Ok!
Here is my "Local Process Explorer"
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Ok!
Here is my "Local Process Explorer"
OK. Looks decent tho Interrupts is still a bit high. If you want to look into it we can try Latency Monitor:
Go to
http://www.resplendence.com/downloads
Scroll down to
System Monitoring Tools
and then find
LatencyMon 6.70 (or it may be a higher number if they update)
Click on Download free home edition
Save it then right click and Run As Admin. It will install and then start the program.
It will tell you to click on the Start button but there isn't one.
Instead click on the green arrowhead (looks like a Play button). Let it run for at least 20 seconds. Then hit the red box to stop it.
Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.
if you are getting tired of this we can quit now. Doesn't seem to be any sign of an infection.
It's OK to me, since there's no sign of an infection, we can close "the case", you probably have more important things to do!
I just wonder how the password was stolen...
Anyway here is the report:
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts.
LatencyMon has been analyzing your system for 0:02:00 (h:mm:ss) on all processors.
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name: RUIPEDRO-PC
OS version: Windows 10 , 10.0, build: 17134 (x64)
Hardware: HP Compaq 6000 Pro SFF PC, Hewlett-Packard, 3048h
CPU: GenuineIntel Intel® Core2 Duo CPU E8400 @ 3.00GHz
Logical processors: 2
Processor groups: 1
RAM: 3991 MB total
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed: 2992 MHz
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
Highest measured interrupt to process latency (µs): 492,070412
Average measured interrupt to process latency (µs): 5,446128
Highest measured interrupt to DPC latency (µs): 488,306313
Average measured interrupt to DPC latency (µs): 1,682520
_________________________________________________________________________________________________________
REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
Highest ISR routine execution time (µs): 12,218583
Driver with highest ISR routine execution time: USBPORT.SYS - Controlador de Portas USB 1.1 e 2.0, Microsoft Corporation
Highest reported total ISR routine time (%): 0,010023
Driver with highest ISR total time: USBPORT.SYS - Controlador de Portas USB 1.1 e 2.0, Microsoft Corporation
Total time spent in ISRs (%) 0,010169
ISR count (execution time <250 µs): 7688
ISR count (execution time 250-500 µs): 0
ISR count (execution time 500-999 µs): 0
ISR count (execution time 1000-1999 µs): 0
ISR count (execution time 2000-3999 µs): 0
ISR count (execution time >=4000 µs): 0
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
Highest DPC routine execution time (µs): 476,927807
Driver with highest DPC routine execution time: ndis.sys - NDIS (Network Driver Interface Specification), Microsoft Corporation
Highest reported total DPC routine time (%): 0,040905
Driver with highest DPC total execution time: USBPORT.SYS - Controlador de Portas USB 1.1 e 2.0, Microsoft Corporation
Total time spent in DPCs (%) 0,185848
DPC count (execution time <250 µs): 61258
DPC count (execution time 250-500 µs): 0
DPC count (execution time 500-999 µs): 1
DPC count (execution time 1000-1999 µs): 0
DPC count (execution time 2000-3999 µs): 0
DPC count (execution time >=4000 µs): 0
_________________________________________________________________________________________________________
REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
Process with highest pagefault count: system
Total number of hard pagefaults 624
Hard pagefault count of hardest hit process: 168
Number of processes hit: 21
_________________________________________________________________________________________________________
PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s): 1,404112
CPU 0 ISR highest execution time (µs): 12,218583
CPU 0 ISR total execution time (s): 0,024548
CPU 0 ISR count: 7688
CPU 0 DPC highest execution time (µs): 476,927807
CPU 0 DPC total execution time (s): 0,435572
CPU 0 DPC count: 59316
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s): 0,201978
CPU 1 ISR highest execution time (µs): 0,0
CPU 1 ISR total execution time (s): 0,0
CPU 1 ISR count: 0
CPU 1 DPC highest execution time (µs): 75,778075
CPU 1 DPC total execution time (s): 0,013080
CPU 1 DPC count: 1943
_________________________________________________________________________________________________________
I'm retired so have lots of time.
I'm surprised to see System causing HARD PAGEFAULTS. If you rerun Process Explorer then click on View, Show Lower Pane (we want it clicked) then on Lower Pane View and click on Handles. Now click on System and save a log. That will gives us a long list of things that are running under System.
There have been some cases of routers being infected. You might open an elevated Command Prompt. Then type:
tracert -d google.com > \junk.txt
notepad \junk.txt
Copy and paste the result into a Reply.
OK, thanks for your time, For me it's ok also, I'm learning at the same time
Annnd it happened again... !
I got an email from the scammer sent from my email to my email.
Also in this email he reveals a weak password that I use in some websites... stating that is the password for the email account... this is false, the password for the email is quite strong..
The fact is that I use the password he reveals in some websites...
I Have attached the email if you would like to see it! (I have masked the password for security reasons...)
The rest of the blabla in the email is Bullsh*** I don't visit porn sites (at least in this computer! Ahah) and I don't have any webcam.... etc...
I will follow your last instructions in your previous reply and post the results.
Look in your email Sent folder. Do you see this email?
Looking at the details I see it is coming from 94.228.89.104 which is in Slovakia so it's probably not in your Sent folder. The return address is spoofed. It's possible that one of the sites you have logged into has been hacked and they are using the info to mess with your mind.
no... I believe this is sent directly through the smtp of our website, since our hosting service confirmed accesses from multiple countries...
and has I told before, it stops for some time, every time i change the password for this account... and then it starts all over again!
Looking at the details I see it is coming from 94.228.89.104 which is in Slovakia so it's probably not in your Sent folder. The return address is spoofed. It's possible that one of the sites you have logged into has been hacked and they are using the info to mess with your mind.
I See, but I never used the email password in any other site, how can they login there to send the emails ?
This is so strange to me... I really care about security and can't understand what's is going on....
Tracing route to google.com [216.58.201.142]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.1.254
2 3 ms 1 ms 1 ms 100.64.155.137
3 1 ms 1 ms 1 ms 195.8.21.86
4 3 ms 3 ms 3 ms 195.8.21.85
5 2 ms 1 ms 1 ms 195.8.10.102
6 10 ms 9 ms 9 ms 216.239.56.185
7 10 ms 10 ms 9 ms 108.170.253.241
8 10 ms 9 ms 9 ms 209.85.142.147
9 10 ms 10 ms 9 ms 216.58.201.142
Trace complete.
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
Registry 1.248 K 14.212 K 88
System Idle Process 67.77 52 K 8 K 0
System 0.86 228 K 14.916 K 4
Interrupts 1.29 0 K 0 K n/a Hardware Interrupts and DPCs
smss.exe 496 K 244 K 348 Gestor de Sessões do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
Memory Compression < 0.01 1.292 K 192.380 K 2216
csrss.exe 0.03 1.808 K 2.048 K 492 Processo de Tempo de Execução de Servidor Cliente Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 0.45 2.488 K 2.108 K 572 Processo de Tempo de Execução de Servidor Cliente Microsoft Corporation (Verified) Microsoft Windows Publisher
wininit.exe 1.300 K 724 K 584 Aplicação de Arranque do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 5.220 K 5.196 K 712 Aplicação de serviços e controlo Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 992 K 668 K 828 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 14.080 K 18.012 K 892 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
WmiPrvSE.exe 1.22 14.980 K 25.844 K 6800 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 44.348 K 36.432 K 8080 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 107.928 K 65.212 K 7180 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 8.760 K 18.456 K 7372 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6.136 K 17.760 K 6388 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
LockApp.exe Suspended 11.692 K 384 K 8572 LockApp.exe Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6.512 K 3.844 K 8648 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
SkypeBackgroundHost.exe Suspended 2.012 K 3.836 K 8720 Microsoft Skype Microsoft Corporation (Nenhuma assinatura estava presente no sujeito) Microsoft Corporation
SkypeApp.exe Suspended 15.524 K 404 K 8780 SkypeApp Microsoft Corporation (Nenhuma assinatura estava presente no sujeito) Microsoft Corporation
Video.UI.exe Suspended 20.508 K 476 K 9008 (Nenhuma assinatura estava presente no sujeito)
RuntimeBroker.exe 8.888 K 23.672 K 9264 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2.404 K 13.668 K 9540 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1.908 K 6.932 K 9708 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
hpqbam08.exe 2.020 K 3.284 K 10708 HP CUE Alert Popup Window Objects Hewlett-Packard Co. (Nenhuma assinatura estava presente no sujeito) Hewlett-Packard Co.
hpqgpc01.exe 3.024 K 3.836 K 11060 GPCore COM object Hewlett-Packard (Nenhuma assinatura estava presente no sujeito) Hewlett-Packard
dllhost.exe 2.176 K 5.488 K 10948 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
ApplicationFrameHost.exe 11.220 K 22.188 K 9080 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4.884 K 5.124 K 6220 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2.312 K 7.024 K 6632 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
Microsoft.Photos.exe Suspended 138.104 K 5.216 K 3988 (Nenhuma assinatura estava presente no sujeito)
RuntimeBroker.exe 10.376 K 20.760 K 5404 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
MicrosoftEdge.exe Suspended 22.708 K 52.284 K 6436 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
browser_broker.exe 1.932 K 8.172 K 5124 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1.756 K 6.212 K 12132 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
MicrosoftEdgeCP.exe Suspended 6.660 K 22.148 K 12000 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
MicrosoftEdgeCP.exe Suspended 6.716 K 22.400 K 6756 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Corporation
OpenWith.exe 7.692 K 27.964 K 10684 Selecionar uma aplicação Microsoft Corporation (Verified) Microsoft Windows
smartscreen.exe 11.408 K 21.260 K 6504 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2.428 K 8.752 K 1104 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 8.760 K 10.292 K 972 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2.760 K 2.428 K 1020 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12.200 K 7.552 K 1068 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.996 K 2.284 K 1076 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.108 K 444 K 1132 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.056 K 4.092 K 1148 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 30.456 K 8.160 K 1220 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6.592 K 7.580 K 1228 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
taskhostw.exe 7.632 K 15.956 K 3892 Processo Anfitrião para Tarefas do Windows Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1.848 K 496 K 1284 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.716 K 4.704 K 1300 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.776 K 664 K 1316 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 5.768 K 2.784 K 1380 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.948 K 720 K 1392 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 2.200 K 1.948 K 1488 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.684 K 4.772 K 1496 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
sihost.exe 10.552 K 19.076 K 3076 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3.920 K 3.088 K 1700 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
launcher_service_ex.exe 4.576 K 2.212 K 1732 Remote Management and Monitoring Component Comodo Security Solutions, Inc. (Verified) Comodo Security Solutions
unit_manager.exe 0.14 3.976 K 6.304 K 6796 Remote Management and Monitoring Component Comodo Security Solutions, Inc. (Verified) Comodo Security Solutions
unit.exe 0.03 8.148 K 13.268 K 7312 Remote Management and Monitoring Component Comodo Security Solutions, Inc. (Verified) Comodo Security Solutions
unit.exe 0.21 12.520 K 14.072 K 6760 Remote Management and Monitoring Component Comodo Security Solutions, Inc. (Verified) Comodo Security Solutions
svchost.exe 2.044 K 3.356 K 1828 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.000 K 6.532 K 1868 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.428 K 10.688 K 1964 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.868 K 7.972 K 2016 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.364 K 8.208 K 2060 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.012 K 6.596 K 2068 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.516 K 4.812 K 2076 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.256 K 7.636 K 2088 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.372 K 5.304 K 2112 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.836 K 7.104 K 2240 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.880 K 3.392 K 2284 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.936 K 6.732 K 2292 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.196 K 8.184 K 2332 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.616 K 11.792 K 2480 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
audiodg.exe 7.256 K 12.620 K 8376 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
RTKAUDIOSERVICE64.EXE 1.644 K 5.948 K 2656 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
svchost.exe 5.380 K 13.256 K 2664 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.48 11.856 K 20.664 K 2692 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.660 K 5.484 K 2712 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.132 K 6.396 K 2720 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.960 K 9.568 K 2772 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.244 K 10.628 K 2812 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe < 0.01 12.460 K 20.464 K 2964 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2.112 K 7.408 K 2096 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6.276 K 14.820 K 3096 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.716 K 5.484 K 3112 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
dasHost.exe 6.496 K 11.512 K 3204 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7.720 K 18.668 K 3188 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
armsvc.exe 1.344 K 5.600 K 3260 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
AppleMobileDeviceService.exe 0.08 3.520 K 7.544 K 3268 MobileDeviceService Apple Inc. (Verified) Apple Inc.
