Windbg on WMI

1. Instant Online Crash Analysis, brought to you by OSR Open Systems Resources, Inc.
2.  
3. Primary Analysis
4.  
5. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
6. Online Crash Dump Analysis Service
7. See http://www.osronline.com for more information
8. Windows 7 Version 7600 MP (4 procs) Free x64
9. Product: WinNt, suite: SingleUserTS Personal
10. kernel32.dll version: 6.1.7600.16385 (win7_rtm.090713-1255)
11. Machine Name:
12. Debug session time: Sun Feb 6 01:27:39.000 2011 (UTC - 5:00)
13. System Uptime: not available
14. Process Uptime: 0 days 12:28:36.000
15. Kernel time: 0 days 1:15:01.000
16. User time: 0 days 0:43:23.000
17. Unable to load image C:\Windows\System32\ntdll.dll, Win32 error 0n2
18. *** WARNING: Unable to verify timestamp for ntdll.dll
19. *******************************************************************************
20. * *
21. * Exception Analysis *
22. * *
23. *******************************************************************************
24.  
25. GetPageUrlData failed, server returned HTTP status 404
26. URL requested: http://watson.microsoft.com/StageOne/WmiPrvSE_exe/6_1_7600_16385/4a5bc794/unknown/0_0_0_0/bbbbbbb4/80000007/00000000.htm?Retriage=1
27.  
28. FAULTING_IP:
29. +1562faf0006ed48
30. 00000000`00000000 ?? ???
31.  
32. EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
33. ExceptionAddress: 0000000000000000
34. ExceptionCode: 80000007 (Wake debugger)
35. ExceptionFlags: 00000001
36. NumberParameters: 0
37.  
38. BUGCHECK_STR: 80000007
39.  
40. PROCESS_NAME: WmiPrvSE.exe
41.  
42. ERROR_CODE: (NTSTATUS) 0x80000007 - {Kernel Debugger Awakened} the system debugger was awakened by an interrupt.
43.  
44. EXCEPTION_CODE: (HRESULT) 0x80000007 (2147483655) - Operation aborted
45.  
46. MOD_LIST:
47.  
48. NTGLOBALFLAG: 0
49.  
50. APPLICATION_VERIFIER_FLAGS: 0
51.  
52. DERIVED_WAIT_CHAIN:
53.  
54. Dl Eid Cid WaitType
55. -- --- ------- --------------------------
56. 5 10f0.2678 Speculated (Triage) -->
57. 9 10f0.2e64 File IO
58.  
59. WAIT_CHAIN_COMMAND: ~5s;k;;~9s;k;;
60.  
61. BLOCKING_THREAD: 0000000000002e64
62.  
63. DEFAULT_BUCKET_ID: APPLICATION_HANG_BlockedOn_FileIO
64.  
65. PRIMARY_PROBLEM_CLASS: APPLICATION_HANG_BlockedOn_FileIO
66.  
67. LAST_CONTROL_TRANSFER: from 000007fefd014d76 to 00000000770102aa
68.  
69. FAULTING_THREAD: 0000000000000009
70.  
71. STACK_TEXT:
72. 00000000`0283c318 000007fe`fd014d76 : 00000000`00000000 00000000`80000000 ffffffff`ffffffff 00000000`7700cbb3 : ntdll!ZwCreateFile+0xa
73. 00000000`0283c320 00000000`76db2aad : 000007fe`e9541880 00000000`80000000 00000000`00000003 000007fe`feca9ff1 : KERNELBASE!CreateFileW+0x2cd
74. 00000000`0283c480 000007fe`e93d5ec4 : ffffffff`ffffffff 00000000`0283da30 00000000`0283da68 00000000`00000000 : kernel32!CreateFileWImplementation+0x7d
75. 00000000`0283c4e0 000007fe`e93d6863 : 00000000`00000023 00000000`0024b120 00000000`0283dc30 00000000`0024f2c0 : cimwin32!CWin32NetworkAdapter::fGetMacAddressAndType+0x164
76. 00000000`0283d9f0 000007fe`e93d630e : 00000000`0024f2c0 00000000`00000000 00000000`00000021 00000000`0024f2c0 : cimwin32!CWin32NetworkAdapter::GetNetCardInfoForNT5+0x4c7
77. 00000000`0283db60 000007fe`e93d591b : 00000000`001db450 00000000`00000000 00000000`0283dc30 000007fe`e94c6e80 : cimwin32!CWin32NetworkAdapter::EnumNetAdaptersInNT5+0x11a
78. 00000000`0283dbf0 000007fe`f19f6af0 : 000007fe`e94c6e80 000007fe`e9541880 00000000`001db450 000007fe`e94c6e80 : cimwin32!CWin32NetworkAdapter::EnumerateInstances+0xdf
79. 00000000`0283dc70 000007fe`f19fac60 : 00000000`80041024 00000000`001db450 00000000`02220026 00000000`0283de70 : framedynos!Provider::CreateInstanceEnum+0x34
80. 00000000`0283dca0 000007fe`f19f5692 : 00000000`00000000 00000000`0035cda0 000007fe`e9541880 00000000`001d8a2c : framedynos!Provider::ExecuteQuery+0x9f
81. 00000000`0283dce0 00000000`ffcc2845 : 00000000`0035cdb0 00000000`01d1be90 00000000`00000000 00000000`01cc4f70 : framedynos!CWbemProviderGlue::ExecQueryAsync+0x392
82. 00000000`0283e320 00000000`ffcc25d5 : 00000000`00000000 00000000`00000000 00000000`01cc4f70 00000000`00000000 : WmiPrvSE!CInterceptor_IWbemSyncProvider::Helper_ExecQueryAsync+0x544
83. 00000000`0283e3d0 000007fe`fec9c7f5 : 00000000`00000000 00000000`00000006 00000000`00394008 00000000`00000000 : WmiPrvSE!CInterceptor_IWbemSyncProvider::ExecQueryAsync+0x192
84. 00000000`0283e480 000007fe`fec9b0b2 : 00000000`0283e8c0 000007fe`f47cb222 00000000`00000040 000007fe`f47cbde0 : rpcrt4!Invoke+0x65
85. 00000000`0283e4f0 000007fe`fd89e175 : 00000000`003636e0 00000000`0283ee90 00000000`003636e0 00000000`00336da0 : rpcrt4!NdrStubCall2+0x32a
86. 00000000`0283eb10 000007fe`f4cfd36d : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : ole32!CStdStubBuffer_Invoke+0x8b
87. 00000000`0283eb40 000007fe`fd89fc0d : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : fastprox!CBaseStublet::Invoke+0x19
88. 00000000`0283eb70 000007fe`fd89fb83 : 00000000`01cb9150 00000000`0034a4b4 00000000`00341fa0 00000000`ffd02888 : ole32!SyncStubInvoke+0x5d
89. 00000000`0283ebe0 000007fe`fd73fd60 : 00000000`01cb9150 00000000`003a4b80 00000000`01cb9150 00000000`00000000 : ole32!StubInvoke+0xdb
90. 00000000`0283ec90 000007fe`fd89fa22 : 00000000`00000000 00000000`00000010 00000000`0082d938 00000000`003369b0 : ole32!CCtxComChnl::ContextInvoke+0x190
91. 00000000`0283ee20 000007fe`fd89f76b : 00000000`d0908070 00000000`003a4b80 00000000`003475b0 00000000`003636e0 : ole32!AppInvoke+0xc2
92. 00000000`0283ee90 000007fe`fd89ed6d : 00000000`003a4b80 00000000`003a4b80 00000000`003369b0 00000000`00070005 : ole32!ComInvokeWithLockAndIPID+0x52b
93. 00000000`0283f020 000007fe`fec99c24 : 00000000`0283f128 00000000`00000000 00000000`0037aaf0 000007fe`fd733722 : ole32!ThreadInvoke+0x30d
94. 00000000`0283f0c0 000007fe`fec99d86 : 00000000`746b972e 00000000`00000570 00000000`0283f330 000007fe`fd7334c4 : rpcrt4!DispatchToStubInCNoAvrf+0x14
95. 00000000`0283f0f0 000007fe`fec9c44b : 00000000`0034a490 00000000`00000000 00000000`0283f414 00000000`0034a490 : rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x146
96. 00000000`0283f210 000007fe`fec9c38b : 00000000`00000000 00000000`0283f330 00000000`0283f330 00000000`0037aaf0 : rpcrt4!RPC_INTERFACE::DispatchToStub+0x9b
97. 00000000`0283f250 000007fe`fec9c322 : 00000000`0037a9a0 00000000`00347740 00000000`0034a490 000007fe`fec9ac00 : rpcrt4!RPC_INTERFACE::DispatchToStubWithObject+0x5b
98. 00000000`0283f2d0 000007fe`fec9a11d : 00000000`00000001 00000000`00000000 000007fe`fec70000 00000000`0034a490 : rpcrt4!LRPC_SCALL::DispatchRequest+0x422
99. 00000000`0283f3b0 000007fe`feca7ddf : 00000000`00010000 00000000`00000000 00000000`00000000 00000000`00000003 : rpcrt4!LRPC_SCALL::HandleRequest+0x20d
100. 00000000`0283f4e0 000007fe`feca7995 : 00000200`00000000 00000000`00000000 00000000`0032e3b0 00000000`00000000 : rpcrt4!LRPC_ADDRESS::ProcessIO+0x3bf
101. 00000000`0283f620 00000000`76fdb3ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : rpcrt4!LrpcIoComplete+0xa5
102. 00000000`0283f6b0 00000000`76fd91af : 00000000`00000000 00000000`00000000 00000000`0000ffff 00000000`00000000 : ntdll!TppAlpcpExecuteCallback+0x26b
103. 00000000`0283f740 00000000`76dbf56d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x3f8
104. 00000000`0283fa40 00000000`76ff3021 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
105. 00000000`0283fa70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
106.  
