONSERVER \\SECURITY-91B8EC
|
|
3728 AcroRd32Info.ex 0x20048 NUMBER_OF_PROCESSORS 1
|
|
3728 AcroRd32Info.ex 0x20048 OS Windows_NT
|
|
3728 AcroRd32Info.ex 0x20048 Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
3728 AcroRd32Info.ex 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
3728 AcroRd32Info.ex 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
3728 AcroRd32Info.ex 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
3728 AcroRd32Info.ex 0x20048 PROCESSOR_LEVEL 6
|
|
3728 AcroRd32Info.ex 0x20048 PROCESSOR_REVISION 2502
|
|
3728 AcroRd32Info.ex 0x20048 ProgramFiles C:\Program Files
|
|
3728 AcroRd32Info.ex 0x20048 SESSIONNAME Console
|
|
3728 AcroRd32Info.ex 0x20048 SystemDrive C:
|
|
3728 AcroRd32Info.ex 0x20048 SystemRoot C:\WINDOWS
|
|
3728 AcroRd32Info.ex 0x20048 TEMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
3728 AcroRd32Info.ex 0x20048 TMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
3728 AcroRd32Info.ex 0x20048 USERDOMAIN SECURITY-91B8EC
|
|
3728 AcroRd32Info.ex 0x20048 USERNAME Administrator
|
|
3728 AcroRd32Info.ex 0x20048 USERPROFILE C:\Documents and Settings\Administrator
|
|
3728 AcroRd32Info.ex 0x20048 windir C:\WINDOWS
|
|
3968 rundll32.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
3968 rundll32.exe 0x20048 APPDATA C:\Documents and Settings\Administrator\Application Data
|
|
3968 rundll32.exe 0x20048 CLIENTNAME Console
|
|
3968 rundll32.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
3968 rundll32.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
3968 rundll32.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
3968 rundll32.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
3968 rundll32.exe 0x20048 HOMEDRIVE C:
|
|
3968 rundll32.exe 0x20048 HOMEPATH \Documents and Settings\Administrator
|
|
3968 rundll32.exe 0x20048 LOGONSERVER \\SECURITY-91B8EC
|
|
3968 rundll32.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
3968 rundll32.exe 0x20048 OS Windows_NT
|
|
3968 rundll32.exe 0x20048 Path C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins;C:\Program Files\Adobe\Reader 9.0\Reader\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
3968 rundll32.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
3968 rundll32.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
3968 rundll32.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
3968 rundll32.exe 0x20048 PROCESSOR_LEVEL 6
|
|
3968 rundll32.exe 0x20048 PROCESSOR_REVISION 2502
|
|
3968 rundll32.exe 0x20048 ProgramFiles C:\Program Files
|
|
3968 rundll32.exe 0x20048 SESSIONNAME Console
|
|
3968 rundll32.exe 0x20048 SystemDrive C:
|
|
3968 rundll32.exe 0x20048 SystemRoot C:\WINDOWS
|
|
3968 rundll32.exe 0x20048 TEMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
3968 rundll32.exe 0x20048 TMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
3968 rundll32.exe 0x20048 USERDOMAIN SECURITY-91B8EC
|
|
3968 rundll32.exe 0x20048 USERNAME Administrator
|
|
3968 rundll32.exe 0x20048 USERPROFILE C:\Documents and Settings\Administrator
|
|
3968 rundll32.exe 0x20048 windir C:\WINDOWS
|
|
3976 Netlogon.exe 0x20048 ALLUSERSPROFILE C:\Documents and Settings\All Users
|
|
3976 Netlogon.exe 0x20048 APPDATA C:\Documents and Settings\Administrator\Application Data
|
|
3976 Netlogon.exe 0x20048 CLIENTNAME Console
|
|
3976 Netlogon.exe 0x20048 CommonProgramFiles C:\Program Files\Common Files
|
|
3976 Netlogon.exe 0x20048 COMPUTERNAME SECURITY-91B8EC
|
|
3976 Netlogon.exe 0x20048 ComSpec C:\WINDOWS\system32\cmd.exe
|
|
3976 Netlogon.exe 0x20048 FP_NO_HOST_CHECK NO
|
|
3976 Netlogon.exe 0x20048 HOMEDRIVE C:
|
|
3976 Netlogon.exe 0x20048 HOMEPATH \Documents and Settings\Administrator
|
|
3976 Netlogon.exe 0x20048 LOGONSERVER \\SECURITY-91B8EC
|
|
3976 Netlogon.exe 0x20048 NUMBER_OF_PROCESSORS 1
|
|
3976 Netlogon.exe 0x20048 OS Windows_NT
|
|
3976 Netlogon.exe 0x20048 Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
|
|
3976 Netlogon.exe 0x20048 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
|
|
3976 Netlogon.exe 0x20048 PROCESSOR_ARCHITECTURE x86
|
|
3976 Netlogon.exe 0x20048 PROCESSOR_IDENTIFIER x86 Family 6 Model 37 Stepping 2, GenuineIntel
|
|
3976 Netlogon.exe 0x20048 PROCESSOR_LEVEL 6
|
|
3976 Netlogon.exe 0x20048 PROCESSOR_REVISION 2502
|
|
3976 Netlogon.exe 0x20048 ProgramFiles C:\Program Files
|
|
3976 Netlogon.exe 0x20048 SESSIONNAME Console
|
|
3976 Netlogon.exe 0x20048 SystemDrive C:
|
|
3976 Netlogon.exe 0x20048 SystemRoot C:\WINDOWS
|
|
3976 Netlogon.exe 0x20048 TEMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
3976 Netlogon.exe 0x20048 TMP C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
|
|
3976 Netlogon.exe 0x20048 USERDOMAIN SECURITY-91B8EC
|
|
3976 Netlogon.exe 0x20048 USERNAME Administrator
|
|
3976 Netlogon.exe 0x20048 USERPROFILE C:\Documents and Settings\Administrator
|
|
3976 Netlogon.exe 0x20048 windir C:\WINDOWS
|