remoting_host.exe 4.728 K 9.400 K 3280 Processo do Anfitrião Google Inc. (Verified) Google Inc
remoting_host.exe 2.41 54.584 K 67.568 K 4288 Processo do Anfitrião Google Inc. (Verified) Google Inc
mDNSResponder.exe 1.656 K 5.364 K 3288 Bonjour Service Apple Inc. (Verified) Apple Inc.
svchost.exe 6.644 K 15.012 K 3296 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.752 K 10.124 K 3304 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 27.476 K 28.928 K 3312 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5.008 K 8.376 K 3320 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 9.524 K 20.640 K 3332 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3.352 K 9.680 K 3396 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
BackupService.exe 0.50 13.624 K 15.936 K 3448 CTERA Agent Service (Verified) CTERA Networks inc
svchost.exe 1.308 K 4.616 K 3492 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
mqsvc.exe 4.992 K 10.284 K 3528 Message Queuing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3.836 K 7.536 K 3548 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
SMSvcHost.exe 25.188 K 2.280 K 3576 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 1.480 K 5.428 K 3600 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.976 K 5.984 K 3632 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4.252 K 10.692 K 3660 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
RMMRSP.exe 0.04 2.400 K 6.696 K 3676 RMM Remote Screen Protocol Server Comodo Security Solutions, Inc. (Verified) Comodo Security Solutions
SecurityHealthService.exe 4.288 K 12.868 K 3684 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.328 K 4.976 K 3716 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
MsMpEng.exe 1.22 162.632 K 102.444 K 3768 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
SearchIndexer.exe < 0.01 53.800 K 48.700 K 3776 Indexador do Microsoft Windows Search Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4.452 K 18.212 K 3792 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.616 K 3.040 K 4264 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.340 K 4.832 K 4360 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.700 K 4.700 K 4588 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.776 K 3.636 K 4656 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
ctfmon.exe 49.868 K 14.448 K 5184 Carregador do CTF Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 3.548 K 9.816 K 5276 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4.380 K 10.588 K 5720 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
SMSvcHost.exe 22.592 K 14.168 K 5848 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
wmpnetwk.exe 7.284 K 3.240 K 5944 Serviço de Partilha de Rede do Windows Media Player Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4.416 K 8.220 K 6264 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.948 K 11.168 K 6720 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.892 K 10.100 K 7060 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.456 K 5.744 K 2820 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
NisSrv.exe 7.188 K 9.712 K 7536 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 3.572 K 10.984 K 7912 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4.012 K 17.520 K 8656 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 22.660 K 18.784 K 9636 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4.188 K 9.428 K 10548 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5.584 K 16.504 K 10996 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
HPSupportSolutionsFrameworkService.exe 46.984 K 11.016 K 2308 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
TouchpointAnalyticsClientService.exe 0.98 45.440 K 19.044 K 5480 HP Touchpoint Analytics Client Service HP Inc. (Verified) HP Inc.
SgrmBroker.exe 3.060 K 3.208 K 11156 Serviço de Mediador de Monitor de Tempo de Execução do System Guard Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.196 K 2.588 K 10260 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
hpqwmiex.exe 1.776 K 416 K 9236 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
svchost.exe 2.940 K 2.016 K 10892 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
OSPPSVC.EXE 3.524 K 11.612 K 2808 Microsoft Office Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 6.116 K 4.496 K 9840 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 10.040 K 10.904 K 10000 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.528 K 5.700 K 5472 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe 0.02 7.912 K 10.844 K 728 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
fontdrvhost.exe 5.048 K 976 K 844 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2.452 K 3.096 K 672 Aplicação de Início de Sessão do Windows Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 4.844 K 6.600 K 836 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 1.89 102.088 K 56.756 K 380 Gestor de Janelas do Ambiente do Trabalho Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.14 88.480 K 93.732 K 6132 Explorador do Windows Microsoft Corporation (Verified) Microsoft Windows
MSASCuiL.exe 1.956 K 7.964 K 9868 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
OneDrive.exe 25.760 K 7.628 K 10116 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
hpqtra08.exe 0.03 8.804 K 10.928 K 9816 HP Digital Imaging Monitor Hewlett-Packard Co. (Nenhuma assinatura estava presente no sujeito) Hewlett-Packard Co.
hpqste08.exe 4.632 K 6.408 K 10664 HP CUE Status Root Hewlett-Packard Co. (Nenhuma assinatura estava presente no sujeito) Hewlett-Packard Co.
OUTLOOK.EXE 0.28 243.640 K 176.588 K 2616 Microsoft Outlook Microsoft Corporation (Verified) Microsoft Corporation
stickies.exe 0.18 10.272 K 11.024 K 4344 Stickies 7.1e Zhorn Software (Nenhuma assinatura estava presente no sujeito) Zhorn Software
phccorporate.exe 0.66 114.908 K 41.072 K 5728 (Nenhuma assinatura estava presente no sujeito)
splwow64.exe 5.268 K 7.148 K 13084 Print driver host for applications Microsoft Corporation (Verified) Microsoft Windows
firefox.exe 0.82 195.176 K 238.876 K 9396 Firefox Mozilla Corporation (Verified) Mozilla Corporation
firefox.exe 0.63 70.068 K 100.700 K 12784 Firefox Mozilla Corporation (Verified) Mozilla Corporation
firefox.exe 1.71 185.620 K 259.216 K 13108 Firefox Mozilla Corporation (Verified) Mozilla Corporation
firefox.exe 69.584 K 86.116 K 11604 Firefox Mozilla Corporation (Verified) Mozilla Corporation
firefox.exe 19.192 K 34.112 K 6048 Firefox Mozilla Corporation (Verified) Mozilla Corporation
cmd.exe 3.192 K 3.304 K 6440 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 6.404 K 16.496 K 1568 Anfitrião de Janelas de Consola Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 14.16 42.600 K 75.872 K 10360 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
hpwuschd2.exe 1.228 K 5.592 K 6068 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
CteraAgentWD.exe 964 K 4.104 K 10264 (Verified) CTERA Networks inc
CTERAAgent.exe 0.35 14.220 K 6.860 K 10444 CTERA Agent (Verified) CTERA Networks inc
jusched.exe 3.080 K 11.452 K 10372 Java Update Scheduler Oracle Corporation (Verified) Oracle America
EXCEL.EXE 25.868 K 30.944 K 6740 Microsoft Excel Microsoft Corporation (Verified) Microsoft Corporation
splwow64.exe 4.508 K 11.196 K 12404 Print driver host for applications Microsoft Corporation (Verified) Microsoft Windows
Skype.exe 0.02 47.344 K 43.668 K 7360 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
Skype.exe 8.084 K 1.288 K 864 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
Skype.exe 44.064 K 9.880 K 4724 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
Skype.exe 0.09 240.088 K 101.184 K 7624 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
remoting_desktop.exe 1.25 14.012 K 45.688 K 5536 Processo de Integração do Ambiente de Trabalho Google Inc. (Verified) Google Inc
Process: System Pid: 4
Type Name
ALPC Port \PowerMonitorPort
ALPC Port \PowerPort
ALPC Port \PdcPort
ALPC Port \SeRmCommandPort
ALPC Port \BaseNamedObjects\[CoreMsgK]-{df636f50-db7c-11e8-bb4b-d4856414d59c}
Desktop \Disconnect
Desktop \Disconnect
Directory \GLOBAL??