107.  
108. FOLLOWUP_IP:
109. cimwin32!CWin32NetworkAdapter::fGetMacAddressAndType+164
110. 000007fe`e93d5ec4 4c8be0 mov r12,rax
111.  
112. SYMBOL_STACK_INDEX: 3
113.  
114. SYMBOL_NAME: cimwin32!CWin32NetworkAdapter::fGetMacAddressAndType+164
115.  
116. FOLLOWUP_NAME: MachineOwner
117.  
118. MODULE_NAME: cimwin32
119.  
120. IMAGE_NAME: cimwin32.dll
121.  
122. DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bdeb5
123.  
124. STACK_COMMAND: ~9s ; kb
125.  
126. BUCKET_ID: X64_80000007_cimwin32!CWin32NetworkAdapter::fGetMacAddressAndType+164
127.  
128. FAILURE_BUCKET_ID: APPLICATION_HANG_BlockedOn_FileIO_80000007_cimwin32.dll!CWin32NetworkAdapter::fGetMacAddressAndType
129.  
130. WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/WmiPrvSE_exe/6_1_7600_16385/4a5bc794/unknown/0_0_0_0/bbbbbbb4/80000007/00000000.htm?Retriage=1
131.  
132. Followup: MachineOwner
133. ---------
134.  
135.  
136. This free analysis is provided by OSR Open Systems Resources, Inc.
137. Want a deeper understanding of crash dump analysis? Check out our Windows Kernel Debugging and Crash Dump Analysis Seminar (opens in new tab/window)
138. Loaded Module List
139.  
140. start end module name
141. 00000000`76da0000 00000000`76ebf000 kernel32 kernel32.dll
142. 00000000`76ec0000 00000000`76fba000 user32 user32.dll
143. 00000000`76fc0000 00000000`7716b000 ntdll ntdll.dll
144. 00000000`ffcc0000 00000000`ffd1d000 WmiPrvSE WmiPrvSE.exe
145. 000007fe`e8a40000 000007fe`e8a48000 winbrand winbrand.dll
146. 000007fe`e9370000 000007fe`e956a000 cimwin32 cimwin32.dll
147. 000007fe`efc60000 000007fe`efc6b000 perfos perfos.dll
148. 000007fe`f19a0000 000007fe`f19ac000 linkinfo linkinfo.dll
149. 000007fe`f19f0000 000007fe`f1a3c000 framedynos framedynos.dll
150. 000007fe`f3520000 000007fe`f352f000 cscapi cscapi.dll
151. 000007fe`f40a0000 000007fe`f40b6000 ncobjapi ncobjapi.dll
152. 000007fe`f4790000 000007fe`f47b6000 wmiutils wmiutils.dll
153. 000007fe`f47c0000 000007fe`f47d4000 wbemsvc wbemsvc.dll
154. 000007fe`f4cc0000 000007fe`f4ce7000 ntdsapi ntdsapi.dll
155. 000007fe`f4cf0000 000007fe`f4dd2000 fastprox fastprox.dll
156. 000007fe`f4ee0000 000007fe`f4f66000 wbemcomn wbemcomn.dll
157. 000007fe`f66c0000 000007fe`f66d1000 dhcpcsvc6 dhcpcsvc6.DLL
158. 000007fe`f66e0000 000007fe`f66f8000 dhcpcsvc dhcpcsvc.dll
159. 000007fe`f6800000 000007fe`f680b000 winnsi winnsi.dll
160. 000007fe`f6810000 000007fe`f6837000 IPHLPAPI IPHLPAPI.DLL
161. 000007fe`f6e80000 000007fe`f6ead000 ntmarta ntmarta.dll
162. 000007fe`f7510000 000007fe`f7525000 wkscli wkscli.dll
163. 000007fe`f7950000 000007fe`f797c000 powrprof powrprof.dll
164. 000007fe`f7980000 000007fe`f7991000 wtsapi32 wtsapi32.dll
165. 000007fe`f7fa0000 000007fe`f80cc000 propsys propsys.dll
166. 000007fe`f8120000 000007fe`f8314000 comctl32 comctl32.dll
167. 000007fe`f8610000 000007fe`f861c000 version version.dll
168. 000007fe`fc220000 000007fe`fc23e000 userenv userenv.dll
169. 000007fe`fc330000 000007fe`fc339000 credssp credssp.dll
170. 000007fe`fc4b0000 000007fe`fc4f7000 rsaenh rsaenh.dll
171. 000007fe`fc540000 000007fe`fc597000 schannel schannel.dll
172. 000007fe`fc7b0000 000007fe`fc7c7000 cryptsp cryptsp.dll
173. 000007fe`fc9c0000 000007fe`fc9fd000 winsta winsta.dll
174. 000007fe`fcdc0000 000007fe`fcde5000 sspicli sspicli.dll
175. 000007fe`fcdf0000 000007fe`fce47000 apphelp apphelp.dll
176. 000007fe`fce50000 000007fe`fce5f000 CRYPTBASE CRYPTBASE.dll
177. 000007fe`fcf00000 000007fe`fcf14000 RpcRtRemote RpcRtRemote.dll
178. 000007fe`fcf20000 000007fe`fcf2f000 profapi profapi.dll
179. 000007fe`fcfc0000 000007fe`fcfcf000 msasn1 msasn1.dll
180. 000007fe`fcfd0000 000007fe`fd006000 cfgmgr32 cfgmgr32.dll
181. 000007fe`fd010000 000007fe`fd07b000 KERNELBASE KERNELBASE.dll
182. 000007fe`fd080000 000007fe`fd09a000 devobj devobj.dll
183. 000007fe`fd0a0000 000007fe`fd206000 crypt32 crypt32.dll
184. 000007fe`fd2b0000 000007fe`fd2ea000 wintrust wintrust.dll
185. 000007fe`fd550000 000007fe`fd727000 setupapi setupapi.dll
186. 000007fe`fd730000 000007fe`fd932000 ole32 ole32.dll
187. 000007fe`fdbe0000 000007fe`fdbff000 sechost sechost.dll
188. 000007fe`fdd30000 000007fe`fdd3e000 lpk lpk.dll
189. 000007fe`fdd40000 000007fe`feac6000 shell32 shell32.dll
190. 000007fe`fead0000 000007fe`feb41000 shlwapi shlwapi.dll
191. 000007fe`feb50000 000007fe`feb58000 nsi nsi.dll
192. 000007fe`feb60000 000007fe`febad000 ws2_32 ws2_32.dll
193. 000007fe`febb0000 000007fe`fec17000 gdi32 gdi32.dll
194. 000007fe`fec20000 000007fe`fec70000 Wldap32 Wldap32.dll
195. 000007fe`fec70000 000007fe`fed9e000 rpcrt4 rpcrt4.dll
196. 000007fe`feda0000 000007fe`fee3f000 msvcrt msvcrt.dll
197. 000007fe`fee40000 000007fe`fef1b000 advapi32 advapi32.dll
198. 000007fe`fef20000 000007fe`feff7000 oleaut32 oleaut32.dll
199. 000007fe`ff020000 000007fe`ff0b9000 clbcatq clbcatq.dll
200. 000007fe`ff0c0000 000007fe`ff0ee000 imm32 imm32.dll
201. 000007fe`ff0f0000 000007fe`ff1ba000 usp10 usp10.dll
202. 000007fe`ff1c0000 000007fe`ff2c9000 msctf msctf.dll
203.  
204. Raw Stack Contents
205.  
206. Dump Header Information
207.  
208. ----- User Mini Dump Analysis
209.  
210. MINIDUMP_HEADER:
211. Version A793 (6C02)
212. NumberOfStreams 12
213. Flags 1105
214. 0001 MiniDumpWithDataSegs
215. 0004 MiniDumpWithHandleData
216. 0100 MiniDumpWithProcessThreadData
217. 1000 MiniDumpWithThreadInfo
218.  
219. Streams:
220. Stream 0: type ThreadListStream (3), size 000001E4, RVA 00000278
221. 10 threads
222. RVA 0000027C, ID 7A0, Teb:000007FFFFFDE000
223. RVA 000002AC, ID CE0, Teb:000007FFFFFDC000
224. RVA 000002DC, ID 113C, Teb:000007FFFFFD9000
225. RVA 0000030C, ID 13F4, Teb:000007FFFFFD3000
226. RVA 0000033C, ID 1028, Teb:000007FFFFFAE000
227. RVA 0000036C, ID 2678, Teb:000007FFFFFAA000
228. RVA 0000039C, ID 263C, Teb:000007FFFFFA8000
229. RVA 000003CC, ID 2E30, Teb:000007FFFFFD7000
230. RVA 000003FC, ID 2FEC, Teb:000007FFFFFD5000
231. RVA 0000042C, ID 2E64, Teb:000007FFFFFAC000
232. Stream 1: type ThreadInfoListStream (17), size 0000028C, RVA 0000045C
233. RVA 00000468, ID 7A0
234. RVA 000004A8, ID CE0
235. RVA 000004E8, ID 113C
236. RVA 00000528, ID 13F4
237. RVA 00000568, ID 1028
238. RVA 000005A8, ID 2678
239. RVA 000005E8, ID 263C
240. RVA 00000628, ID 2E30
241. RVA 00000668, ID 2FEC
242. RVA 000006A8, ID 2E64
243. Stream 2: type ModuleListStream (4), size 00001A2C, RVA 000006E8
244. 62 modules
245. RVA 000006EC, 00000000`ffcc0000 - 00000000`ffd1d000: 'C:\Windows\System32\wbem\WmiPrvSE.exe'
246. RVA 00000758, 00000000`76fc0000 - 00000000`7716b000: 'C:\Windows\System32\ntdll.dll'
247. RVA 000007C4, 00000000`76da0000 - 00000000`76ebf000: 'C:\Windows\System32\kernel32.dll'
248. RVA 00000830, 000007fe`fd010000 - 000007fe`fd07b000: 'C:\Windows\System32\KERNELBASE.dll'
249. RVA 0000089C, 000007fe`fee40000 - 000007fe`fef1b000: 'C:\Windows\System32\advapi32.dll'
250. RVA 00000908, 000007fe`feda0000 - 000007fe`fee3f000: 'C:\Windows\System32\msvcrt.dll'
251. RVA 00000974, 000007fe`fdbe0000 - 000007fe`fdbff000: 'C:\Windows\System32\sechost.dll'
252. RVA 000009E0, 000007fe`fec70000 - 000007fe`fed9e000: 'C:\Windows\System32\rpcrt4.dll'
253. RVA 00000A4C, 00000000`76ec0000 - 00000000`76fba000: 'C:\Windows\System32\user32.dll'
254. RVA 00000AB8, 000007fe`febb0000 - 000007fe`fec17000: 'C:\Windows\System32\gdi32.dll'
255. RVA 00000B24, 000007fe`fdd30000 - 000007fe`fdd3e000: 'C:\Windows\System32\lpk.dll'
256. RVA 00000B90, 000007fe`ff0f0000 - 000007fe`ff1ba000: 'C:\Windows\System32\usp10.dll'
257. RVA 00000BFC, 000007fe`f4ee0000 - 000007fe`f4f66000: 'C:\Windows\System32\wbemcomn.dll'
258. RVA 00000C68, 000007fe`fef20000 - 000007fe`feff7000: 'C:\Windows\System32\oleaut32.dll'
259. RVA 00000CD4, 000007fe`fd730000 - 000007fe`fd932000: 'C:\Windows\System32\ole32.dll'
260. RVA 00000D40, 000007fe`feb60000 - 000007fe`febad000: 'C:\Windows\System32\ws2_32.dll'
261. RVA 00000DAC, 000007fe`feb50000 - 000007fe`feb58000: 'C:\Windows\System32\nsi.dll'
262. RVA 00000E18, 000007fe`f4cf0000 - 000007fe`f4dd2000: 'C:\Windows\System32\wbem\fastprox.dll'
263. RVA 00000E84, 000007fe`f4cc0000 - 000007fe`f4ce7000: 'C:\Windows\System32\ntdsapi.dll'
264. RVA 00000EF0, 000007fe`f40a0000 - 000007fe`f40b6000: 'C:\Windows\System32\ncobjapi.dll'
265. RVA 00000F5C, 000007fe`ff0c0000 - 000007fe`ff0ee000: 'C:\Windows\System32\imm32.dll'
266. RVA 00000FC8, 000007fe`ff1c0000 - 000007fe`ff2c9000: 'C:\Windows\System32\msctf.dll'
267. RVA 00001034, 000007fe`fce50000 - 000007fe`fce5f000: 'C:\Windows\System32\CRYPTBASE.dll'
268. RVA 000010A0, 000007fe`f6e80000 - 000007fe`f6ead000: 'C:\Windows\System32\ntmarta.dll'
269. RVA 0000110C, 000007fe`fec20000 - 000007fe`fec70000: 'C:\Windows\System32\Wldap32.dll'
270. RVA 00001178, 000007fe`ff020000 - 000007fe`ff0b9000: 'C:\Windows\System32\clbcatq.dll'
271. RVA 000011E4, 000007fe`fc7b0000 - 000007fe`fc7c7000: 'C:\Windows\System32\cryptsp.dll'
272. RVA 00001250, 000007fe`fc4b0000 - 000007fe`fc4f7000: 'C:\Windows\System32\rsaenh.dll'
273. RVA 000012BC, 000007fe`fcf00000 - 000007fe`fcf14000: 'C:\Windows\System32\RpcRtRemote.dll'
274. RVA 00001328, 000007fe`f47c0000 - 000007fe`f47d4000: 'C:\Windows\System32\wbem\wbemsvc.dll'
275. RVA 00001394, 000007fe`f4790000 - 000007fe`f47b6000: 'C:\Windows\System32\wbem\wmiutils.dll'
276. RVA 00001400, 000007fe`e9370000 - 000007fe`e956a000: 'C:\Windows\System32\wbem\cimwin32.dll'
277. RVA 0000146C, 000007fe`f19f0000 - 000007fe`f1a3c000: 'C:\Windows\System32\framedynos.dll'
278. RVA 000014D8, 000007fe`fcdc0000 - 000007fe`fcde5000: 'C:\Windows\System32\sspicli.dll'
279. RVA 00001544, 000007fe`f7980000 - 000007fe`f7991000: 'C:\Windows\System32\wtsapi32.dll'
280. RVA 000015B0, 000007fe`fd080000 - 000007fe`fd09a000: 'C:\Windows\System32\devobj.dll'
281. RVA 0000161C, 000007fe`fcfd0000 - 000007fe`fd006000: 'C:\Windows\System32\cfgmgr32.dll'
282. RVA 00001688, 000007fe`f6810000 - 000007fe`f6837000: 'C:\Windows\System32\IPHLPAPI.DLL'
283. RVA 000016F4, 000007fe`f6800000 - 000007fe`f680b000: 'C:\Windows\System32\winnsi.dll'
284. RVA 00001760, 000007fe`f66e0000 - 000007fe`f66f8000: 'C:\Windows\System32\dhcpcsvc.dll'
285. RVA 000017CC, 000007fe`f66c0000 - 000007fe`f66d1000: 'C:\Windows\System32\dhcpcsvc6.DLL'
286. RVA 00001838, 000007fe`e8a40000 - 000007fe`e8a48000: 'C:\Windows\System32\winbrand.dll'
287. RVA 000018A4, 000007fe`fc330000 - 000007fe`fc339000: 'C:\Windows\System32\credssp.dll'
288. RVA 00001910, 000007fe`fc540000 - 000007fe`fc597000: 'C:\Windows\System32\schannel.dll'
289. RVA 0000197C, 000007fe`fd0a0000 - 000007fe`fd206000: 'C:\Windows\System32\crypt32.dll'
290. RVA 000019E8, 000007fe`fcfc0000 - 000007fe`fcfcf000: 'C:\Windows\System32\msasn1.dll'
291. RVA 00001A54, 000007fe`f7510000 - 000007fe`f7525000: 'C:\Windows\System32\wkscli.dll'
292. RVA 00001AC0, 000007fe`f3520000 - 000007fe`f352f000: 'C:\Windows\System32\cscapi.dll'
293. RVA 00001B2C, 000007fe`fc9c0000 - 000007fe`fc9fd000: 'C:\Windows\System32\winsta.dll'
294. RVA 00001B98, 000007fe`f7950000 - 000007fe`f797c000: 'C:\Windows\System32\powrprof.dll'
295. RVA 00001C04, 000007fe`fd550000 - 000007fe`fd727000: 'C:\Windows\System32\setupapi.dll'
296. RVA 00001C70, 000007fe`fdd40000 - 000007fe`feac6000: 'C:\Windows\System32\shell32.dll'
297. RVA 00001CDC, 000007fe`fead0000 - 000007fe`feb41000: 'C:\Windows\System32\shlwapi.dll'
298. RVA 00001D48, 000007fe`f8120000 - 000007fe`f8314000: 'C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll'
299. RVA 00001DB4, 000007fe`f19a0000 - 000007fe`f19ac000: 'C:\Windows\System32\linkinfo.dll'
300. RVA 00001E20, 000007fe`f7fa0000 - 000007fe`f80cc000: 'C:\Windows\System32\propsys.dll'
301. RVA 00001E8C, 000007fe`f8610000 - 000007fe`f861c000: 'C:\Windows\System32\version.dll'
302. RVA 00001EF8, 000007fe`fcdf0000 - 000007fe`fce47000: 'C:\Windows\System32\apphelp.dll'
303. RVA 00001F64, 000007fe`fcf20000 - 000007fe`fcf2f000: 'C:\Windows\System32\profapi.dll'
304. RVA 00001FD0, 000007fe`fc220000 - 000007fe`fc23e000: 'C:\Windows\System32\userenv.dll'