Directory \KernelObjects
Directory \Device\Harddisk0
Directory \Device\Harddisk1
Directory \Windows\WindowStations
Directory \Sessions\1\Windows\WindowStations
Directory \Sessions\0\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\RPC Control
Directory \Sessions\0\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\RPC Control
Directory \Sessions\0\DosDevices\00000000-0000ae37
Directory \Sessions\0\DosDevices\00000000-0000ae45
Directory \Sessions\0\DosDevices\00000000-000003e4
Directory \Sessions\0\DosDevices\00000000-00010d38
Directory \Sessions\0\DosDevices\00000000-000003e5
Directory \Sessions\0\DosDevices\00000000-0001c1ec
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\RPC Control
Directory \Sessions\0\DosDevices\00000000-0001c19b
Directory \Device\Http
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\1821068571-1793888307-623627345-1529106238\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\4256926629-1688279915-2739229046-3928706915
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\4256926629-1688279915-2739229046-3928706915\RPC Control
Directory \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\1821068571-1793888307-623627345-1529106238
Event \KernelObjects\LowPagedPoolCondition
Event \KernelObjects\HighPagedPoolCondition
Event \KernelObjects\LowNonPagedPoolCondition
Event \KernelObjects\HighNonPagedPoolCondition
Event \KernelObjects\LowMemoryCondition
Event \KernelObjects\HighMemoryCondition
Event \KernelObjects\LowCommitCondition
Event \KernelObjects\HighCommitCondition
Event \KernelObjects\MaximumCommitCondition
Event \KernelObjects\MemoryErrors
Event \KernelObjects\PhysicalMemoryChange
Event \EFSInitEvent
Event \UniqueInteractiveSessionIdEvent
Event \Sessions\1\BaseNamedObjects\EventShutDownCSRSS
Event \Sessions\1\BaseNamedObjects\DwmComposedEvent_1
Event \LanmanServerAnnounceEvent
Event \BaseNamedObjects\CfProgressEvent
File C:\System Volume Information\{7bf53610-d522-11e8-bb4a-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File \Device\Tcp
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File \clfs
File \Device\Mup
File \clfs
File \Device\HarddiskVolume1\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File C:\Windows\bootstat.dat
File \clfs
File C:\System Volume Information\{991a2a05-d846-11e8-bb4a-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\System Volume Information\{24cb5f02-d954-11e8-bb4a-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\System Volume Information\{a63b3279-d756-11e8-bb4a-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\System Volume Information\{7bf51512-d522-11e8-bb4a-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\System Volume Information\{9d7de10b-d2b5-11e8-bb4a-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\System Volume Information\{2cc2ad6d-dac8-11e8-bb4a-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\System Volume Information\{a63b471d-d756-11e8-bb4a-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\System Volume Information\{8c84b765-d3be-11e8-bb4a-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000023
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000022
File C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File \clfs
File C:\Windows\System32\drivers\pt-PT\ntfs.sys.mui
File \clfs
File \clfs
File C:\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\System Volume Information\{24cb74fc-d954-11e8-bb4a-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\System Volume Information\{2cc2b276-dac8-11e8-bb4a-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File G:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File \clfs
File C:\Windows\System32\pt-PT\win32kbase.sys.mui
File \Device\KsecDD
File C:\Windows\bootstat.dat
File E:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File E:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File C:\Windows\System32\config\TxR\{ad35a797-3ddf-11e8-a9db-e41d2db3b7b1}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\System32\config\RegBack\SAM
File E:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000004
File \clfs
File \clfs
File E:\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File \clfs
File F:\$Extend\$RmMetadata\$Txf
File \clfs
File \clfs
File G:\$Extend\$RmMetadata\$Txf
File \clfs
File F:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File F:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File F:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File \clfs
File \clfs
File \clfs
File \clfs
File \clfs
File \clfs
File G:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File G:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File \clfs
File \Device\HarddiskVolume1\Boot\BCD
File \Device\HarddiskVolume3\$Extend\$RmMetadata\$Txf
File \clfs
File \Device\HarddiskVolume3\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
File \Device\HarddiskVolume3\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
File \Device\HarddiskVolume3\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
File \clfs
File \clfs
File \clfs
File C:\hiberfil.sys
File C:\Windows\System32\config\SYSTEM
File \Device\HarddiskVolume1\Boot\BCD.LOG
File C:\Windows\System32\config\RegBack\SOFTWARE
File C:\Windows\System32\config\SYSTEM.LOG1
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
File C:\Windows\System32\config\RegBack\DEFAULT
File C:\Windows\System32\config\SYSTEM.LOG2
File C:\Windows\System32\config\SAM.LOG1
File C:\Windows\System32\config\TxR\{ad35a797-3ddf-11e8-a9db-e41d2db3b7b1}.TM.blf
File C:\Windows\System32\config\RegBack\SYSTEM
File C:\Windows\System32\config\TxR\{ad35a797-3ddf-11e8-a9db-e41d2db3b7b1}.TMContainer00000000000000000002.regtrans-ms
File C:\Windows\System32\config\SOFTWARE.LOG2
File \clfs
File \clfs
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
File C:\Windows\System32\config\SOFTWARE
File C:\Windows\System32\config\SOFTWARE.LOG1
File \Device\Tcp
File \Device\Udp
File \Device\Udp
File C:\Windows\System32\config\DEFAULT.LOG2
File C:\Windows\System32\config\DEFAULT.LOG1
File \Device\Tcp
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe\ActivationStore.dat.LOG2
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl
File C:\Windows\System32\config\SECURITY.LOG2
File C:\Windows\System32\config\DEFAULT
File C:\Windows\System32\config\SECURITY.LOG1
File C:\Windows\System32\config\RegBack\SECURITY
File C:\Windows\System32\config\SAM.LOG2
File C:\Windows\System32\config\SECURITY
File C:\Windows\System32\config\SAM
File C:\pagefile.sys
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl
File C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003
File \Device\00000020
File \Device\Tcp
File \Device\NamedPipe
File \Device\00000047
File \Device\0000004b
File \Device\0000004d
File \Device\0000004c
File \Device\NamedPipe
File \Device\NamedPipe
File C:\swapfile.sys
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
File \clfs
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf
File C:\Windows\System32\SleepStudy\UserNotPresentSession.etl
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
File C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms
File \clfs
File \Device\00000059
File C:\Windows\System32\config\BBI.LOG1
File C:\Windows\System32\config\BBI
File C:\Windows\System32\config\BBI.LOG2
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{18e5a0f0-5352-11e8-b4f6-fffd3006ef44}.TM.blf
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{18e5a0f0-5352-11e8-b4f6-fffd3006ef44}.TMContainer00000000000000000001.regtrans-ms
File C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{18e5a0f0-5352-11e8-b4f6-fffd3006ef44}.TMContainer00000000000000000002.regtrans-ms
File \clfs
File \clfs
File \Device\Tcp
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
File \Device\0000005b
File \Device\00000049
File \Device\00000055
File \Device\0000004e
File \Device\HarddiskVolume2
File C:\Windows\CSC
File \Device\HarddiskVolume2៌
File C:\Windows\CSC\v2.0.6
File C:\Windows\CSC\v2.0.6\temp
File C:\Windows\CSC\v2.0.6\pq
File C:\Windows\CSC\v2.0.6\namespace
File \Device\HarddiskVolume2៑
File \clfs
File \Device\Tcp
File C:\Users\RuiPedro\NTUSER.DAT
File \Device\Tcp
File C:\Users\RuiPedro\ntuser.dat.LOG1
File \clfs
File C:\Users\RuiPedro\ntuser.dat.LOG2
File C:\Windows\System32\LogFiles\HTTPERR\httperr1.log
File C:\Users\RuiPedro\NTUSER.DAT{18e5a2bb-5352-11e8-b4f6-d4856414d59c}.TMContainer00000000000000000002.regtrans-ms
File C:\Users\RuiPedro\NTUSER.DAT{18e5a2bb-5352-11e8-b4f6-d4856414d59c}.TMContainer00000000000000000001.regtrans-ms
File C:\Users\RuiPedro\NTUSER.DAT{18e5a2bb-5352-11e8-b4f6-d4856414d59c}.TM.blf
File C:\Users\RuiPedro\AppData\Local\Microsoft\Windows\UsrClass.dat{18e5a2f6-5352-11e8-b4f6-d4856414d59c}.TMContainer00000000000000000002.regtrans-ms
File C:\Users\RuiPedro\AppData\Local\Microsoft\Windows\UsrClass.dat
File C:\Users\RuiPedro\AppData\Local\Microsoft\Windows\UsrClass.dat{18e5a2f6-5352-11e8-b4f6-d4856414d59c}.TMContainer00000000000000000001.regtrans-ms
File C:\Users\RuiPedro\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
File C:\Users\RuiPedro\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
File \clfs
File C:\Users\RuiPedro\AppData\Local\Microsoft\Windows\UsrClass.dat{18e5a2f6-5352-11e8-b4f6-d4856414d59c}.TM.blf
File \clfs
File \Device\Mup
File \Device\Mup
File \Device\NamedPipe\
File \Device\Ndis
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl
File C:\ProgramData\Microsoft\Windows\wfp\wfpdiag.etl
File C:\Windows\ServiceProfiles\NetworkService\msmqlog.bin
File C:\ProgramData\Microsoft\Windows Security Health\Logs\WDSC-10292018-131658-7-20-17134.1.amd64fre.rs4_release.180410-1804.etl
File C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10292018-131658-7-5f-17134.1.amd64fre.rs4_release.180410-1804.etl
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File C:\Windows\appcompat\Programs\Amcache.hve
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File C:\Windows\appcompat\Programs\Amcache.hve.LOG1
File C:\Windows\appcompat\Programs\Amcache.hve.LOG2
File C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181029-131700-00000003-ffffffff.bin
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1
File \Device\Tcp
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat
File \Device\NamedPipe
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2
File C:\Windows\System32\config\TxR\{ad35a796-3ddf-11e8-a9db-e41d2db3b7b1}.TxR.3.regtrans-ms