305. RVA 0000203C, 000007fe`efc60000 - 000007fe`efc6b000: 'C:\Windows\System32\perfos.dll'
306. RVA 000020A8, 000007fe`fd2b0000 - 000007fe`fd2ea000: 'C:\Windows\System32\wintrust.dll'
307. Stream 3: type MemoryListStream (5), size 000005B4, RVA 00007132
308. 91 memory ranges
309. range# RVA Address Size
310. 0 000076E6 000007fe`fe21e000 00000000`000093e0
311. 1 00010AC6 000007fe`efc66000 00000000`00001e68
312. 2 0001292E 000007fe`f47cf000 00000000`000019d4
313. 3 00014302 00000000`76eaa000 00000000`00001900
314. 4 00015C02 000007fe`f40b1000 00000000`000008c0
315. 5 000164C2 000007fe`feb37000 00000000`00001508
316. 6 000179CA 000007fe`f6832000 00000000`00000be0
317. 7 000185AA 000007fe`fc58f000 00000000`00001f88
318. 8 0001A532 000007fe`ff0ab000 00000000`000056f0
319. 9 0001FC22 000007fe`ff279000 00000000`000025e8
320. 10 0002220A 000007fe`feee8000 00000000`00004260
321. 11 0002646A 000007fe`feb54000 00000000`00000690
322. 12 00026AFA 00000000`76edc8aa 00000000`00000100
323. 13 00026BFA 000007fe`fd070000 00000000`00001b48
324. 14 00028742 000007fe`f4f54000 00000000`00008830
325. 15 00030F72 000007fe`ff0e2000 00000000`00001028
326. 16 00031F9A 000007fe`fc239000 00000000`00000aa0
327. 17 00032A3A 000007fe`fd096000 00000000`00000904
328. 18 0003333E 000007fe`fdd3a000 00000000`00000890
329. 19 00033BCE 000007fe`f7521000 00000000`000008c8
330. 20 00034496 000007fe`f66c9000 00000000`00000964
331. 21 00034DFA 000007fe`feb9c000 00000000`00000a68
332. 22 00035862 00000000`770f3000 00000000`0000ba60
333. 23 000412C2 000007fe`fc7c3000 00000000`00000bc8
334. 24 00041E8A 000007fe`f19a8000 00000000`000007e4
335. 25 0004266E 000007fe`fed80000 00000000`00001a24
336. 26 00044092 000007fe`f4dc1000 00000000`000011e0
337. 27 00045272 000007fe`fd63a000 00000000`00005b28
338. 28 0004AD9A 00000000`ffd14000 00000000`000025f8
339. 29 0004D392 000007fe`f66f4000 00000000`00000ab0
340. 30 0004DE42 000007fe`fcf10000 00000000`00000b8c
341. 31 0004E9CE 00000000`76f52000 00000000`00001a50
342. 32 0005041E 000007fe`e8a44000 00000000`00000724
343. 33 00050B42 000007fe`fcf2b000 00000000`00000804
344. 34 00051346 000007ff`fffa8000 00000000`00008000
345. 35 00059346 000007fe`f8049000 00000000`000025c8
346. 36 0005B90E 000007fe`fd2e4000 00000000`00000f00
347. 37 0005C80E 000007fe`fec0c000 00000000`00001848
348. 38 0005E056 000007fe`fc9f5000 00000000`00003364
349. 39 000613BA 000007fe`ff173000 00000000`00002a10
350. 40 00063DCA 000007ff`fffd3000 00000000`00008380
351. 41 0006C14A 00000000`002c1320 00000000`00002020
352. 42 0006E16A 000007fe`e9540000 00000000`00009b80
353. 43 00077CEA 00000000`002c35e8 00000000`00000028
354. 44 00077D12 000007ff`fffdc000 00000000`00004000
355. 45 0007BD12 000007fe`fdbf9000 00000000`00002a90
356. 46 0007E7A2 000007fe`f1a34000 00000000`00001994
357. 47 00080136 000007fe`f352b000 00000000`00000c3c
358. 48 00080D72 000007fe`f7968000 00000000`00000dc0
359. 49 00081B32 000007fe`f6ea6000 00000000`000029a4
360. 50 000844D6 000007fe`fefe3000 00000000`00002630
361. 51 00086B06 00000000`00303fb0 00000000`00000410
362. 52 00086F16 000007fe`fcddf000 00000000`00001108
363. 53 0008801E 000007fe`fee31000 00000000`00005602
364. 54 0008D620 000007fe`f8618000 00000000`0000091a
365. 55 0008DF3A 000007fe`fec68000 00000000`00001314
366. 56 0008F24E 000007fe`fc4ee000 00000000`000033d4
367. 57 00092622 000007fe`f798d000 00000000`000008e4
368. 58 00092F06 00000000`0031c6b0 00000000`00000410
369. 59 00093316 000007fe`fc335000 00000000`00000810
370. 60 00093B26 000007fe`fcfcb000 00000000`000006b0
371. 61 000941D6 000007fe`fd197000 00000000`000020ac
372. 62 00096282 00000000`7700fd1a 00000000`00000100
373. 63 00096382 00000000`7701001a 00000000`00000100
374. 64 00096482 00000000`7701022a 00000000`00000160
375. 65 000965E2 00000000`0033e180 00000000`00000410
376. 66 000969F2 00000000`770115da 00000000`00000100
377. 67 00096AF2 00000000`00344da0 00000000`00000410
378. 68 00096F02 000007fe`f4ce3000 00000000`00000ebc
379. 69 00097DBE 000007fe`f82bc000 00000000`000030fc
380. 70 0009AEBA 000007fe`fd001000 00000000`00000850
381. 71 0009B70A 000007fe`fce36000 00000000`00003240
382. 72 0009E94A 000007fe`fd904000 00000000`00006b68
383. 73 000A54B2 00000000`00373770 00000000`00000410
384. 74 000A58C2 00000000`00373bc0 00000000`00000410
385. 75 000A5CD2 00000000`00374010 00000000`00000410
386. 76 000A60E2 00000000`003748b0 00000000`00000410
387. 77 000A64F2 00000000`00374d00 00000000`00000410
388. 78 000A6902 000007fe`f47af000 00000000`00001328
389. 79 000A7C2A 000007fe`f6807000 00000000`00000724
390. 80 000A834E 000007fe`fce5b000 00000000`00000760
391. 81 000A8AAE 00000000`0017f7d8 00000000`00000828
392. 82 000A92D6 00000000`0109f578 00000000`00000a88
393. 83 000A9D5E 00000000`008af628 00000000`000009d8
394. 84 000AA736 00000000`014efb78 00000000`00000488
395. 85 000AABBE 00000000`013af418 00000000`00000be8
396. 86 000AB7A6 00000000`0126f688 00000000`00000978
397. 87 000AC11E 00000000`01eaf868 00000000`00000798
398. 88 000AC8B6 00000000`026bf838 00000000`000007c8
399. 89 000AD07E 00000000`0170fc08 00000000`000003f8
400. 90 000AD476 00000000`0283c318 00000000`00003ce8
401. Total memory: a9a78
402. Stream 4: type ExceptionStream (6), size 000000A8, RVA 000001D0
403. ThreadID 9848
404. ExceptionCode 80000007
405. ExceptionRecord 0
406. ExceptionAddress 0
407. Context record RVA 3280, size 4d0
408. Stream 5: type SystemInfoStream (7), size 00000038, RVA 000000B0
409. ProcessorArchitecture 0009 (PROCESSOR_ARCHITECTURE_AMD64)
410. ProcessorLevel 0006
411. ProcessorRevision 2505
412. NumberOfProcessors 04
413. MajorVersion 00000006
414. MinorVersion 00000001
415. BuildNumber 00001DB0 (7600)
416. PlatformId 00000002 (VER_PLATFORM_WIN32_NT)
417. CSDVersionRva 00002114
418. Length: 0
419. Product: WinNt, suite: SingleUserTS Personal
420. Stream 6: type MiscInfoStream (15), size 000000E8, RVA 000000E8
421. Stream 7: type HandleDataStream (12), size 00003440, RVA 000B87D2
422. 334 descriptors, header size is 16, descriptor size is 40
423. Handle(0000000000000004,"Directory","\KnownDlls")
424. Handle(0000000000000008,"File","")
425. Handle(000000000000000C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions")
426. Handle(0000000000000010,"Mutant","")
427. Handle(0000000000000014,"ALPC Port","")
428. Handle(0000000000000018,"Key","\REGISTRY\MACHINE")
429. Handle(000000000000001C,"Event","")
430. Handle(0000000000000020,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER")
431. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER")
432. Handle(0000000000000028,"Event","")
433. Handle(0000000000000000,"Event","")
434. Handle(000000000000003C,"Event","")
435. Handle(0000000000000040,"Event","")
436. Handle(0000000000000044,"Event","")
437. Handle(0000000000000048,"Event","")
438. Handle(000000000000004C,"Event","")
439. Handle(0000000000000050,"Event","")
440. Handle(0000000000000054,"Directory","\BaseNamedObjects")
441. Handle(0000000000000058,"Mutant","")
442. Handle(0000000000000000,"Mutant","")
443. Handle(0000000000000000,"Mutant","")
444. Handle(0000000000000000,"Mutant","")
445. Handle(0000000000000000,"Mutant","")
446. Handle(0000000000000000,"Mutant","")
447. Handle(0000000000000000,"Mutant","")
448. Handle(0000000000000000,"Mutant","")
449. Handle(0000000000000000,"Mutant","")
450. Handle(000000000000007C,"Event","")
451. Handle(0000000000000080,"Event","")
452. Handle(0000000000000084,"Event","")
453. Handle(0000000000000000,"Event","")
454. Handle(0000000000000000,"Event","")
455. Handle(0000000000000090,"Event","")
456. Handle(0000000000000094,"Thread","")
457. Handle(0000000000000098,"ALPC Port","")
458. Handle(000000000000009C,"Event","")
459. Handle(00000000000000A0,"Event","")
460. Handle(00000000000000A4,"File","")
461. Handle(0000000000000000,"File","")
462. Handle(0000000000000000,"File","")
463. Handle(00000000000000B0,"Event","")
464. Handle(00000000000000B4,"Semaphore","")
465. Handle(00000000000000B8,"Semaphore","")
466. Handle(00000000000000BC,"Semaphore","")
467. Handle(00000000000000C0,"Semaphore","")
468. Handle(00000000000000C4,"Semaphore","")
469. Handle(00000000000000C8,"Semaphore","")
470. Handle(00000000000000CC,"Semaphore","")
471. Handle(00000000000000D0,"Semaphore","")
472. Handle(00000000000000D4,"KeyedEvent","")
473. Handle(00000000000000D8,"IoCompletion","")
474. Handle(00000000000000DC,"TpWorkerFactory","")
475. Handle(00000000000000E0,"TpWorkerFactory","")
476. Handle(00000000000000E4,"TpWorkerFactory","")
477. Handle(00000000000000E8,"TpWorkerFactory","")
478. Handle(00000000000000EC,"Timer","")
479. Handle(00000000000000F0,"Timer","")
480. Handle(00000000000000F4,"Thread","")
481. Handle(00000000000000F8,"Thread","")
482. Handle(00000000000000FC,"Timer","")
483. Handle(0000000000000100,"ALPC Port","")
484. Handle(0000000000000104,"Event","")
485. Handle(0000000000000108,"Event","")
486. Handle(000000000000010C,"Section","\BaseNamedObjects\Wmi Provider Sub System Counters")
487. Handle(0000000000000110,"Event","")
488. Handle(0000000000000114,"Event","")
489. Handle(0000000000000118,"Event","")
490. Handle(000000000000011C,"Event","\BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS")
491. Handle(0000000000000120,"Event","")
492. Handle(0000000000000124,"Thread","")
493. Handle(0000000000000128,"Event","\BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM")
494. Handle(000000000000012C,"Section","\BaseNamedObjects\__ComCatalogCache__")
495. Handle(0000000000000130,"Key","\REGISTRY\MACHINE\SOFTWARE\Classes")
496. Handle(0000000000000134,"Event","\KernelObjects\MaximumCommitCondition")
497. Handle(0000000000000138,"Section","\BaseNamedObjects\__ComCatalogCache__")
498. Handle(000000000000013C,"Event","")
499. Handle(0000000000000140,"Section","\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro")
500. Handle(0000000000000144,"ALPC Port","\RPC Control\OLE96F2B40F7AB74B1680BFFA433E32")
501. Handle(0000000000000148,"Event","")
502. Handle(0000000000000000,"Event","")
503. Handle(0000000000000000,"Event","")
504. Handle(0000000000000154,"Event","")
505. Handle(0000000000000158,"ALPC Port","")
506. Handle(000000000000015C,"Event","")
507. Handle(0000000000000160,"Event","")
508. Handle(0000000000000164,"Event","")
509. Handle(0000000000000168,"Event","")
510. Handle(000000000000016C,"Thread","")
511. Handle(0000000000000170,"ALPC Port","")
512. Handle(0000000000000174,"Event","")
513. Handle(0000000000000178,"Event","")
514. Handle(000000000000017C,"Event","")
515. Handle(0000000000000180,"Thread","")
516. Handle(0000000000000184,"Event","")
517. Handle(0000000000000188,"Event","")
518. Handle(000000000000018C,"Event","")
519. Handle(0000000000000190,"Event","")
520. Handle(0000000000000194,"Event","")
521. Handle(0000000000000198,"ALPC Port","")
522. Handle(000000000000019C,"Event","")
523. Handle(00000000000001A0,"Event","")
524. Handle(00000000000001A4,"Key","\REGISTRY\MACHINE\SOFTWARE\Classes")
525. Handle(00000000000001A8,"Semaphore","")
526. Handle(00000000000001AC,"Semaphore","")
527. Handle(00000000000001B0,"Event","")
528. Handle(00000000000001B4,"Event","")
529. Handle(00000000000001B8,"Event","")
530. Handle(00000000000001BC,"Event","")
531. Handle(00000000000001C0,"Event","")
532. Handle(00000000000001C4,"ALPC Port","")
533. Handle(00000000000001C8,"Event","")
534. Handle(00000000000001CC,"ALPC Port","")
535. Handle(00000000000001D0,"Thread","")
536. Handle(00000000000001D4,"ALPC Port","")
537. Handle(00000000000001D8,"Event","")
538. Handle(00000000000001DC,"Mutant","")
539. Handle(00000000000001E0,"Event","")
540. Handle(00000000000001E4,"Event","")
541. Handle(0000000000000000,"Event","")
542. Handle(00000000000001F0,"Event","")
543. Handle(00000000000001F4,"Token","")
544. Handle(00000000000001F8,"Semaphore","")
545. Handle(00000000000001FC,"Event","")
546. Handle(0000000000000200,"Event","")
547. Handle(0000000000000204,"Event","")
548. Handle(0000000000000208,"Event","")
549. Handle(0000000000000000,"Event","")
550. Handle(0000000000000210,"Event","")
551. Handle(0000000000000000,"Event","")
552. Handle(0000000000000218,"Event","")
553. Handle(000000000000021C,"Semaphore","")
554. Handle(0000000000000220,"Semaphore","")
555. Handle(0000000000000224,"File","")
556. Handle(0000000000000228,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum")
557. Handle(000000000000022C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS")
558. Handle(0000000000000230,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services")
559. Handle(0000000000000234,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PerHwIdStorage")
560. Handle(0000000000000238,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses")
561. Handle(000000000000023C,"Event","")
562. Handle(0000000000000240,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers")
563. Handle(0000000000000244,"Event","")
564. Handle(0000000000000000,"Event","")
565. Handle(000000000000024C,"Semaphore","")
566. Handle(0000000000000250,"Event","")
567. Handle(0000000000000254,"Event","")
568. Handle(0000000000000000,"Event","")
569. Handle(000000000000025C,"Semaphore","")
570. Handle(0000000000000260,"Semaphore","")
571. Handle(0000000000000264,"Semaphore","")
572. Handle(0000000000000268,"Semaphore","")
573. Handle(000000000000026C,"Semaphore","")
574. Handle(0000000000000270,"Semaphore","")
575. Handle(0000000000000274,"Semaphore","")
576. Handle(0000000000000278,"Semaphore","")
577. Handle(000000000000027C,"Semaphore","")
578. Handle(0000000000000280,"Semaphore","")
579. Handle(0000000000000284,"Semaphore","")
580. Handle(0000000000000288,"Semaphore","")
581. Handle(000000000000028C,"Semaphore","")
582. Handle(0000000000000290,"Semaphore","")
583. Handle(0000000000000294,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag")
584. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag")
585. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag")
586. Handle(00000000000002A0,"File","")
587. Handle(0000000000000000,"File","")
588. Handle(00000000000002AC,"Event","")
589. Handle(00000000000002B0,"Semaphore","")
590. Handle(00000000000002B4,"Semaphore","")
591. Handle(00000000000002B8,"Event","")
592. Handle(00000000000002BC,"Event","")
593. Handle(00000000000002C0,"Thread","")
594. Handle(0000000000000000,"Thread","a")
595. Handle(0000000000000000,"Thread","a")
596. Handle(0000000000000000,"Thread","a")
597. Handle(0000000000000000,"Thread","a")
598. Handle(0000000000000000,"Thread","a")
599. Handle(0000000000000000,"Thread","a")
600. Handle(00000000000002DC,"Semaphore","")
601. Handle(00000000000002E0,"Semaphore","")
602. Handle(00000000000002E4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data\Performance")
603. Handle(00000000000002EC,"Event","\BaseNamedObjects\TermSrvReadyEvent")
604. Handle(00000000000002F0,"Event","")
605. Handle(0000000000000000,"Event","")
606. Handle(00000000000002F8,"Event","")
607. Handle(0000000000000000,"Event","")
608. Handle(0000000000000300,"Event","")
609. Handle(0000000000000304,"Mutant","")
610. Handle(0000000000000308,"Event","")
611. Handle(000000000000030C,"Mutant","")
612. Handle(0000000000000310,"ALPC Port","")
613. Handle(0000000000000314,"Event","")
614. Handle(000000000000031C,"Thread","")
615. Handle(0000000000000320,"Event","")
616. Handle(0000000000000324,"Event","")
617. Handle(0000000000000328,"Event","")
618. Handle(0000000000000000,"Event","")
619. Handle(0000000000000334,"Thread","")
620. Handle(0000000000000338,"Thread","")
621. Handle(0000000000000000,"Thread","a")
622. Handle(0000000000000000,"Thread","a")
623. Handle(0000000000000344,"File","")
624. Handle(0000000000000000,"File","")
625. Handle(000000000000034C,"Event","")
626. Handle(0000000000000350,"Section","\BaseNamedObjects\windows_shell_global_counters")
627. Handle(0000000000000354,"Section","\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db")
628. Handle(0000000000000358,"Section","\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db")
629. Handle(0000000000000000,"Section","\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db")
630. Handle(0000000000000360,"Thread","")
631. Handle(0000000000000364,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag")
632. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag")
633. Handle(000000000000036C,"Event","")
634. Handle(0000000000000370,"Event","")
635. Handle(0000000000000374,"Section","\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro")
636. Handle(0000000000000378,"Event","")
637. Handle(0000000000000000,"Event","")
638. Handle(0000000000000380,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag")
639. Handle(0000000000000384,"Event","")
640. Handle(0000000000000388,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PropertyBag")
641. Handle(000000000000038C,"Section","\BaseNamedObjects\windows_shell_global_counters")
642. Handle(0000000000000000,"Section","\BaseNamedObjects\windows_shell_global_counters")
643. Handle(0000000000000394,"Key","\REGISTRY\USER")
644. Handle(0000000000000398,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\PropertyBag")
645. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\PropertyBag")
646. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\PropertyBag")
647. Handle(00000000000003A4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{33E28130-4E1E-4676-835A-98395C3BC3BB}\PropertyBag")
648. Handle(00000000000003AC,"Mutant","")
649. Handle(00000000000003B0,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}\PropertyBag")
650. Handle(00000000000003B4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{491E922F-5643-4AF4-A7EB-4E7A138D8174}\PropertyBag")
651. Handle(00000000000003B8,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag")
652. Handle(00000000000003BC,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{2400183A-6185-49FB-A2D8-4A392A602BA3}\PropertyBag")
653. Handle(00000000000003C0,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PropertyBag")
654. Handle(00000000000003C4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{A302545D-DEFF-464B-ABE8-61C8648D939B}\PropertyBag")
655. Handle(00000000000003C8,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag")
656. Handle(00000000000003CC,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}\PropertyBag")
657. Handle(00000000000003D0,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}\PropertyBag")
658. Handle(00000000000003D4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{4BD8D571-6D19-48D3-BE97-422220080E43}\PropertyBag")
659. Handle(00000000000003D8,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\PropertyBag")
660. Handle(00000000000003DC,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{A990AE9F-A03B-4E80-94BC-9912D7504104}\PropertyBag")
661. Handle(00000000000003E0,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\PropertyBag")
662. Handle(00000000000003E4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag")
663. Handle(00000000000003E8,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag")
664. Handle(00000000000003EC,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\PropertyBag")
665. Handle(00000000000003F0,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance")
666. Handle(00000000000003F4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag")
667. Handle(00000000000003F8,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PERFLIB")
668. Handle(0000000000000404,"Event","")
669. Handle(0000000000000408,"Event","")
670. Handle(000000000000040C,"Event","")
671. Handle(0000000000000410,"Event","")
672. Handle(0000000000000414,"Event","")
673. Handle(0000000000000418,"Mutant","\BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_10f0")
674. Handle(0000000000000420,"Thread","")
675. Handle(0000000000000424,"Thread","")
676. Handle(0000000000000428,"Mutant","\BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_10f0")
677. Handle(000000000000042C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0\Performance")
678. Handle(0000000000000430,"Mutant","\BaseNamedObjects\.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_10f0")
679. Handle(0000000000000434,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle\Performance")
680. Handle(0000000000000438,"Mutant","\BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_10f0")
681. Handle(000000000000043C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer\Performance")
682. Handle(0000000000000440,"Mutant","\BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_10f0")
683. Handle(0000000000000444,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NETFramework\Performance")
684. Handle(0000000000000448,"Mutant","\BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_10f0")