File C:\Windows\System32\config\TxR\{ad35a796-3ddf-11e8-a9db-e41d2db3b7b1}.TxR.2.regtrans-ms
File C:\Windows\System32\SleepStudy\ScreenOn\ScreenOnPowerStudyTraceSession-2018-10-30-20-30-18.etl
File C:\System Volume Information\{df638824-db7c-11e8-bb4b-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File \Device\Tcp
File \Device\NamedPipe
File C:\Windows\System32\config\TxR\{ad35a796-3ddf-11e8-a9db-e41d2db3b7b1}.TxR.blf
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1
File \Device\Tcp
File \Device\Tcp
File \clfs
File C:\Windows\System32\config\TxR\{ad35a796-3ddf-11e8-a9db-e41d2db3b7b1}.TxR.1.regtrans-ms
File C:\Windows\System32\config\TxR\{ad35a796-3ddf-11e8-a9db-e41d2db3b7b1}.TxR.0.regtrans-ms
File \Device\Tcp
File C:\Windows\System32\config\TxR\{ad35a796-3ddf-11e8-a9db-e41d2db3b7b1}.TxR.4.regtrans-ms
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat
File \Device\Tcp
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ActivationStore.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe\ActivationStore.dat.LOG1
File \Device\NamedPipe
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ActivationStore.dat.LOG1
File \Device\Mup
File \Device\Tcp
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy\ActivationStore.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy\ActivationStore.dat.LOG1
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy\ActivationStore.dat.LOG2
File \Device\NamedPipe
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ActivationStore.dat.LOG2
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2
File \Device\NamedPipe
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat
File \Device\NamedPipe
File \Device\Tcp
File \Device\Tcp
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\ActivationStore.dat
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG1
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG2
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat
File C:\Windows\System32\LogFiles\WMI\LwtNetLog.etl
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.LOG1
File \Device\Tcp
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.LOG2
File \Device\NetBT_Tcpip_{587B957F-C966-491E-A8C2-206B4AC665E5}
File \Device\NamedPipe
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\NamedPipe
File \Device\Tcp
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1
File \Device\Tcp
File \Device\Tcp
File C:\System Volume Information\{df638301-db7c-11e8-bb4b-d4856414d59c}{3808876b-c176-4e48-b7ae-04046e6cc752}
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ActivationStore.dat
File \Device\Tcp
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2
File \Device\Tcp
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat
File C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe\ActivationStore.dat
File \Device\Tcp
File C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2
File C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20181029.131722.777.4.etl
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTPROCEXP TRACE.etl
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\NamedPipe
File \Device\Tcp
File \Device\Tcp
FilterConnectionPort \MicrosoftMalwareProtectionPortWD
FilterConnectionPort \MicrosoftMalwareProtectionControlPortWD
FilterConnectionPort \MicrosoftMalwareProtectionVeryLowIoPortWD
FilterConnectionPort \MicrosoftMalwareProtectionRemoteIoPortWD
FilterConnectionPort \MicrosoftMalwareProtectionAsyncPortWD
FilterConnectionPort \WcifsPort
FilterConnectionPort \CLDMSGPORT
FilterConnectionPort \storqosfltport
Key HKLM\SYSTEM\ControlSet001\Control\hivelist
Key \REGISTRY
Key HKLM\SYSTEM\Setup
Key HKLM\SYSTEM\ControlSet001\Control\Notifications
Key HKLM\SYSTEM\ControlSet001
Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters
Key HKLM\SYSTEM\DriverDatabase
Key HKLM\SYSTEM\ControlSet001\Control\Power
Key HKLM\SYSTEM\ControlSet001
Key HKLM\SYSTEM
Key HKU
Key HKLM\SYSTEM\ControlSet001\Control\DeviceClasses
Key HKLM\SYSTEM\ControlSet001\Enum
Key HKLM\SYSTEM\ControlSet001\Control\DeviceClasses
Key HKLM\SYSTEM\ControlSet001\Control\DeviceContainers
Key HKLM\SYSTEM\ControlSet001\Control\Class
Key HKLM\SYSTEM\ControlSet001\Control\DevicePanels
Key HKLM\SYSTEM\ControlSet001\Services
Key HKLM\SYSTEM\HardwareConfig
Key HKLM\SYSTEM\ControlSet001\Control\PnP
Key HKLM\SYSTEM\Setup
Key HKLM\SYSTEM\ControlSet001\Hardware Profiles
Key HKLM\SYSTEM\RNG
Key HKLM\SYSTEM\ControlSet001\Control\WMI\Security
Key HKLM\SYSTEM\ControlSet001\Services\bam\UserSettings
Key HKLM\SYSTEM\HardwareConfig\{27dfa9e3-5907-11df-bbda-6414d59cd485}\ProductIds
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 2
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\SYSTEM\ControlSet001\Services\Dfsc\Parameters
Key HKLM\SYSTEM\ControlSet001\Control\Lsa
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
Key HKLM\SYSTEM\ControlSet001\Services\vwififlt\State\Parameters\VWifiSettings
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 1
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 3
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 4
Key HKLM\SYSTEM\ControlSet001\Control\Power\Profile\Events\{54533251-82be-4824-96c1-47b60b740d00}\{0AABB002-A307-447e-9B81-1D819DF6C6D0}\{CE74AA52-A71A-4036-BEEF-B6C411010E28}
Key HKLM\SYSTEM\ControlSet001\Control\Power\Profile\Events\{54533251-82be-4824-96c1-47b60b740d00}\{0DA965DC-8FCF-4c0b-8EFE-8DD5E7BC959A}\{7E01ADEF-81E6-4e1b-8075-56F373584694}
Key HKLM\SYSTEM\ControlSet001\Control\Power\Profile\Events\{54533251-82be-4824-96c1-47b60b740d00}\{8BC6262C-C026-411d-AE3B-7E2F70811A13}\{C072EEBB-1955-4fa9-B4BA-421E96E1D674}
Key HKLM\SYSTEM\ControlSet001\Control\Power\Profile\Events\{54533251-82be-4824-96c1-47b60b740d00}\{D4140C81-EBBA-4e60-8561-6918290359CD}\{35037BB4-9528-481d-8CB2-8FCC63A9DD81}
Key HKLM\SYSTEM\ControlSet001\Control\Power\Profile\Events\{54533251-82be-4824-96c1-47b60b740d00}\{EE1E4F72-E368-46b1-B3C6-5048B11C2DBD}\{9C1F0DBA-33E9-43af-9EDA-A607AA5139DA}
Key HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 5
Key HKLM\SYSTEM\ControlSet001\Control\FileSystem
Key HKLM\SYSTEM\ControlSet001\Policies
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\1
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\131
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\23
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\24
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\6
Key HKLM\SYSTEM\ControlSet001\Services\NDIS\IfTypes\71
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\Order
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\ProviderOrder
Key HKLM\SYSTEM\ControlSet001\Services\Mup
Key HKLM\SYSTEM\ControlSet001\Services\iorate
Key HKLM\SYSTEM\ControlSet001\Control\Power\EnergyEstimation\Storage\SSD\IdleState
Key HKLM\SYSTEM\ControlSet001\Control\Power\EnergyEstimation\Storage\HDD\IdleState
Key HKLM\SYSTEM\ControlSet001\Control
Key HKLM\SYSTEM\ControlSet001\Control
Key HKLM\SYSTEM\ControlSet001\Control
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{D73E01AC-F5A0-4D80-928B-33C1920C38BA}
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{59AEE675-B203-4D61-9A1F-04518A20F359}
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{498B1B9F-8618-4E6C-9AD1-6A759BFBFB23}
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}
Key HKLM\SYSTEM\ControlSet001\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{221601AB-48C7-4970-B0EC-96E66F578407}
Key HKLM\SYSTEM\ControlSet001\Services\swenum\Notify
Key HKLM\SYSTEM\ControlSet001\Control\Lsa
Key HKLM\SOFTWARE\Policies\Microsoft\Windows
Key HKLM\SYSTEM\ControlSet001\Control
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}\0030
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key HKLM\SYSTEM\ControlSet001\Control\DeviceClasses\{28d78fad-5a12-11d1-ae5b-0000f803a8c2}\##?#USB#VID_03F0&PID_2504&MI_01#6&34f56002&4&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}\#\Device Parameters
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}\0000
Key HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}\0000
Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\Quota System
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\VolatileNotifications
Key HKLM\SYSTEM\ControlSet001\Services\wcifs\Instances\wcifs Instance
Key HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Key HKLM\SYSTEM\ControlSet001\Services\HTTP\Parameters\UrlAclInfo
Key HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{587b957f-c966-491e-a8c2-206b4ac665e5}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{262578e4-4ad1-435c-89da-d6adac7beb7f}
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PersistentRoutes
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ad059eae-b9da-11e7-9bbd-806e6f6e6963}
Key HKLM\SYSTEM\ControlSet001\Control\ProductOptions
Key HKLM\SYSTEM\ControlSet001\Services\rspLLL\Instances\rspLLL - Bottom Instance
Key HKLM\SYSTEM\DriverDatabase\DeviceIds
Key HKLM\SYSTEM\DriverDatabase\DriverPackages
Key HKLM\SOFTWARE\Policies\Microsoft
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service
Key HKLM\SYSTEM\DriverDatabase\DriverInfFiles
Key HKLM\SYSTEM\ControlSet001\Services\rspLLL\Instances\rspLLL - Middle Instance
Mutant \KernelObjects\BcdSyncMutant
Partition \KernelObjects\MemoryPartition0
Process System(4)
Process Registry(88)
Process System(4)
Process smss.exe(348)
Process smss.exe(348)
Process smss.exe(348)
Process smss.exe(348)
Process csrss.exe(572)
Process svchost.exe(1020)
Process svchost.exe(1020)
Process csrss.exe(492)
Process csrss.exe(492)
Process svchost.exe(10000)
Process Microsoft.Photos.exe(3988)
Process Skype.exe(4724)
Process csrss.exe(572)
Process wininit.exe(584)
Process wininit.exe(584)
Process svchost.exe(892)
Process winlogon.exe(672)
Process csrss.exe(492)
Process svchost.exe(892)
Process csrss.exe(492)
Process csrss.exe(492)
Process wininit.exe(584)
Process csrss.exe(572)
Process winlogon.exe(672)
Process winlogon.exe(672)
Process lsass.exe(728)
Process lsass.exe(728)
Process lsass.exe(728)
Process services.exe(712)
Process services.exe(712)
Process services.exe(712)
Process MicrosoftEdgeCP.exe(12000)
Process lsass.exe(728)
Process services.exe(712)
Process lsass.exe(728)
Process lsass.exe(728)
Process lsass.exe(728)
Process services.exe(712)
Process svchost.exe(828)
Process fontdrvhost.exe(836)
Process fontdrvhost.exe(844)
Process fontdrvhost.exe(836)
Process svchost.exe(828)
Process svchost.exe(828)
Process fontdrvhost.exe(836)
Process fontdrvhost.exe(844)
Process fontdrvhost.exe(844)
Process wininit.exe(584)
Process svchost.exe(892)
Process svchost.exe(892)
Process svchost.exe(892)
Process services.exe(712)
Process svchost.exe(972)
Process svchost.exe(892)
Process svchost.exe(972)
Process svchost.exe(972)
Process svchost.exe(972)
Process svchost.exe(892)
Process svchost.exe(1020)
Process svchost.exe(892)
Process winlogon.exe(672)
Process dwm.exe(380)
Process svchost.exe(5472)
Process dwm.exe(380)
Process dwm.exe(380)
Process svchost.exe(892)
Process svchost.exe(892)
Process OUTLOOK.EXE(2616)
Process OUTLOOK.EXE(2616)
Process svchost.exe(1068)
Process svchost.exe(1068)
Process svchost.exe(1068)
Process svchost.exe(1076)
Process svchost.exe(1076)
Process svchost.exe(1076)
Process svchost.exe(1148)
Process svchost.exe(1132)
Process svchost.exe(1132)
Process svchost.exe(1148)
Process svchost.exe(1132)
Process svchost.exe(1148)
Process svchost.exe(1220)
Process svchost.exe(1228)
Process svchost.exe(1228)
Process svchost.exe(1220)
Process svchost.exe(1228)
Process svchost.exe(1220)
Process svchost.exe(1284)
Process svchost.exe(1284)
Process svchost.exe(1284)
Process svchost.exe(1300)
Process svchost.exe(1300)
Process svchost.exe(1300)
Process svchost.exe(1316)
Process svchost.exe(1380)
Process svchost.exe(1316)
Process svchost.exe(1316)
Process svchost.exe(1228)
Process svchost.exe(1392)
Process svchost.exe(1380)
Process svchost.exe(1380)
Process svchost.exe(1392)
Process svchost.exe(1392)
Process svchost.exe(1488)
Process svchost.exe(1488)
Process svchost.exe(1220)
Process svchost.exe(1488)
Process svchost.exe(1496)
Process remoting_desktop.exe(5536)
Process svchost.exe(1228)
Process svchost.exe(1496)
Process svchost.exe(1496)
Process svchost.exe(1488)
Process svchost.exe(1228)
Process svchost.exe(1488)
Process phccorporate.exe(5728)
Process svchost.exe(2076)
Process svchost.exe(1700)
Process launcher_service_ex.exe(1732)
Process svchost.exe(10996)
Process svchost.exe(10996)
Process svchost.exe(1228)
Process hpqtra08.exe(9816)
Process svchost.exe(1828)
Process svchost.exe(1700)
Process svchost.exe(1700)
Process TouchpointAnalyticsClientService.exe(5480)
Process launcher_service_ex.exe(1732)
Process svchost.exe(10996)
Process launcher_service_ex.exe(1732)
Process MSASCuiL.exe(9868)
Process svchost.exe(1828)
Process svchost.exe(1868)
Process svchost.exe(1828)
Process svchost.exe(1868)
Process svchost.exe(1868)
Process Video.UI.exe(9008)
Process hpqgpc01.exe(11060)
Process svchost.exe(1964)
Process svchost.exe(1964)
Process svchost.exe(1964)
Process svchost.exe(1700)
Process svchost.exe(2016)
Process svchost.exe(1700)
Process svchost.exe(2016)
Process svchost.exe(2016)
Process launcher_service_ex.exe(1732)
Process svchost.exe(1964)
Process Microsoft.Photos.exe(3988)
Process launcher_service_ex.exe(1732)
Process svchost.exe(10892)
Process svchost.exe(2060)
Process svchost.exe(2060)
Process unit.exe(7312)
Process svchost.exe(2076)
Process svchost.exe(2068)
Process svchost.exe(2060)
Process svchost.exe(2088)
Process svchost.exe(2068)
Process svchost.exe(2068)
Process svchost.exe(2076)
Process svchost.exe(2112)
Process svchost.exe(2076)
Process svchost.exe(2088)
Process svchost.exe(2088)
Process unit.exe(7312)
Process svchost.exe(2112)
Process svchost.exe(2112)
Process Memory Compression(2216)
Process dwm.exe(380)
Process svchost.exe(2664)
Process svchost.exe(2060)
Process svchost.exe(2060)
Process svchost.exe(2060)
Process svchost.exe(2068)
Process svchost.exe(2240)
Process svchost.exe(2240)
Process svchost.exe(2240)
Process svchost.exe(2292)
Process svchost.exe(2292)
Process svchost.exe(2284)
Process svchost.exe(2284)
Process svchost.exe(2292)
Process svchost.exe(2332)
Process svchost.exe(2284)
Process svchost.exe(2332)
Process unit.exe(6760)
Process svchost.exe(2332)
Process unit_manager.exe(6796)
Process unit_manager.exe(6796)
Process svchost.exe(2292)
Process unit_manager.exe(6796)
Process smartscreen.exe(6504)
Process unit.exe(6760)
Process procexp64.exe(10360)
Process svchost.exe(2480)
Process svchost.exe(2480)
Process svchost.exe(2480)
Process dllhost.exe(6632)
Process svchost.exe(2332)
Process RTKAUDIOSERVICE64.EXE(2656)
Process svchost.exe(2480)
Process svchost.exe(2480)
Process RTKAUDIOSERVICE64.EXE(2656)
Process RTKAUDIOSERVICE64.EXE(2656)
Process svchost.exe(2480)
Process svchost.exe(2664)
Process svchost.exe(2720)
Process svchost.exe(2664)
Process ApplicationFrameHost.exe(9080)
Process RTKAUDIOSERVICE64.EXE(2656)
Process svchost.exe(2692)
Process svchost.exe(2692)
Process svchost.exe(2692)
Process unit_manager.exe(6796)
Process svchost.exe(2712)
Process svchost.exe(2712)
Process svchost.exe(2720)
Process svchost.exe(2712)
Process svchost.exe(2720)
Process conhost.exe(1568)
Process spoolsv.exe(2964)
Process spoolsv.exe(2964)
Process svchost.exe(1284)
Process svchost.exe(2720)
Process svchost.exe(2812)
Process svchost.exe(2812)
Process svchost.exe(2812)
Process unit.exe(6760)
Process svchost.exe(2720)
Process svchost.exe(2720)
Process svchost.exe(2720)
Process svchost.exe(2720)
Process svchost.exe(2772)
Process svchost.exe(2720)
Process dasHost.exe(3204)
Process svchost.exe(7912)
Process svchost.exe(2772)
Process svchost.exe(2720)
Process svchost.exe(7060)
Process svchost.exe(2772)
Process svchost.exe(2720)
Process svchost.exe(2720)
Process svchost.exe(2720)
Process svchost.exe(2720)
Process spoolsv.exe(2964)
Process spoolsv.exe(2964)
Process hpqgpc01.exe(11060)
Process hpqgpc01.exe(11060)
Process svchost.exe(3332)
Process svchost.exe(2096)
Process svchost.exe(2096)
Process svchost.exe(2096)
Process svchost.exe(2692)
Process sihost.exe(3076)
Process sihost.exe(3076)
Process sihost.exe(3076)
Process svchost.exe(3096)
Process svchost.exe(3096)
Process svchost.exe(3096)
Process svchost.exe(3112)
Process svchost.exe(3112)
Process svchost.exe(3112)
Process dasHost.exe(3204)
Process svchost.exe(3188)
Process svchost.exe(3188)
Process mDNSResponder.exe(3288)
Process svchost.exe(3188)
Process AppleMobileDeviceService.exe(3268)
Process armsvc.exe(3260)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process armsvc.exe(3260)
Process AppleMobileDeviceService.exe(3268)
Process remoting_host.exe(3280)
Process svchost.exe(3304)
Process AppleMobileDeviceService.exe(3268)
Process remoting_host.exe(3280)
Process svchost.exe(3296)
Process remoting_host.exe(3280)
Process armsvc.exe(3260)
Process armsvc.exe(3260)
Process remoting_host.exe(3280)
Process svchost.exe(3304)
Process svchost.exe(3332)
Process svchost.exe(3320)
Process svchost.exe(3312)
Process mDNSResponder.exe(3288)
Process mDNSResponder.exe(3288)
Process svchost.exe(3296)
Process svchost.exe(3312)
Process svchost.exe(3296)
Process svchost.exe(3312)
Process svchost.exe(3096)
Process svchost.exe(3320)
Process svchost.exe(3304)
Process svchost.exe(3304)
Process svchost.exe(3320)
Process svchost.exe(3332)
Process svchost.exe(3332)
Process BackupService.exe(3448)
Process BackupService.exe(3448)
Process svchost.exe(3396)
Process BackupService.exe(3448)
Process BackupService.exe(3448)
Process svchost.exe(3396)
Process svchost.exe(3396)
Process svchost.exe(3492)
Process svchost.exe(1068)
Process svchost.exe(4264)
Process remoting_host.exe(4288)
Process mqsvc.exe(3528)
Process svchost.exe(3492)
Process svchost.exe(3492)
Process mqsvc.exe(3528)
Process svchost.exe(3548)
Process mqsvc.exe(3528)
Process sihost.exe(3076)
Process svchost.exe(3548)
Process svchost.exe(3548)
Process SMSvcHost.exe(3576)
Process SMSvcHost.exe(3576)
Process svchost.exe(3632)
Process svchost.exe(3600)
Process RMMRSP.exe(3676)
Process svchost.exe(3632)
Process svchost.exe(3600)
Process SMSvcHost.exe(3576)
Process svchost.exe(3600)
Process svchost.exe(3660)
Process svchost.exe(3632)
Process svchost.exe(3660)
Process SecurityHealthService.exe(3684)
Process SecurityHealthService.exe(3684)
Process RMMRSP.exe(3676)
Process SecurityHealthService.exe(3684)
Process RMMRSP.exe(3676)
Process svchost.exe(1068)
Process RMMRSP.exe(3676)
Process svchost.exe(3792)
Process svchost.exe(3716)
Process dllhost.exe(10948)
Process svchost.exe(3660)
Process MsMpEng.exe(3768)
Process svchost.exe(3716)
Process MsMpEng.exe(3768)
Process mDNSResponder.exe(3288)
Process MsMpEng.exe(3768)
Process SearchIndexer.exe(3776)
Process SearchIndexer.exe(3776)
Process svchost.exe(3716)
Process SearchIndexer.exe(3776)
Process taskhostw.exe(3892)
Process svchost.exe(7060)
Process svchost.exe(3792)
Process svchost.exe(3792)
Process taskhostw.exe(3892)
Process svchost.exe(4360)
Process armsvc.exe(3260)
Process AppleMobileDeviceService.exe(3268)
Process BackupService.exe(3448)
Process taskhostw.exe(3892)
Process svchost.exe(892)
Process svchost.exe(892)
Process spoolsv.exe(2964)
Process MicrosoftEdgeCP.exe(12000)
Process svchost.exe(3548)
Process svchost.exe(3396)
Process RMMRSP.exe(3676)
Process svchost.exe(3792)
Process Skype.exe(7624)
Process svchost.exe(3320)
Process svchost.exe(3548)
Process svchost.exe(4264)
Process svchost.exe(3332)
Process ctfmon.exe(5184)
Process ctfmon.exe(5184)
Process svchost.exe(5276)
Process remoting_host.exe(3280)
Process svchost.exe(3312)
Process unit.exe(7312)
Process remoting_host.exe(4288)
Process remoting_host.exe(4288)
Process svchost.exe(4360)
Process ctfmon.exe(5184)
Process svchost.exe(3332)
Process svchost.exe(4656)
Process svchost.exe(4360)
Process svchost.exe(4588)
Process Video.UI.exe(9008)
Process remoting_host.exe(4288)
Process remoting_host.exe(4288)
Process svchost.exe(3332)
Process svchost.exe(4656)
Process mqsvc.exe(3528)
Process svchost.exe(3716)
Process svchost.exe(4588)
Process MsMpEng.exe(3768)
Process svchost.exe(4264)
Process svchost.exe(4264)
Process svchost.exe(4656)
Process BackupService.exe(3448)
Process svchost.exe(4588)
Process svchost.exe(4588)
Process svchost.exe(4588)
Process svchost.exe(5276)
Process svchost.exe(5276)
Process dwm.exe(380)
Process svchost.exe(10000)
Process RuntimeBroker.exe(9264)
Process remoting_desktop.exe(5536)
Process Microsoft.Photos.exe(3988)
Process svchost.exe(2096)
Process svchost.exe(5720)
Process spoolsv.exe(2964)
Process hpqste08.exe(10664)
Process wmpnetwk.exe(5944)
Process svchost.exe(5720)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process MsMpEng.exe(3768)
Process MsMpEng.exe(3768)
Process MsMpEng.exe(3768)
Process svchost.exe(5720)
Process svchost.exe(5720)
Process svchost.exe(3188)
Process SMSvcHost.exe(5848)
Process SMSvcHost.exe(5848)
Process SMSvcHost.exe(5848)
Process spoolsv.exe(2964)
Process jusched.exe(10372)
Process spoolsv.exe(2964)
Process spoolsv.exe(2964)
Process wmpnetwk.exe(5944)
Process sihost.exe(3076)
Process svchost.exe(5276)
Process spoolsv.exe(2964)
Process wmpnetwk.exe(5944)
Process jusched.exe(10372)
Process svchost.exe(5276)
Process browser_broker.exe(5124)
Process SgrmBroker.exe(11156)
Process OSPPSVC.EXE(2808)
Process explorer.exe(6132)
Process explorer.exe(6132)
Process explorer.exe(6132)
Process services.exe(712)
Process WmiPrvSE.exe(6800)
Process svchost.exe(3312)
Process WmiPrvSE.exe(6800)
Process svchost.exe(2712)
Process ApplicationFrameHost.exe(9080)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process phccorporate.exe(5728)
Process Skype.exe(7624)
Process remoting_host.exe(4288)
Process dasHost.exe(3204)
Process OSPPSVC.EXE(2808)
Process wmpnetwk.exe(5944)
Process explorer.exe(6132)
Process svchost.exe(6264)
Process svchost.exe(3296)
Process svchost.exe(892)
Process svchost.exe(7912)
Process OUTLOOK.EXE(2616)
Process svchost.exe(6264)
Process svchost.exe(6264)
Process dasHost.exe(3204)
Process dasHost.exe(3204)
Process RuntimeBroker.exe(7372)
Process svchost.exe(6264)
Process svchost.exe(6264)
Process SearchUI.exe(7180)
Process smartscreen.exe(6504)
Process RuntimeBroker.exe(7372)
Process RuntimeBroker.exe(5404)
Process hpqgpc01.exe(11060)
Process svchost.exe(6720)
Process SearchUI.exe(7180)
Process WmiPrvSE.exe(6800)
Process svchost.exe(6720)
Process svchost.exe(6720)
Process svchost.exe(6720)
Process svchost.exe(7060)
Process svchost.exe(3188)
Process RuntimeBroker.exe(6388)
Process OSPPSVC.EXE(2808)
Process firefox.exe(11604)
Process svchost.exe(7060)
Process hpwuschd2.exe(6068)
Process SearchUI.exe(7180)
Process svchost.exe(3792)
Process svchost.exe(2820)
Process svchost.exe(2820)
Process CTERAAgent.exe(10444)
Process svchost.exe(2820)
Process svchost.exe(3660)
Process svchost.exe(3660)
Process svchost.exe(3660)
Process svchost.exe(3660)
Process svchost.exe(3660)
Process svchost.exe(3660)
Process RuntimeBroker.exe(6388)
Process RuntimeBroker.exe(6388)
Process svchost.exe(3660)
Process svchost.exe(3660)
Process ShellExperienceHost.exe(8080)
Process svchost.exe(7912)
Process OUTLOOK.EXE(2616)
Process svchost.exe(3660)
Process svchost.exe(3660)
Process unit.exe(7312)
Process svchost.exe(1220)
Process svchost.exe(8656)
Process CteraAgentWD.exe(10264)
Process unit.exe(7312)
Process svchost.exe(3188)
Process svchost.exe(7060)
Process NisSrv.exe(7536)
Process NisSrv.exe(7536)
Process NisSrv.exe(7536)
Process NisSrv.exe(7536)
Process unit.exe(6760)
Process unit.exe(6760)
Process CteraAgentWD.exe(10264)
Process firefox.exe(9396)
Process RuntimeBroker.exe(9540)
Process OUTLOOK.EXE(2616)
Process TouchpointAnalyticsClientService.exe(5480)
Process Skype.exe(864)
Process NisSrv.exe(7536)
Process hpqwmiex.exe(9236)
Process explorer.exe(6132)
Process jusched.exe(10372)
Process jusched.exe(10372)
Process firefox.exe(9396)
Process explorer.exe(6132)
Process audiodg.exe(8376)
Process RuntimeBroker.exe(5404)
Process ApplicationFrameHost.exe(9080)
Process svchost.exe(7060)
Process svchost.exe(10548)
Process SkypeApp.exe(8780)
Process MsMpEng.exe(3768)
Process stickies.exe(4344)
Process svchost.exe(7912)
Process SearchUI.exe(7180)
Process ShellExperienceHost.exe(8080)
Process ShellExperienceHost.exe(8080)
Process phccorporate.exe(5728)
Process Skype.exe(4724)
Process svchost.exe(7912)
Process ShellExperienceHost.exe(8080)
Process SkypeApp.exe(8780)
Process svchost.exe(9636)
Process SearchUI.exe(7180)
Process spoolsv.exe(2964)
Process RuntimeBroker.exe(7372)
Process Skype.exe(4724)
Process SearchUI.exe(7180)
Process svchost.exe(10996)
Process stickies.exe(4344)
Process spoolsv.exe(2964)
Process Video.UI.exe(9008)
Process procexp64.exe(10360)
Process svchost.exe(5472)
Process svchost.exe(10000)
Process RuntimeBroker.exe(8648)
Process CTERAAgent.exe(10444)
Process SearchUI.exe(7180)
Process phccorporate.exe(5728)
Process smartscreen.exe(6504)
Process RuntimeBroker.exe(8648)
Process LockApp.exe(8572)
Process svchost.exe(8656)
Process LockApp.exe(8572)
Process svchost.exe(8656)
Process LockApp.exe(8572)
Process TouchpointAnalyticsClientService.exe(5480)
Process OneDrive.exe(10116)
Process HPSupportSolutionsFrameworkService.exe(2308)
Process hpqbam08.exe(10708)
Process jusched.exe(10372)
Process jusched.exe(10372)
Process svchost.exe(10548)
Process RuntimeBroker.exe(6388)
Process splwow64.exe(12404)
Process spoolsv.exe(2964)
Process svchost.exe(10996)
Process svchost.exe(2480)
Process OUTLOOK.EXE(2616)
Process hpqgpc01.exe(11060)
Process svchost.exe(8656)
Process unit_manager.exe(6796)
Process svchost.exe(5472)
Process Skype.exe(7624)
Process SkypeBackgroundHost.exe(8720)
Process SkypeBackgroundHost.exe(8720)
Process dllhost.exe(10948)
Process SkypeApp.exe(8780)
Process svchost.exe(892)
Process remoting_desktop.exe(5536)
Process SkypeBackgroundHost.exe(8720)
Process svchost.exe(10996)
Process RuntimeBroker.exe(8648)
Process LockApp.exe(8572)
Process WmiPrvSE.exe(1104)
Process MicrosoftEdgeCP.exe(6756)
Process browser_broker.exe(5124)
Process Skype.exe(4724)
Process Video.UI.exe(9008)
Process WmiPrvSE.exe(6220)
Process svchost.exe(10260)
Process Skype.exe(7360)
Process hpqbam08.exe(10708)
Process CteraAgentWD.exe(10264)
Process Video.UI.exe(9008)
Process RuntimeBroker.exe(9264)
Process EXCEL.EXE(6740)
Process hpqste08.exe(10664)
Process TouchpointAnalyticsClientService.exe(5480)
Process RuntimeBroker.exe(9540)
Process SkypeApp.exe(8780)
Process HPSupportSolutionsFrameworkService.exe(2308)
Process hpqwmiex.exe(9236)
Process OpenWith.exe(10684)
Process Skype.exe(7624)
Process WmiPrvSE.exe(6220)
Process TouchpointAnalyticsClientService.exe(5480)
Process SgrmBroker.exe(11156)
Process RuntimeBroker.exe(9264)
Process SgrmBroker.exe(11156)
Process RuntimeBroker.exe(12132)
Process Skype.exe(7360)
Process WmiPrvSE.exe(6220)
Process RuntimeBroker.exe(9264)
Process HPSupportSolutionsFrameworkService.exe(2308)
Process ApplicationFrameHost.exe(9080)
Process svchost.exe(9636)
Process svchost.exe(10260)
Process TouchpointAnalyticsClientService.exe(5480)
Process Video.UI.exe(9008)
Process HPSupportSolutionsFrameworkService.exe(2308)
Process hpqwmiex.exe(9236)
Process RuntimeBroker.exe(9540)
Process svchost.exe(9636)
Process svchost.exe(9636)
Process svchost.exe(10996)
Process svchost.exe(10996)
Process RuntimeBroker.exe(9708)
Process svchost.exe(9840)
Process svchost.exe(10260)
Process RuntimeBroker.exe(9708)
Process svchost.exe(10996)
Process MicrosoftEdge.exe(6436)
Process MSASCuiL.exe(9868)
Process svchost.exe(3792)
Process Video.UI.exe(9008)
Process svchost.exe(9636)
Process OSPPSVC.EXE(2808)
Process RuntimeBroker.exe(9708)
Process MSASCuiL.exe(9868)
Process svchost.exe(9636)
Process SecurityHealthService.exe(3684)
Process firefox.exe(9396)
Process OneDrive.exe(10116)
Process Skype.exe(7360)
Process OneDrive.exe(10116)
Process firefox.exe(13108)
Process hpqbam08.exe(10708)
Process svchost.exe(10548)
Process CTERAAgent.exe(10444)
Process svchost.exe(10260)
Process hpqste08.exe(10664)
Process splwow64.exe(13084)
Process jusched.exe(10372)
Process OneDrive.exe(10116)
Process hpqste08.exe(10664)
Process spoolsv.exe(2964)
Process spoolsv.exe(2964)
Process spoolsv.exe(2964)
Process spoolsv.exe(2964)
Process Microsoft.Photos.exe(3988)
Process CteraAgentWD.exe(10264)
Process RuntimeBroker.exe(5404)
Process OneDrive.exe(10116)
Process OneDrive.exe(10116)
Process SearchUI.exe(7180)
Process dllhost.exe(10948)
Process SearchUI.exe(7180)
Process hpqtra08.exe(9816)
Process EXCEL.EXE(6740)
Process spoolsv.exe(2964)
Process spoolsv.exe(2964)
Process spoolsv.exe(2964)
Process hpqste08.exe(10664)
Process CTERAAgent.exe(10444)
Process hpqtra08.exe(9816)
Process spoolsv.exe(2964)
Process svchost.exe(10548)
Process hpqtra08.exe(9816)
Process hpqtra08.exe(9816)
Process hpqtra08.exe(9816)
Process hpwuschd2.exe(6068)
Process svchost.exe(10892)
Process CTERAAgent.exe(10444)
Process hpwuschd2.exe(6068)
Process Microsoft.Photos.exe(3988)
Process hpwuschd2.exe(6068)
Process hpqbam08.exe(10708)
Process svchost.exe(10996)
Process CTERAAgent.exe(10444)
Process svchost.exe(10548)
Process hpqbam08.exe(10708)
Process CTERAAgent.exe(10444)
Process svchost.exe(10892)
Process hpqwmiex.exe(9236)
Process hpqwmiex.exe(9236)
Process svchost.exe(10000)
Process Microsoft.Photos.exe(3988)
Process EXCEL.EXE(6740)
Process svchost.exe(10996)
Process procexp64.exe(10360)
Process Skype.exe(4724)
Process procexp64.exe(10360)
Process svchost.exe(10000)
Process svchost.exe(10996)
Process Skype.exe(7624)
Process cmd.exe(6440)
Process OUTLOOK.EXE(2616)
Process phccorporate.exe(5728)
Process svchost.exe(10000)
Process WmiPrvSE.exe(6800)
Process remoting_desktop.exe(5536)
Process smartscreen.exe(6504)
Process svchost.exe(10996)
Process svchost.exe(9840)
Process Skype.exe(7624)
Process Skype.exe(7360)
Process firefox.exe(12784)
Process cmd.exe(6440)
Process MicrosoftEdgeCP.exe(12000)
Process OpenWith.exe(10684)
Process remoting_desktop.exe(5536)
Process RuntimeBroker.exe(12132)
Process svchost.exe(9840)
Process WmiPrvSE.exe(1104)
Process svchost.exe(10000)
Process MicrosoftEdge.exe(6436)
Process MicrosoftEdge.exe(6436)
Process svchost.exe(10000)
Process dwm.exe(380)
Process OpenWith.exe(10684)
Process firefox.exe(12784)
Process MsMpEng.exe(3768)
Process Skype.exe(864)
Process Skype.exe(7624)
Process firefox.exe(6048)
Process Skype.exe(864)
Process MicrosoftEdgeCP.exe(6756)
Process MicrosoftEdge.exe(6436)
Process Skype.exe(7624)
Process splwow64.exe(13084)
Process RuntimeBroker.exe(9264)
Process dllhost.exe(6632)
Process MicrosoftEdge.exe(6436)
Process stickies.exe(4344)
Process firefox.exe(12784)
Process MicrosoftEdgeCP.exe(12000)
Process Skype.exe(4724)
Process dllhost.exe(6632)
Process svchost.exe(10996)
Process splwow64.exe(13084)
Process MicrosoftEdgeCP.exe(6756)
Process browser_broker.exe(5124)
Process phccorporate.exe(5728)
Process EXCEL.EXE(6740)
Process OUTLOOK.EXE(2616)
Process Skype.exe(864)
Process stickies.exe(4344)
Process Skype.exe(7360)
Process audiodg.exe(8376)
Process WmiPrvSE.exe(1104)
Process EXCEL.EXE(6740)
Process stickies.exe(4344)
Process MicrosoftEdge.exe(6436)
Process Skype.exe(4724)
Process cmd.exe(6440)
Process Skype.exe(864)
Process firefox.exe(11604)
Process conhost.exe(1568)
Process smartscreen.exe(6504)
Process MicrosoftEdgeCP.exe(6756)
Process conhost.exe(1568)
Process firefox.exe(12784)
Process Skype.exe(7360)
Process splwow64.exe(12404)
Process Skype.exe(864)
Process firefox.exe(6048)
Process svchost.exe(1220)
Process splwow64.exe(12404)
Process RuntimeBroker.exe(12132)
Process MicrosoftEdgeCP.exe(6756)
Process MicrosoftEdgeCP.exe(12000)
Process firefox.exe(9396)
Process MicrosoftEdgeCP.exe(6756)
Process audiodg.exe(8376)
Process firefox.exe(13108)
Process procexp64.exe(10360)
Process firefox.exe(9396)
Section \Device\PhysicalMemory
Section \Device\PhysicalMemory
Section \Win32kCrossSessionGlobals
Session \KernelObjects\Session0
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
Session \KernelObjects\Session1
SymbolicLink \GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}
SymbolicLink \GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_10DE&SUBSYS_3048103C&REV_02#3&21436425&0&C8#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\PCIIDE#IDEChannel#4&27379b&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_3A02&SUBSYS_3048103C&REV_02#3&21436425&0&FA#{2accfe60-c130-11d2-b082-00a0c91efb8b}
SymbolicLink \GLOBAL??\ROOT#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}
SymbolicLink \GLOBAL??\ROOT#spaceport#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\PCIIDE#IDEChannel#4&27379b&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}
SymbolicLink \GLOBAL??\ROOT#spaceport#0000#{ef66a56f-88d1-4cd8-98c4-49faf57ad8af}
SymbolicLink \GLOBAL??\ROOT#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{0b893598-ba11-11e5-989c-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\SCSI#Disk&Ven_ATA&Prod_CT240BX200SSD1#4&19c2fca6&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{0b893598-ba11-11e5-989c-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\SCSI#Disk&Ven_ATA&Prod_ST3160815AS#4&19c2fca6&0&020000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{0b893598-ba11-11e5-989c-806e6f6e6963}#00000037C8500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{50a6341c-c048-11e5-888c-806e6f6e6963}#0000000000007E00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{50a6341c-c048-11e5-888c-806e6f6e6963}#00000021BC041E00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{50a6341c-c048-11e5-888c-806e6f6e6963}#00000024BF400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\STORAGE#Volume#{50a6341c-c048-11e5-888c-806e6f6e6963}#000000253C386600#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_3A6C&SUBSYS_3048103C&REV_02#3&21436425&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_3A67&SUBSYS_3048103C&REV_02#3&21436425&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_10DE&SUBSYS_3048103C&REV_02#3&21436425&0&C8#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_3A69&SUBSYS_3048103C&REV_02#3&21436425&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_3A66&SUBSYS_3048103C&REV_02#3&21436425&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_3A6A&SUBSYS_3048103C&REV_02#3&21436425&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_2E14&SUBSYS_3048103C&REV_03#3&21436425&0&18#{e2d1ff34-3458-49a9-88da-8e6915ce9be5}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_2E17&SUBSYS_3048103C&REV_03#3&21436425&0&1B#{86e0d1e0-8089-11d0-9ce4-08003e301f73}
SymbolicLink \GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_2E17&SUBSYS_3048103C&REV_03#3&21436425&0&1B#{4d36e978-e325-11ce-bfc1-08002be10318}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_3A65&SUBSYS_3048103C&REV_02#3&21436425&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_3A68&SUBSYS_3048103C&REV_02#3&21436425&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ACPI#IFX0102#1#{c3fa81c6-2299-48f4-bd45-915e62b4db92}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_3A64&SUBSYS_3048103C&REV_02#3&21436425&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}
SymbolicLink \GLOBAL??\ACPI#PNP0401#4&60dd4bf&0#{97f76ef0-f883-11d0-af1f-0000f800845c}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}
SymbolicLink \GLOBAL??\SCSI#CdRom&Ven_hp&Prod_DVD-RAM_GH60L#4&19c2fca6&0&010000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}
SymbolicLink \GLOBAL??\ROOT#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&1f9c08d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\ROOT#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}
SymbolicLink \GLOBAL??\SCSI#CdRom&Ven_hp&Prod_DVD-RAM_GH60L#4&19c2fca6&0&010000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&1609bac5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\ACPI#PNP0303#4&60dd4bf&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&385acbca&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&3b0057b5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_23_-_Intel®_Core2_Duo_CPU_____E8400__@_3.00GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}
SymbolicLink \GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_23_-_Intel®_Core2_Duo_CPU_____E8400__@_3.00GHz#_1#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}
SymbolicLink \GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_23_-_Intel®_Core2_Duo_CPU_____E8400__@_3.00GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}
SymbolicLink \GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_23_-_Intel®_Core2_Duo_CPU_____E8400__@_3.00GHz#_2#{dbe4373d-3c81-40cb-ace4-e0e5d05f0c9f}
SymbolicLink \GLOBAL??\USB#ROOT_HUB20#4&26564f37&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\LPTENUM#MicrosoftRawPort#5&2d2d5f1b&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&137587e6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\USB#ROOT_HUB20#4&8cf7f00&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\USB#ROOT_HUB#4&1d068fe4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{a17579f0-4fec-4936-9364-249460863be5}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C3048&REV_1001#4&1741f254&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
SymbolicLink \GLOBAL??\USB#VID_03F0&PID_2504#CN96M552MK05C3#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_2E12&SUBSYS_3048103C&REV_03#3&21436425&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}
SymbolicLink \GLOBAL??\ROOT#BasicRender#0000#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}
SymbolicLink \GLOBAL??\USB#VID_1D57&PID_5A66#5&32eda04f&4&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\USB#VID_05E3&PID_0604#5&6510c33&4&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
SymbolicLink \GLOBAL??\ROOT#BasicDisplay#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}
SymbolicLink \GLOBAL??\PCI#VEN_8086&DEV_2E12&SUBSYS_3048103C&REV_03#3&21436425&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}
SymbolicLink \GLOBAL??\USB#VID_03F0&PID_2504&MI_00#6&34f56002&4&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}
SymbolicLink \GLOBAL??\USB#VID_03F0&PID_2504&MI_01#6&34f56002&4&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}
SymbolicLink \GLOBAL??\DOT4#VID_03F0&PID_2504&REV_0100&MI_02&PRINT#7&29f32b7&0&0#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}
SymbolicLink \GLOBAL??\USB#VID_18F8&PID_0F97#5&3645541f&4&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\USB#VID_04E6&PID_5116#5&3645541f&4&2#{077e2f20-e171-4dc6-8a24-ecea3035c257}
SymbolicLink \GLOBAL??\USB#VID_04E6&PID_5116#5&3645541f&4&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\USB#VID_04E6&PID_5116#5&3645541f&4&2#{50dd5230-ba8a-11d1-bf5d-0000f805f530}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\Session
SymbolicLink \GLOBAL??\HID#VID_18F8&PID_0F97&MI_01&Col03#7&10919d4e&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_18F8&PID_0F97&MI_01&Col04#7&10919d4e&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\{892EDE5E-BE49-443c-A0B3-005D74F2D69C}#ScFilter#6&4230a6a&0&01#{d86354cc-a2ac-4223-95b9-2e48ce154434}
SymbolicLink \GLOBAL??\HID#VID_1D57&PID_5A66&MI_00&Col02#7&39030da7&0&0001#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\HID#VID_1D57&PID_5A66&MI_00&Col02#7&39030da7&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_1D57&PID_5A66&MI_00&Col03#7&39030da7&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_1D57&PID_5A66&MI_00&Col04#7&39030da7&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_18F8&PID_0F97&MI_01&Col02#7&10919d4e&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_1D57&PID_5A66&MI_00&Col01#7&39030da7&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\HID#VID_1D57&PID_5A66&MI_00&Col01#7&39030da7&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_1D57&PID_5A66&MI_01#7&2bf02089&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\HID#VID_1D57&PID_5A66&MI_01#7&2bf02089&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_18F8&PID_0F97&MI_01&Col01#7&10919d4e&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\DISPLAY#SAM03D0#4&1546bf1b&0&UID16843008#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}
SymbolicLink \GLOBAL??\HID#VID_18F8&PID_0F97&MI_00#7&3468db10&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\HID#VID_18F8&PID_0F97&MI_00#7&3468db10&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_18F8&PID_0F97&MI_01&Col01#7&10919d4e&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\DISPLAY#SAM03D0#4&1546bf1b&0&UID16843008#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}
SymbolicLink \GLOBAL??\USB#VID_0D8C&PID_000C#6&5efc3eb&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\USB#VID_0D8C&PID_000C&MI_00#7&34180b66&0&0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \GLOBAL??\USB#VID_0D8C&PID_000C&MI_00#7&34180b66&0&0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
SymbolicLink \Sessions\0\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Local
SymbolicLink \GLOBAL??\USB#VID_0D8C&PID_000C&MI_00#7&34180b66&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
SymbolicLink \Sessions\0\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Global
SymbolicLink \Sessions\0\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Session
SymbolicLink \GLOBAL??\HID#VID_0D8C&PID_000C&MI_03#8&2351380c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\USB#VID_04D9&PID_1603#6&5efc3eb&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
SymbolicLink \GLOBAL??\HID#VID_04D9&PID_1603&MI_00#8&2c32b2a0&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}
SymbolicLink \GLOBAL??\HID#VID_04D9&PID_1603&MI_01&Col02#8&85b74de&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_04D9&PID_1603&MI_00#8&2c32b2a0&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_04D9&PID_1603&MI_01&Col01#8&85b74de&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
SymbolicLink \GLOBAL??\HID#VID_04D9&PID_1603&MI_01&Col01#8&85b74de&0&0000#{4afa3d53-74a7-11d0-be5e-00a0c9062857}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#{0.0.0.00000000}.{aec91fe7-c877-4704-9cb5-cfaa926067be}#{e6327cad-dcec-4949-ae8a-991e976a79d2}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#MicrosoftGSWavetableSynth#{6dc23320-ab33-4ce4-80d4-bbb3ebbf2814}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#{0.0.1.00000000}.{57736683-e039-44b0-b5ae-f976e189166b}#{2eef81be-33fa-4800-9670-1cd474972c3f}
SymbolicLink \GLOBAL??\SWD#MMDEVAPI#{0.0.0.00000000}.{3a34aa5a-e2af-4e6b-854c-d0200910de3f}#{e6327cad-dcec-4949-ae8a-991e976a79d2}
SymbolicLink \GLOBAL??\SWD#ScDeviceEnum#1_SCM_Microsystems_Inc._SCR33x_USB_Smart_Card_Reader_0#{deebe6ad-9e01-47e2-a3b2-a66aa2c036c9}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_SSTPMINIPORT#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{93688270-32A6-4BEB-B6EC-E24C4F737E53}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#DAFWSDProvider#urn:uuid:e3248000-80ce-11db-8000-30055c667ebc#{b04bb22a-5c2b-4739-8362-5491665cfca2}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_AGILEVPNMINIPORT#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\Session
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_AGILEVPNMINIPORT#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_L2TPMINIPORT#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_NDISWANBH#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_SSTPMINIPORT#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_L2TPMINIPORT#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_NDISWANBH#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_PPTPMINIPORT#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_PPTPMINIPORT#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_NDISWANIP#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_PPPOEMINIPORT#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_NDISWANIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_PPPOEMINIPORT#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_NDISWANIPV6#{ad498944-762f-11d0-8dcb-00c04fc3358c}
SymbolicLink \GLOBAL??\SWD#MSRRAS#MS_NDISWANIPV6#{cac88484-7515-4c03-82e6-71a87abac361}
SymbolicLink \GLOBAL??\SWD#DAFUPnPProvider#uuid:0451aef1-927f-4bc2-9633-506de6434e5e#{8b7780be-bf63-564f-83b6-719f86ef2a83}
SymbolicLink \GLOBAL??\SWD#DAFUPnPProvider#uuid:0451aef1-927f-4bc2-9633-506de6434e5e#{2a323d9d-edf1-430b-ab95-5860894493d4}
SymbolicLink \GLOBAL??\SWD#DAFUPnPProvider#uuid:0451aef1-927f-4bc2-9633-506de6434e5e#{575d078a-63b9-5bc0-958b-87cc35b279cc}
SymbolicLink \GLOBAL??\SWD#DAFWSDProvider#urn:uuid:16a65700-007c-1000-bb49-0015999eadf4#{b04bb22a-5c2b-4739-8362-5491665cfca2}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Session
SymbolicLink \GLOBAL??\SWD#DAFWSDProvider#urn:uuid:e3248000-80ce-11db-8000-30055c667ebc#uri:e3248000-80ce-11db-8000-30055c667ebc#PrinterService#{f8580555-8cdf-4396-baea-a937cff94d5a}
SymbolicLink \GLOBAL??\SWD#DAFWSDProvider#urn:uuid:e3248000-80ce-11db-8000-30055c667ebc#uri:e3248000-80ce-11db-8000-30055c667ebc#ScannerService#{6bdd1fc6-810f-11d0-bec7-08002be2092f}
SymbolicLink \GLOBAL??\SWD#DAFWSDProvider#urn:uuid:16a65700-007c-1000-bb49-0015999eadf4#uri:Printer1#{f8580555-8cdf-4396-baea-a937cff94d5a}
SymbolicLink \GLOBAL??\SWD#DAFUPnPProvider#uuid:0451aef1-927f-4bc2-9633-506de6434e5e#{c96037ae-a558-4470-b432-115a31b85553}
SymbolicLink \GLOBAL??\SWD#DAFUPnPProvider#uuid:0451aef1-927f-4bc2-9633-506de6434e5e#{ae9eb9c4-8819-51d8-879d-9a42ffb89d4e}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\Local
SymbolicLink \GLOBAL??\SWD#DAFUPnPProvider#uuid:77071b80-c1b1-531d-8ba2-99d4474276f2#{c96037ae-a558-4470-b432-115a31b85553}
SymbolicLink \GLOBAL??\SWD#DAFUPnPProvider#uuid:77071b80-c1b1-531d-8ba2-99d4474276f2#{2a323d9d-edf1-430b-ab95-5860894493d4}
SymbolicLink \GLOBAL??\SWD#DAFUPnPProvider#uuid:77071b80-c1b1-531d-8ba2-99d4474276f2#{575d078a-63b9-5bc0-958b-87cc35b279cc}
SymbolicLink \GLOBAL??\SWD#DAFUPnPProvider#uuid:77071b80-c1b1-531d-8ba2-99d4474276f2#{ae9eb9c4-8819-51d8-879d-9a42ffb89d4e}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{4948F49E-41E6-4727-A223-2060F98D4870}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741\Session
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\4256926629-1688279915-2739229046-3928706915\Global
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{6275CF7E-B038-4CC4-A4E0-F53782D487D2}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\1821068571-1793888307-623627345-1529106238\Session
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{C4996C87-013C-4C36-9E19-B6E1A68A43DD}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\4256926629-1688279915-2739229046-3928706915\Local
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{AC9609F4-1FD0-4783-82AF-01EB9D4E17A9}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{48AAC7E7-E6A4-4F5B-84B5-21D088183724}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{EEF6E76B-813E-4E1F-A49F-E583F911D18B}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \GLOBAL??\SWD#PRINTENUM#{A0BB1017-7409-49F5-A6E8-7FA6010A8B0B}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\1821068571-1793888307-623627345-1529106238\Global
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\1821068571-1793888307-623627345-1529106238\Local
SymbolicLink \Sessions\1\AppContainerNamedObjects\S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194\4256926629-1688279915-2739229046-3928706915\Session
Thread System(4): 28
Thread System(4): 72
Thread System(4): 340
Thread System(4): 276
Thread System(4): 272
Thread System(4): 360
Thread System(4): 420
Thread System(4): 528
Thread System(4): 524
Thread System(4): 852
Thread System(4): 3064
Thread System(4): 2948
Thread System(4): 2940
Thread System(4): 2944
Thread System(4): 3488
Thread System(4): 3640
Thread System(4): 5412
Thread System(4): 5416
Thread System(4): 5424
Thread System(4): 5420
Thread System(4): 5428
Thread System(4): 5432
Thread System(4): 5528
Thread System(4): 11116
Thread System(4): 10568
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token RUIPEDRO-PC\RuiPedro:1c1ec
Token NT AUTHORITY\Serviço de rede:3e4
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\Serviço de rede:3e4
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token RUIPEDRO-PC\RuiPedro:1c1ec
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\Serviço de rede:3e4
Token RUIPEDRO-PC\RuiPedro:1c1ec
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\ANONYMOUS LOGON:3e6
Token NT AUTHORITY\Serviço de rede:3e4
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token RUIPEDRO-PC\RuiPedro:1c1ec
Token RUIPEDRO-PC\RuiPedro:1c1ec
Token RUIPEDRO-PC\RuiPedro:1c1ec
Token NT AUTHORITY\SYSTEM:3e7
Token RUIPEDRO-PC\RuiPedro:1c1ec
Token NT AUTHORITY\SYSTEM:3e7
Token RUIPEDRO-PC\RuiPedro:1c1ec
Token RUIPEDRO-PC\RuiPedro:1c19b
Token RUIPEDRO-PC\RuiPedro:1c1ec
Token NT AUTHORITY\SERVIÇO LOCAL:3e5
Token RUIPEDRO-PC\RuiPedro:1c1ec
Token RUIPEDRO-PC\RuiPedro:1c1ec
What I'm seeing in this email:
Received: from [94.228.89.104] (port=37540 helo=host-94-228-89-104.e-net.sk)
by cpanel34.dnscpanel.com with esmtp (Exim 4.91)
(envelope-from <[email protected]>)
id 1gHa5X-00DEvr-Ow
for [email protected]; Tue, 30 Oct 2018 19:54:11 +0000
indicates that the email is just being received from 94.228.89.104 in the usual way. There is no login or password. The tricky part is that it claims to be from you but it's not in your Sent folder so we know it's not. This part of the email header is easily faked.
The contact website for the Slovakian ISP is:
If you use Chrome it will automatically translate the page for you. You might try contacting them and give them a copy of the email. I would write to them in English rather than Portuguese. They appear to be a legit operation so probably won't appreciate being used as a source of blackmail emails. It's possible that the PC on the Slovakian net is owned by a bot-net and the owner doesn't even know the PC is being used this way.
You can probably also reach them with an email to [email protected]
Since your email address is [email protected] - is your email address used by a webpage that you host? Could the webpage have been hacked? Is it hosted on a web server somewhere rather than on your own PC?
I'll need to take some time with the results of the process explorer log. Probably won't get back to you until tomorrow. The odd thing I notice is your System process shows:
System 0.86 228 K 14.916 K 4
whereas mine says:
System 0.36 188 K 2,248 K 4
Note your Working Set value is about 7 times mine. I suppose it depends on how many processes are running. If you right click on System in Process Explorer (hit Space bar to stop it changing) and select Properties then Disk and Network it will show you how many bytes it reads and writes. Mine has 66 reads for a total of 22.7 M and 243 writes for a total of 2.5 M. There is no network traffic. What does yours say?
I'm not seeing anything unusual in your System process.
Hello! Sry for delay in my reply.
I see your point in the email and i followed your suggestion and sent a complain to the abuse email
And we are getting to the same opinion, since my PC is clean, there must be a security fault in the server... The webpage is hosting a prestashop, that is not the latest version, maybe they exploited something there...
yes, that a web page we host, and it's hosted on a web server in Claranet, I think that from now on I will continue to speak with claranet to se if there's any problem there...
I found this article on a blackmail scheme:
https://myonlinesecu...-watching-porn/
Sounds like it might apply to you.
![]() |
Discussion →
Off-Topic →
Malicious text message info only (USPS)Started by xrobwx71 , 26 Jun 2024 ![]() |
|
![]()
|
|
![]() |
Discussion →
Off-Topic →
Hijacked by spammer on FacebookStarted by PaulC78 , 22 Aug 2019 ![]() |
|
![]()
|
|
![]() ![]() |
Security →
Virus, Spyware, Malware Removal →
Payamsamini.com/wp-content/manipulativesg.html [Solved]Started by wayneman50 , 21 Mar 2019 ![]() |
|
![]()
|
|
![]() |
Software →
Web Browsers and Email →
SBCGlobal in Outlook connected OK IMAP, but reloads inboxStarted by Nazbuster , 13 Aug 2018 ![]() |
|
![]()
|
|
![]() |
Software →
Web Browsers and Email →
Google Chrome search hijacked to Yahoo Search (ugh!)Started by blondie53185 , 19 Feb 2018 ![]() |
|
![]()
|
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.