685. Handle(000000000000044C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BITS\Performance")
686. Handle(0000000000000450,"Mutant","\BaseNamedObjects\BITS_Perf_Library_Lock_PID_10f0")
687. Handle(0000000000000454,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ESENT\Performance")
688. Handle(0000000000000458,"Mutant","\BaseNamedObjects\ESENT_Perf_Library_Lock_PID_10f0")
689. Handle(000000000000045C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Lsa\Performance")
690. Handle(0000000000000460,"Mutant","\BaseNamedObjects\Lsa_Perf_Library_Lock_PID_10f0")
691. Handle(0000000000000464,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MAV Client PerfMon Provider\Performance")
692. Handle(0000000000000468,"Mutant","\BaseNamedObjects\MAV Client PerfMon Provider_Perf_Library_Lock_PID_10f0")
693. Handle(000000000000046C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC\Performance")
694. Handle(0000000000000470,"Mutant","\BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_10f0")
695. Handle(0000000000000474,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Performance")
696. Handle(0000000000000478,"Mutant","\BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_10f0")
697. Handle(000000000000047C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Performance")
698. Handle(0000000000000480,"Mutant","\BaseNamedObjects\MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_10f0")
699. Handle(0000000000000484,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS\Performance")
700. Handle(0000000000000488,"Mutant","\BaseNamedObjects\MSSCNTRS_Perf_Library_Lock_PID_10f0")
701. Handle(000000000000048C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfDisk\Performance")
702. Handle(0000000000000490,"Mutant","\BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_10f0")
703. Handle(0000000000000494,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfNet\Performance")
704. Handle(0000000000000498,"Mutant","\BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_10f0")
705. Handle(000000000000049C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfOS\Performance")
706. Handle(00000000000004A0,"Mutant","\BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_10f0")
707. Handle(00000000000004A4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfProc\Performance")
708. Handle(00000000000004A8,"Mutant","\BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_10f0")
709. Handle(00000000000004AC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\rdyboost\Performance")
710. Handle(00000000000004B0,"Mutant","\BaseNamedObjects\rdyboost_Perf_Library_Lock_PID_10f0")
711. Handle(00000000000004B4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\Performance")
712. Handle(00000000000004B8,"Mutant","\BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_10f0")
713. Handle(00000000000004BC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Performance")
714. Handle(00000000000004C0,"Mutant","\BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_10f0")
715. Handle(00000000000004C4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Performance")
716. Handle(00000000000004C8,"Mutant","\BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_10f0")
717. Handle(00000000000004CC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Performance")
718. Handle(00000000000004D0,"Mutant","\BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_10f0")
719. Handle(00000000000004D4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Performance")
720. Handle(00000000000004D8,"Mutant","\BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_10f0")
721. Handle(00000000000004DC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Performance")
722. Handle(00000000000004E0,"Mutant","\BaseNamedObjects\SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_10f0")
723. Handle(00000000000004E4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Spooler\Performance")
724. Handle(00000000000004E8,"Mutant","\BaseNamedObjects\Spooler_Perf_Library_Lock_PID_10f0")
725. Handle(00000000000004EC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Performance")
726. Handle(00000000000004F0,"Mutant","\BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_10f0")
727. Handle(00000000000004F4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Performance")
728. Handle(00000000000004F8,"Mutant","\BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_10f0")
729. Handle(00000000000004FC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TermService\Performance")
730. Handle(0000000000000500,"Mutant","\BaseNamedObjects\TermService_Perf_Library_Lock_PID_10f0")
731. Handle(0000000000000504,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGatherer\Performance")
732. Handle(0000000000000508,"Mutant","\BaseNamedObjects\UGatherer_Perf_Library_Lock_PID_10f0")
733. Handle(000000000000050C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC\Performance")
734. Handle(0000000000000510,"Mutant","\BaseNamedObjects\UGTHRSVC_Perf_Library_Lock_PID_10f0")
735. Handle(0000000000000514,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\usbhub\Performance")
736. Handle(0000000000000518,"Mutant","\BaseNamedObjects\usbhub_Perf_Library_Lock_PID_10f0")
737. Handle(000000000000051C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Performance")
738. Handle(0000000000000520,"Mutant","\BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_10f0")
739. Handle(0000000000000524,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WmiApRpl\Performance")
740. Handle(0000000000000528,"Mutant","\BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_10f0")
741. Handle(000000000000052C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi\Performance")
742. Handle(0000000000000530,"Mutant","\BaseNamedObjects\WSearchIdxPi_Perf_Library_Lock_PID_10f0")
743. Handle(0000000000000534,"Mutant","\BaseNamedObjects\LOADPERF_MUTEX")
744. Handle(0000000000000538,"Mutant","")
745. Handle(000000000000053C,"Semaphore","")
746. Handle(0000000000000540,"Section","")
747. Handle(0000000000000544,"Event","")
748. Handle(000000000000054C,"Thread","")
749. Handle(0000000000000558,"ALPC Port","")
750. Handle(000000000000055C,"Event","")
751. Handle(0000000000000560,"Mutant","")
752. Handle(0000000000000564,"Mutant","")
753. Handle(0000000000000568,"Event","")
754. Handle(000000000000056C,"Event","")
755. Handle(0000000000000574,"Thread","")
756. Handle(0000000000000578,"Thread","")
757. Stream 8: type CommentStreamW (11), size 00000108, RVA 0000702A
758. '
759. *** procdump.exe -64 -c 15 -s 1 4336 WmiPrvSE2.dmp
760. *** Process exceeded 15% CPU for 1 second. Thread consuming CPU: 9848 (0x2678)'
761. Stream 9: type UnusedStream (0), size 00000000, RVA 00000000
762. Stream 10: type UnusedStream (0), size 00000000, RVA 00000000
763. Stream 11: type UnusedStream (0), size 00000000, RVA 00000000
764.  
765. Strings
766.  
767. India Standard Time
768. India Daylight Time
769. KnoL`/
770. C:\Windows\System32\wbem\WmiPrvSE.exe
771. C:\Windows\System32\ntdll.dll
772. C:\Windows\System32\kernel32.dll
773. C:\Windows\System32\KERNELBASE.dll
774. C:\Windows\System32\advapi32.dll
775. C:\Windows\System32\msvcrt.dll
776. C:\Windows\System32\sechost.dll
777. C:\Windows\System32\rpcrt4.dll
778. C:\Windows\System32\user32.dll
779. C:\Windows\System32\gdi32.dll
780. C:\Windows\System32\lpk.dll
781. C:\Windows\System32\usp10.dll
782. C:\Windows\System32\wbemcomn.dll
783. C:\Windows\System32\oleaut32.dll
784. C:\Windows\System32\ole32.dll
785. C:\Windows\System32\ws2_32.dll
786. C:\Windows\System32\nsi.dll
787. C:\Windows\System32\wbem\fastprox.dll
788. C:\Windows\System32\ntdsapi.dll
789. C:\Windows\System32\ncobjapi.dll
790. C:\Windows\System32\imm32.dll
791. C:\Windows\System32\msctf.dll
792. C:\Windows\System32\CRYPTBASE.dll
793. C:\Windows\System32\ntmarta.dll
794. C:\Windows\System32\Wldap32.dll
795. C:\Windows\System32\clbcatq.dll
796. C:\Windows\System32\cryptsp.dll
797. C:\Windows\System32\rsaenh.dll
798. C:\Windows\System32\RpcRtRemote.dll
799. C:\Windows\System32\wbem\wbemsvc.dll
800. C:\Windows\System32\wbem\wmiutils.dll
801. C:\Windows\System32\wbem\cimwin32.dll
802. C:\Windows\System32\framedynos.dll
803. C:\Windows\System32\sspicli.dll
804. C:\Windows\System32\wtsapi32.dll
805. C:\Windows\System32\devobj.dll
806. C:\Windows\System32\cfgmgr32.dll
807. C:\Windows\System32\IPHLPAPI.DLL
808. C:\Windows\System32\winnsi.dll
809. C:\Windows\System32\dhcpcsvc.dll
810. C:\Windows\System32\dhcpcsvc6.DLL
811. C:\Windows\System32\winbrand.dll
812. C:\Windows\System32\credssp.dll
813. C:\Windows\System32\schannel.dll
814. C:\Windows\System32\crypt32.dll
815. C:\Windows\System32\msasn1.dll
816. C:\Windows\System32\wkscli.dll
817. C:\Windows\System32\cscapi.dll
818. C:\Windows\System32\winsta.dll
819. C:\Windows\System32\powrprof.dll
820. C:\Windows\System32\setupapi.dll
821. C:\Windows\System32\shell32.dll
822. C:\Windows\System32\shlwapi.dll
823. C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
824. C:\Windows\System32\linkinfo.dll
825. C:\Windows\System32\propsys.dll
826. C:\Windows\System32\version.dll
827. C:\Windows\System32\apphelp.dll
828. C:\Windows\System32\profapi.dll
829. C:\Windows\System32\userenv.dll
830. C:\Windows\System32\perfos.dll
831. C:\Windows\System32\wintrust.dll
832. 3++S++
833. 3++S++
834. 3++S++
835. 3++S++
836. 3++S++
837. 3++S++
838. 3++S++
839. I\Proces 0
840. 3++S++
841. I\Proces 0
842. 3++S++
843. I\Proces 0
844. 3++S++
845. WmiPrvSE.pdb
846. ntdll.pdb
847. kernel32.pdb
848. kernelbase.pdb
849. advapi32.pdb
850. msvcrt.pdb
851. sechost.pdb
852. RSDSE!JH
853. rpcrt4.pdb
854. user32.pdb
855. gdi32.pdb
856. lpk.pdb
857. usp10.pdb
858. Rr>nr@
859. wbemcomn.pdb
860. oleaut32.pdb
861. ole32.pdb
862. ws2_32.pdb
863. RSDS=k
864. nsi.pdb
865. fastprox.pdb
866. ntdsapi.pdb
867. NCObjAPI.pdb
868. imm32.pdb
869. msctf.pdb
870. cryptbase.pdb
871. ntmarta.pdb
872. wldap32.pdb
873. CLBCatQ.pdb
874. cryptsp.pdb
875. rsaenh.pdb
876. RpcRtRemote.pdb
877. wbemsvc.pdb
878. wmiutils.pdb
879. cimwin32.pdb
880. RSDSO9
881. framedynos.pdb
882. sspicli.pdb
883. wtsapi32.pdb
884. devobj.pdb
885. cfgmgr32.pdb
886. iphlpapi.pdb
887. winnsi.pdb
888. dhcpcsvc.pdb
889. dhcpcsvc6.pdb
890. winbrand.pdb
891. credssp.pdb
892. schannel.pdb
893. crypt32.pdb
894. msasn1.pdb
895. wkscli.pdb
896. cscapi.pdb
897. winsta.pdb
898. powrprof.pdb
899. setupapi.pdb
900. shell32.pdb
901. shlwapi.pdb
902. comctl32.pdb
903. linkinfo.pdb
904. propsys.pdb
905. version.pdb
906. apphelp.pdb
907. profapi.pdb
908. userenv.pdb
909. perfos.pdb
910. wintrust.pdb
911. *** procdump.exe -64 -c 15 -s 1 4336 WmiPrvSE2.dmp
912. *** Process exceeded 15% CPU for 1 second. Thread consuming CPU: 9848 (0x2678)
913. .?AVexception@@
914. .?AVbad_alloc@std@@
915. .?AVlogic_error@std@@
916. .?AVlength_error@std@@
917. .?AVout_of_range@std@@
918. wmiprvse.exe
919. C:\Windows\system32\
920. .?AVCX_Exception@@
921. .?AVCX_MemoryException@@
922. .?AVexception@@
923. .?AVlogic_error@std@@
924. .?AVlength_error@std@@
925. .?AVout_of_range@std@@
926. .?AVSafeIntException@@
927. .?AVbad_alloc@std@@
928. NT AUTHORITY
929. certificate
930. Schannel
931. C:\Windows\Registration
932. C:\Windows\system32\emptyregdb.dat
933. C:\Windows\Registration
934. .?AUISimpleTableControl@@
935. .?AUISimpleTableRead@@
936. .?AUISimpleTableWrite@@
937. .?AUISimpleLogicTableDispenser@@
938. .?AUIUnknown@@
939. .?AUIClassFactory@@
940. .?AVCLTBase@@
941. .?AVCSLTComsClient@@
942. .?AVCSLTComs@@
943. SOFTWARE\Classes\CLSID
944. InprocServer32
945. ThreadingModel
946. .?AUISimpleTableMarshall@@
947. .?AVCSimpleDataTableCursor@@
948. .?AVCSLTShapeless@@
949. .?AVCNonFailFastingAllocator@@
950. .?AV?$EnumMap@U_GUID@@HVHashGUID@@VCNonFailFastingAllocator@@@@
951. .?AVEnum@@
952. 0123456789abcdef
953. C:\Windows\system32\WBEM\Logs\
954. .?AVCX_Exception@@
955. .?AVCX_MemoryException@@
956. .?AVComException@@
957. .?AVSafeIntException@@
958. .?AVCX_VarVectorException@@
959. .?AVexception@@
960. .?AVlogic_error@std@@
961. .?AVlength_error@std@@
962. .?AVout_of_range@std@@
963. .?AVbad_alloc@std@@
964. .?AV_com_error@@
965. .?AVCCscNetApiInterface@@
966. .?AVCCscNetApiInterfaceV1@@
967. dwmapi.dll
968. dxgi.dll
969. dwmapi.dll
970. dxgi.dll
971. dwmapi.dll
972. NETAPI32.DLL
973. DSROLE.DLL
974. SCHEDCLI.DLL
975. BROWCLI.DLL
976. LOGONCLI.DLL
977. netutils.dll
978. srvcli.dll
979. SAMCLI.DLL
980. netutils.dll
981. shdocvw.dll
982. dxgi.dll
983. y(~~r'
984. lA<>6+A
985. .~~r'2`|%: