Guest User

Windbg on WMI

a guest
Feb 6th, 2011
1,028
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Instant Online Crash Analysis, brought to you by OSR Open Systems Resources, Inc.
  2.  
  3. Primary Analysis
  4.  
  5. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
  6. Online Crash Dump Analysis Service
  7. See http://www.osronline.com for more information
  8. Windows 7 Version 7600 MP (4 procs) Free x64
  9. Product: WinNt, suite: SingleUserTS Personal
  10. kernel32.dll version: 6.1.7600.16385 (win7_rtm.090713-1255)
  11. Machine Name:
  12. Debug session time: Sun Feb 6 01:27:16.000 2011 (UTC - 5:00)
  13. System Uptime: not available
  14. Process Uptime: 0 days 12:28:13.000
  15. Kernel time: 0 days 1:15:00.000
  16. User time: 0 days 0:43:22.000
  17. Unable to load image C:\Windows\System32\ntdll.dll, Win32 error 0n2
  18. *** WARNING: Unable to verify timestamp for ntdll.dll
  19. *******************************************************************************
  20. * *
  21. * Exception Analysis *
  22. * *
  23. *******************************************************************************
  24.  
  25. GetPageUrlData failed, server returned HTTP status 404
  26. URL requested: http://watson.microsoft.com/StageOne/WmiPrvSE_exe/6_1_7600_16385/4a5bc794/unknown/0_0_0_0/bbbbbbb4/80000007/00000000.htm?Retriage=1
  27.  
  28. FAULTING_IP:
  29. +1562faf0006ed48
  30. 00000000`00000000 ?? ???
  31.  
  32. EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
  33. ExceptionAddress: 0000000000000000
  34. ExceptionCode: 80000007 (Wake debugger)
  35. ExceptionFlags: 00000001
  36. NumberParameters: 0
  37.  
  38. BUGCHECK_STR: 80000007
  39.  
  40. DEFAULT_BUCKET_ID: APPLICATION_HANG
  41.  
  42. PROCESS_NAME: WmiPrvSE.exe
  43.  
  44. ERROR_CODE: (NTSTATUS) 0x80000007 - {Kernel Debugger Awakened} the system debugger was awakened by an interrupt.
  45.  
  46. EXCEPTION_CODE: (HRESULT) 0x80000007 (2147483655) - Operation aborted
  47.  
  48. MOD_LIST:
  49.  
  50. NTGLOBALFLAG: 0
  51.  
  52. APPLICATION_VERIFIER_FLAGS: 0
  53.  
  54. DERIVED_WAIT_CHAIN:
  55.  
  56. Dl Eid Cid WaitType
  57. -- --- ------- --------------------------
  58. 5 10f0.2678 Speculated (Triage) -->
  59. 6 10f0.263c Unknown
  60.  
  61. WAIT_CHAIN_COMMAND: ~5s;k;;~6s;k;;
  62.  
  63. BLOCKING_THREAD: 000000000000263c
  64.  
  65. PRIMARY_PROBLEM_CLASS: APPLICATION_HANG
  66.  
  67. LAST_CONTROL_TRANSFER: from 0000000076dbf918 to 000000007700feba
  68.  
  69. FAULTING_THREAD: 0000000000000006
  70.  
  71. STACK_TEXT:
  72. 00000000`01eac668 00000000`76dbf918 : 00000000`01eac8fc 00000000`01eac8f4 00000000`00000001 00000000`01eac8fc : ntdll!NtQueryKey+0xa
  73. 00000000`01eac670 00000000`76dbf7ae : 00000000`01eaca50 ffffffff`00000000 00000002`00000000 00000000`0000002e : kernel32!ConstructKernelKeyPath+0xa8
  74. 00000000`01eac6e0 00000000`76dbfad3 : 000007fe`f1a26500 00000000`01eacbc0 00000000`01eacbc8 00000000`0024c9e0 : kernel32!LocalBaseRegOpenKey+0x1d1
  75. 00000000`01eaca00 00000000`76db566d : 00000000`00000018 ffffffff`80000002 00000000`000000ae 00000000`00000000 : kernel32!RegOpenKeyExInternalW+0x123
  76. 00000000`01eaca90 000007fe`f19f177a : ffffffff`fffffffe ffffffff`ffffffff 00000000`00000001 00000000`00000010 : kernel32!RegOpenKeyExW+0x1d
  77. 00000000`01eacad0 000007fe`f19f158f : 000007fe`f1a34250 00000000`002553b0 00000000`000000ae 00000000`00000000 : framedynos!CRegistry::Open+0x57
  78. 00000000`01eacb60 000007fe`e9371a8c : 000007fe`00000001 00000000`00000000 00000000`00000000 000007fe`e9371b25 : framedynos!ProviderLog::IsLoggingOn+0x9f
  79. 00000000`01ead060 000007fe`e93719ca : 00000000`001fc380 000007fe`00000000 00000000`00256350 000007fe`feda1332 : cimwin32!CRule::Release+0x38
  80. 00000000`01ead0b0 000007fe`e9371437 : 00000000`00000000 00000000`001fc398 00000000`ffffffff 00000000`001fc380 : cimwin32!CTimedDllResource::OnAcquire+0x22
  81. 00000000`01ead0e0 000007fe`e93713c5 : 00000000`00228160 00000000`00000001 00000000`001da880 000007fe`e93716ca : cimwin32!CResource::Acquire+0x20
  82. 00000000`01ead110 000007fe`e937132b : 00000000`00000000 00000000`00000000 00000000`002553b0 00000000`01eadac0 : cimwin32!CResourceList::GetResource+0x9a
  83. 00000000`01ead1d0 000007fe`e945652a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00255350 : cimwin32!CResourceManager::GetResource+0x4e
  84. 00000000`01ead200 000007fe`e945e4bc : 00000000`01eadad0 00000000`01eadd60 00000000`00257350 00000000`002553b0 : cimwin32!CConfigMgrDevice::GetStringProperty+0x5a
  85. 00000000`01eadaa0 000007fe`e93d645b : 00000000`002573cc 00000000`002471f0 00000000`002553b0 00000000`01eadd60 : cimwin32!CConfigManager::GetDeviceList+0x10c
  86. 00000000`01eadb20 000007fe`e93d630e : 00000000`00208740 00000000`00000000 00000000`0000000e 00000000`00208740 : cimwin32!CWin32NetworkAdapter::GetNetCardInfoForNT5+0xbf
  87. 00000000`01eadc90 000007fe`e93d591b : 00000000`00218f70 00000000`00000000 00000000`01eadd60 000007fe`e94c6e80 : cimwin32!CWin32NetworkAdapter::EnumNetAdaptersInNT5+0x11a
  88. 00000000`01eadd20 000007fe`f19f6af0 : 000007fe`e94c6e80 000007fe`e9541880 00000000`00218f70 000007fe`e94c6e80 : cimwin32!CWin32NetworkAdapter::EnumerateInstances+0xdf
  89. 00000000`01eadda0 000007fe`f19fac60 : 00000000`80041024 00000000`00218f70 00000000`02220026 00000000`01eadfa0 : framedynos!Provider::CreateInstanceEnum+0x34
  90. 00000000`01eaddd0 000007fe`f19f5692 : 00000000`00000000 00000000`0035c260 000007fe`e9541880 00000000`002049ec : framedynos!Provider::ExecuteQuery+0x9f
  91. 00000000`01eade10 00000000`ffcc2845 : 00000000`0035c270 00000000`01d30240 00000000`00000000 00000000`01cc4f70 : framedynos!CWbemProviderGlue::ExecQueryAsync+0x392
  92. 00000000`01eae450 00000000`ffcc25d5 : 00000000`00000000 00000000`00000000 00000000`01cc4f70 00000000`00000000 : WmiPrvSE!CInterceptor_IWbemSyncProvider::Helper_ExecQueryAsync+0x544
  93. 00000000`01eae500 000007fe`fec9c7f5 : 00000000`00000000 00000000`00000006 00000000`00302758 00000000`00000000 : WmiPrvSE!CInterceptor_IWbemSyncProvider::ExecQueryAsync+0x192
  94. 00000000`01eae5b0 000007fe`fec9b0b2 : 00000000`01eae9f0 000007fe`f47cb222 00000000`00000040 000007fe`f47cbde0 : rpcrt4!Invoke+0x65
  95. 00000000`01eae620 000007fe`fd89e175 : 00000000`003636e0 00000000`01eaefc0 00000000`003636e0 00000000`00336da0 : rpcrt4!NdrStubCall2+0x32a
  96. 00000000`01eaec40 000007fe`f4cfd36d : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : ole32!CStdStubBuffer_Invoke+0x8b
  97. 00000000`01eaec70 000007fe`fd89fc0d : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : fastprox!CBaseStublet::Invoke+0x19
  98. 00000000`01eaeca0 000007fe`fd89fb83 : 00000000`01cb9340 00000000`0034a4b4 00000000`00341fa0 00000000`ffd02888 : ole32!SyncStubInvoke+0x5d
  99. 00000000`01eaed10 000007fe`fd73fd60 : 00000000`01cb9340 00000000`003a54e0 00000000`01cb9340 00000000`00000000 : ole32!StubInvoke+0xdb
  100. 00000000`01eaedc0 000007fe`fd89fa22 : 00000000`00000000 00000000`00000010 00000000`0082d938 00000000`003369b0 : ole32!CCtxComChnl::ContextInvoke+0x190
  101. 00000000`01eaef50 000007fe`fd89f76b : 00000000`d0908070 00000000`003a54e0 00000000`003474b0 00000000`003636e0 : ole32!AppInvoke+0xc2
  102. 00000000`01eaefc0 000007fe`fd89ed6d : 00000000`003a54e0 00000000`003a54e0 00000000`003369b0 00000000`00070005 : ole32!ComInvokeWithLockAndIPID+0x52b
  103. 00000000`01eaf150 000007fe`fec99c24 : 00000000`01eaf258 00000000`00000000 00000000`00371e50 000007fe`fd733722 : ole32!ThreadInvoke+0x30d
  104. 00000000`01eaf1f0 000007fe`fec99d86 : 00000000`7702961e 00000000`000002c0 00000000`01eaf460 000007fe`fd7334c4 : rpcrt4!DispatchToStubInCNoAvrf+0x14
  105. 00000000`01eaf220 000007fe`fec9c44b : 00000000`0034a490 00000000`00000000 00000000`01eaf544 00000000`0034a490 : rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x146
  106. 00000000`01eaf340 000007fe`fec9c38b : 00000000`00000000 00000000`01eaf460 00000000`01eaf460 00000000`00371e50 : rpcrt4!RPC_INTERFACE::DispatchToStub+0x9b
  107. 00000000`01eaf380 000007fe`fec9c322 : 00000000`00371d00 00000000`00347740 00000000`0034a490 000007fe`fec9ac00 : rpcrt4!RPC_INTERFACE::DispatchToStubWithObject+0x5b
  108. 00000000`01eaf400 000007fe`fec9a11d : 00000000`00000001 00000000`00000000 000007fe`fec70000 00000000`0034a490 : rpcrt4!LRPC_SCALL::DispatchRequest+0x422
  109. 00000000`01eaf4e0 000007fe`feca7ddf : 00000000`00020000 00000000`00000000 00000000`00000000 00000000`00000003 : rpcrt4!LRPC_SCALL::HandleRequest+0x20d
  110. 00000000`01eaf610 000007fe`feca7995 : 00000200`00000000 00000000`00000000 00000000`0032e3b0 00000000`00000000 : rpcrt4!LRPC_ADDRESS::ProcessIO+0x3bf
  111. 00000000`01eaf750 00000000`76fdb3ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : rpcrt4!LrpcIoComplete+0xa5
  112. 00000000`01eaf7e0 00000000`76fd91af : 00000000`00000000 00000000`00000000 00000000`0000ffff 00000000`00000000 : ntdll!TppAlpcpExecuteCallback+0x26b
  113. 00000000`01eaf870 00000000`76dbf56d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x3f8
  114. 00000000`01eafb70 00000000`76ff3021 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
  115. 00000000`01eafba0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
  116.  
  117.  
  118. FOLLOWUP_IP:
  119. framedynos!CRegistry::Open+57
  120. 000007fe`f19f177a 85c0 test eax,eax
  121.  
  122. SYMBOL_STACK_INDEX: 5
  123.  
  124. SYMBOL_NAME: framedynos!CRegistry::Open+57
  125.  
  126. FOLLOWUP_NAME: MachineOwner
  127.  
  128. MODULE_NAME: framedynos
  129.  
  130. IMAGE_NAME: framedynos.dll
  131.  
  132. DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bdf08
  133.  
  134. STACK_COMMAND: ~6s ; kb
  135.  
  136. BUCKET_ID: X64_80000007_framedynos!CRegistry::Open+57
  137.  
  138. FAILURE_BUCKET_ID: APPLICATION_HANG_80000007_framedynos.dll!CRegistry::Open
  139.  
  140. WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/WmiPrvSE_exe/6_1_7600_16385/4a5bc794/unknown/0_0_0_0/bbbbbbb4/80000007/00000000.htm?Retriage=1
  141.  
  142. Followup: MachineOwner
  143. ---------
  144.  
  145.  
  146. This free analysis is provided by OSR Open Systems Resources, Inc.
  147. Want a deeper understanding of crash dump analysis? Check out our Windows Kernel Debugging and Crash Dump Analysis Seminar (opens in new tab/window)
  148. Loaded Module List
  149.  
  150. start end module name
  151. 00000000`76da0000 00000000`76ebf000 kernel32 kernel32.dll
  152. 00000000`76ec0000 00000000`76fba000 user32 user32.dll
  153. 00000000`76fc0000 00000000`7716b000 ntdll ntdll.dll
  154. 00000000`ffcc0000 00000000`ffd1d000 WmiPrvSE WmiPrvSE.exe
  155. 000007fe`e8a40000 000007fe`e8a48000 winbrand winbrand.dll
  156. 000007fe`e9370000 000007fe`e956a000 cimwin32 cimwin32.dll
  157. 000007fe`efc60000 000007fe`efc6b000 perfos perfos.dll
  158. 000007fe`f19a0000 000007fe`f19ac000 linkinfo linkinfo.dll
  159. 000007fe`f19f0000 000007fe`f1a3c000 framedynos framedynos.dll
  160. 000007fe`f3520000 000007fe`f352f000 cscapi cscapi.dll
  161. 000007fe`f40a0000 000007fe`f40b6000 ncobjapi ncobjapi.dll
  162. 000007fe`f4790000 000007fe`f47b6000 wmiutils wmiutils.dll
  163. 000007fe`f47c0000 000007fe`f47d4000 wbemsvc wbemsvc.dll
  164. 000007fe`f4cc0000 000007fe`f4ce7000 ntdsapi ntdsapi.dll
  165. 000007fe`f4cf0000 000007fe`f4dd2000 fastprox fastprox.dll
  166. 000007fe`f4ee0000 000007fe`f4f66000 wbemcomn wbemcomn.dll
  167. 000007fe`f66c0000 000007fe`f66d1000 dhcpcsvc6 dhcpcsvc6.DLL
  168. 000007fe`f66e0000 000007fe`f66f8000 dhcpcsvc dhcpcsvc.dll
  169. 000007fe`f6800000 000007fe`f680b000 winnsi winnsi.dll
  170. 000007fe`f6810000 000007fe`f6837000 IPHLPAPI IPHLPAPI.DLL
  171. 000007fe`f6e80000 000007fe`f6ead000 ntmarta ntmarta.dll
  172. 000007fe`f7510000 000007fe`f7525000 wkscli wkscli.dll
  173. 000007fe`f7950000 000007fe`f797c000 powrprof powrprof.dll
  174. 000007fe`f7980000 000007fe`f7991000 wtsapi32 wtsapi32.dll
  175. 000007fe`f7fa0000 000007fe`f80cc000 propsys propsys.dll
  176. 000007fe`f8120000 000007fe`f8314000 comctl32 comctl32.dll
  177. 000007fe`f8610000 000007fe`f861c000 version version.dll
  178. 000007fe`fc220000 000007fe`fc23e000 userenv userenv.dll
  179. 000007fe`fc330000 000007fe`fc339000 credssp credssp.dll
  180. 000007fe`fc4b0000 000007fe`fc4f7000 rsaenh rsaenh.dll
  181. 000007fe`fc540000 000007fe`fc597000 schannel schannel.dll
  182. 000007fe`fc7b0000 000007fe`fc7c7000 cryptsp cryptsp.dll
  183. 000007fe`fc9c0000 000007fe`fc9fd000 winsta winsta.dll
  184. 000007fe`fcdc0000 000007fe`fcde5000 sspicli sspicli.dll
  185. 000007fe`fcdf0000 000007fe`fce47000 apphelp apphelp.dll
  186. 000007fe`fce50000 000007fe`fce5f000 CRYPTBASE CRYPTBASE.dll
  187. 000007fe`fcf00000 000007fe`fcf14000 RpcRtRemote RpcRtRemote.dll
  188. 000007fe`fcf20000 000007fe`fcf2f000 profapi profapi.dll
  189. 000007fe`fcfc0000 000007fe`fcfcf000 msasn1 msasn1.dll
  190. 000007fe`fcfd0000 000007fe`fd006000 cfgmgr32 cfgmgr32.dll
  191. 000007fe`fd010000 000007fe`fd07b000 KERNELBASE KERNELBASE.dll
  192. 000007fe`fd080000 000007fe`fd09a000 devobj devobj.dll
  193. 000007fe`fd0a0000 000007fe`fd206000 crypt32 crypt32.dll
  194. 000007fe`fd2b0000 000007fe`fd2ea000 wintrust wintrust.dll
  195. 000007fe`fd550000 000007fe`fd727000 setupapi setupapi.dll
  196. 000007fe`fd730000 000007fe`fd932000 ole32 ole32.dll
  197. 000007fe`fdbe0000 000007fe`fdbff000 sechost sechost.dll
  198. 000007fe`fdd30000 000007fe`fdd3e000 lpk lpk.dll
  199. 000007fe`fdd40000 000007fe`feac6000 shell32 shell32.dll
  200. 000007fe`fead0000 000007fe`feb41000 shlwapi shlwapi.dll
  201. 000007fe`feb50000 000007fe`feb58000 nsi nsi.dll
  202. 000007fe`feb60000 000007fe`febad000 ws2_32 ws2_32.dll
  203. 000007fe`febb0000 000007fe`fec17000 gdi32 gdi32.dll
  204. 000007fe`fec20000 000007fe`fec70000 Wldap32 Wldap32.dll
  205. 000007fe`fec70000 000007fe`fed9e000 rpcrt4 rpcrt4.dll
  206. 000007fe`feda0000 000007fe`fee3f000 msvcrt msvcrt.dll
  207. 000007fe`fee40000 000007fe`fef1b000 advapi32 advapi32.dll
  208. 000007fe`fef20000 000007fe`feff7000 oleaut32 oleaut32.dll
  209. 000007fe`ff020000 000007fe`ff0b9000 clbcatq clbcatq.dll
  210. 000007fe`ff0c0000 000007fe`ff0ee000 imm32 imm32.dll
  211. 000007fe`ff0f0000 000007fe`ff1ba000 usp10 usp10.dll
  212. 000007fe`ff1c0000 000007fe`ff2c9000 msctf msctf.dll
  213.  
  214. Raw Stack Contents
  215.  
  216. Dump Header Information
  217.  
  218. ----- User Mini Dump Analysis
  219.  
  220. MINIDUMP_HEADER:
  221. Version A793 (6C02)
  222. NumberOfStreams 12
  223. Flags 1105
  224. 0001 MiniDumpWithDataSegs
  225. 0004 MiniDumpWithHandleData
  226. 0100 MiniDumpWithProcessThreadData
  227. 1000 MiniDumpWithThreadInfo
  228.  
  229. Streams:
  230. Stream 0: type ThreadListStream (3), size 000001B4, RVA 00000278
  231. 9 threads
  232. RVA 0000027C, ID 7A0, Teb:000007FFFFFDE000
  233. RVA 000002AC, ID CE0, Teb:000007FFFFFDC000
  234. RVA 000002DC, ID 113C, Teb:000007FFFFFD9000
  235. RVA 0000030C, ID 13F4, Teb:000007FFFFFD3000
  236. RVA 0000033C, ID 1028, Teb:000007FFFFFAE000
  237. RVA 0000036C, ID 2678, Teb:000007FFFFFAA000
  238. RVA 0000039C, ID 263C, Teb:000007FFFFFA8000
  239. RVA 000003CC, ID 2E30, Teb:000007FFFFFD7000
  240. RVA 000003FC, ID 2FEC, Teb:000007FFFFFD5000
  241. Stream 1: type ThreadInfoListStream (17), size 0000024C, RVA 0000042C
  242. RVA 00000438, ID 7A0
  243. RVA 00000478, ID CE0
  244. RVA 000004B8, ID 113C
  245. RVA 000004F8, ID 13F4
  246. RVA 00000538, ID 1028
  247. RVA 00000578, ID 2678
  248. RVA 000005B8, ID 263C
  249. RVA 000005F8, ID 2E30
  250. RVA 00000638, ID 2FEC
  251. Stream 2: type ModuleListStream (4), size 00001A2C, RVA 00000678
  252. 62 modules
  253. RVA 0000067C, 00000000`ffcc0000 - 00000000`ffd1d000: 'C:\Windows\System32\wbem\WmiPrvSE.exe'
  254. RVA 000006E8, 00000000`76fc0000 - 00000000`7716b000: 'C:\Windows\System32\ntdll.dll'
  255. RVA 00000754, 00000000`76da0000 - 00000000`76ebf000: 'C:\Windows\System32\kernel32.dll'
  256. RVA 000007C0, 000007fe`fd010000 - 000007fe`fd07b000: 'C:\Windows\System32\KERNELBASE.dll'
  257. RVA 0000082C, 000007fe`fee40000 - 000007fe`fef1b000: 'C:\Windows\System32\advapi32.dll'
  258. RVA 00000898, 000007fe`feda0000 - 000007fe`fee3f000: 'C:\Windows\System32\msvcrt.dll'
  259. RVA 00000904, 000007fe`fdbe0000 - 000007fe`fdbff000: 'C:\Windows\System32\sechost.dll'
  260. RVA 00000970, 000007fe`fec70000 - 000007fe`fed9e000: 'C:\Windows\System32\rpcrt4.dll'
  261. RVA 000009DC, 00000000`76ec0000 - 00000000`76fba000: 'C:\Windows\System32\user32.dll'
  262. RVA 00000A48, 000007fe`febb0000 - 000007fe`fec17000: 'C:\Windows\System32\gdi32.dll'
  263. RVA 00000AB4, 000007fe`fdd30000 - 000007fe`fdd3e000: 'C:\Windows\System32\lpk.dll'
  264. RVA 00000B20, 000007fe`ff0f0000 - 000007fe`ff1ba000: 'C:\Windows\System32\usp10.dll'
  265. RVA 00000B8C, 000007fe`f4ee0000 - 000007fe`f4f66000: 'C:\Windows\System32\wbemcomn.dll'
  266. RVA 00000BF8, 000007fe`fef20000 - 000007fe`feff7000: 'C:\Windows\System32\oleaut32.dll'
  267. RVA 00000C64, 000007fe`fd730000 - 000007fe`fd932000: 'C:\Windows\System32\ole32.dll'
  268. RVA 00000CD0, 000007fe`feb60000 - 000007fe`febad000: 'C:\Windows\System32\ws2_32.dll'
  269. RVA 00000D3C, 000007fe`feb50000 - 000007fe`feb58000: 'C:\Windows\System32\nsi.dll'
  270. RVA 00000DA8, 000007fe`f4cf0000 - 000007fe`f4dd2000: 'C:\Windows\System32\wbem\fastprox.dll'
  271. RVA 00000E14, 000007fe`f4cc0000 - 000007fe`f4ce7000: 'C:\Windows\System32\ntdsapi.dll'
  272. RVA 00000E80, 000007fe`f40a0000 - 000007fe`f40b6000: 'C:\Windows\System32\ncobjapi.dll'
  273. RVA 00000EEC, 000007fe`ff0c0000 - 000007fe`ff0ee000: 'C:\Windows\System32\imm32.dll'
  274. RVA 00000F58, 000007fe`ff1c0000 - 000007fe`ff2c9000: 'C:\Windows\System32\msctf.dll'
  275. RVA 00000FC4, 000007fe`fce50000 - 000007fe`fce5f000: 'C:\Windows\System32\CRYPTBASE.dll'
  276. RVA 00001030, 000007fe`f6e80000 - 000007fe`f6ead000: 'C:\Windows\System32\ntmarta.dll'
  277. RVA 0000109C, 000007fe`fec20000 - 000007fe`fec70000: 'C:\Windows\System32\Wldap32.dll'
  278. RVA 00001108, 000007fe`ff020000 - 000007fe`ff0b9000: 'C:\Windows\System32\clbcatq.dll'
  279. RVA 00001174, 000007fe`fc7b0000 - 000007fe`fc7c7000: 'C:\Windows\System32\cryptsp.dll'
  280. RVA 000011E0, 000007fe`fc4b0000 - 000007fe`fc4f7000: 'C:\Windows\System32\rsaenh.dll'
  281. RVA 0000124C, 000007fe`fcf00000 - 000007fe`fcf14000: 'C:\Windows\System32\RpcRtRemote.dll'
  282. RVA 000012B8, 000007fe`f47c0000 - 000007fe`f47d4000: 'C:\Windows\System32\wbem\wbemsvc.dll'
  283. RVA 00001324, 000007fe`f4790000 - 000007fe`f47b6000: 'C:\Windows\System32\wbem\wmiutils.dll'
  284. RVA 00001390, 000007fe`e9370000 - 000007fe`e956a000: 'C:\Windows\System32\wbem\cimwin32.dll'
  285. RVA 000013FC, 000007fe`f19f0000 - 000007fe`f1a3c000: 'C:\Windows\System32\framedynos.dll'
  286. RVA 00001468, 000007fe`fcdc0000 - 000007fe`fcde5000: 'C:\Windows\System32\sspicli.dll'
  287. RVA 000014D4, 000007fe`f7980000 - 000007fe`f7991000: 'C:\Windows\System32\wtsapi32.dll'
  288. RVA 00001540, 000007fe`fd080000 - 000007fe`fd09a000: 'C:\Windows\System32\devobj.dll'
  289. RVA 000015AC, 000007fe`fcfd0000 - 000007fe`fd006000: 'C:\Windows\System32\cfgmgr32.dll'
  290. RVA 00001618, 000007fe`f6810000 - 000007fe`f6837000: 'C:\Windows\System32\IPHLPAPI.DLL'
  291. RVA 00001684, 000007fe`f6800000 - 000007fe`f680b000: 'C:\Windows\System32\winnsi.dll'
  292. RVA 000016F0, 000007fe`f66e0000 - 000007fe`f66f8000: 'C:\Windows\System32\dhcpcsvc.dll'
  293. RVA 0000175C, 000007fe`f66c0000 - 000007fe`f66d1000: 'C:\Windows\System32\dhcpcsvc6.DLL'
  294. RVA 000017C8, 000007fe`e8a40000 - 000007fe`e8a48000: 'C:\Windows\System32\winbrand.dll'
  295. RVA 00001834, 000007fe`fc330000 - 000007fe`fc339000: 'C:\Windows\System32\credssp.dll'
  296. RVA 000018A0, 000007fe`fc540000 - 000007fe`fc597000: 'C:\Windows\System32\schannel.dll'
  297. RVA 0000190C, 000007fe`fd0a0000 - 000007fe`fd206000: 'C:\Windows\System32\crypt32.dll'
  298. RVA 00001978, 000007fe`fcfc0000 - 000007fe`fcfcf000: 'C:\Windows\System32\msasn1.dll'
  299. RVA 000019E4, 000007fe`f7510000 - 000007fe`f7525000: 'C:\Windows\System32\wkscli.dll'
  300. RVA 00001A50, 000007fe`f3520000 - 000007fe`f352f000: 'C:\Windows\System32\cscapi.dll'
  301. RVA 00001ABC, 000007fe`fc9c0000 - 000007fe`fc9fd000: 'C:\Windows\System32\winsta.dll'
  302. RVA 00001B28, 000007fe`f7950000 - 000007fe`f797c000: 'C:\Windows\System32\powrprof.dll'
  303. RVA 00001B94, 000007fe`fd550000 - 000007fe`fd727000: 'C:\Windows\System32\setupapi.dll'
  304. RVA 00001C00, 000007fe`fdd40000 - 000007fe`feac6000: 'C:\Windows\System32\shell32.dll'
  305. RVA 00001C6C, 000007fe`fead0000 - 000007fe`feb41000: 'C:\Windows\System32\shlwapi.dll'
  306. RVA 00001CD8, 000007fe`f8120000 - 000007fe`f8314000: 'C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll'
  307. RVA 00001D44, 000007fe`f19a0000 - 000007fe`f19ac000: 'C:\Windows\System32\linkinfo.dll'
  308. RVA 00001DB0, 000007fe`f7fa0000 - 000007fe`f80cc000: 'C:\Windows\System32\propsys.dll'
  309. RVA 00001E1C, 000007fe`f8610000 - 000007fe`f861c000: 'C:\Windows\System32\version.dll'
  310. RVA 00001E88, 000007fe`fcdf0000 - 000007fe`fce47000: 'C:\Windows\System32\apphelp.dll'
  311. RVA 00001EF4, 000007fe`fcf20000 - 000007fe`fcf2f000: 'C:\Windows\System32\profapi.dll'
  312. RVA 00001F60, 000007fe`fc220000 - 000007fe`fc23e000: 'C:\Windows\System32\userenv.dll'
  313. RVA 00001FCC, 000007fe`efc60000 - 000007fe`efc6b000: 'C:\Windows\System32\perfos.dll'
  314. RVA 00002038, 000007fe`fd2b0000 - 000007fe`fd2ea000: 'C:\Windows\System32\wintrust.dll'
  315. Stream 3: type MemoryListStream (5), size 000005B4, RVA 00006BF2
  316. 91 memory ranges
  317. range# RVA Address Size
  318. 0 000071A6 000007fe`fe21e000 00000000`000093e0
  319. 1 00010586 000007fe`efc66000 00000000`00001e68
  320. 2 000123EE 000007fe`f47cf000 00000000`000019d4
  321. 3 00013DC2 00000000`76eaa000 00000000`00001900
  322. 4 000156C2 000007fe`f40b1000 00000000`000008c0
  323. 5 00015F82 000007fe`feb37000 00000000`00001508
  324. 6 0001748A 000007fe`f6832000 00000000`00000be0
  325. 7 0001806A 000007fe`fc58f000 00000000`00001f88
  326. 8 00019FF2 000007fe`ff0ab000 00000000`000056f0
  327. 9 0001F6E2 000007fe`ff279000 00000000`000025e8
  328. 10 00021CCA 000007fe`feee8000 00000000`00004260
  329. 11 00025F2A 000007fe`feb54000 00000000`00000690
  330. 12 000265BA 00000000`76edc8aa 00000000`00000100
  331. 13 000266BA 000007fe`fd070000 00000000`00001b48
  332. 14 00028202 000007fe`f4f54000 00000000`00008830
  333. 15 00030A32 000007fe`ff0e2000 00000000`00001028
  334. 16 00031A5A 000007fe`fc239000 00000000`00000aa0
  335. 17 000324FA 000007fe`fd096000 00000000`00000904
  336. 18 00032DFE 000007fe`fdd3a000 00000000`00000890
  337. 19 0003368E 000007fe`f7521000 00000000`000008c8
  338. 20 00033F56 000007fe`f66c9000 00000000`00000964
  339. 21 000348BA 000007fe`feb9c000 00000000`00000a68
  340. 22 00035322 00000000`770f3000 00000000`0000ba60
  341. 23 00040D82 000007fe`fc7c3000 00000000`00000bc8
  342. 24 0004194A 000007fe`f19a8000 00000000`000007e4
  343. 25 0004212E 000007fe`fed80000 00000000`00001a24
  344. 26 00043B52 000007fe`f4dc1000 00000000`000011e0
  345. 27 00044D32 000007fe`fd63a000 00000000`00005b28
  346. 28 0004A85A 00000000`ffd14000 00000000`000025f8
  347. 29 0004CE52 000007fe`f66f4000 00000000`00000ab0
  348. 30 0004D902 000007fe`fcf10000 00000000`00000b8c
  349. 31 0004E48E 00000000`76f52000 00000000`00001a50
  350. 32 0004FEDE 000007fe`e8a44000 00000000`00000724
  351. 33 00050602 000007fe`fcf2b000 00000000`00000804
  352. 34 00050E06 000007ff`fffa8000 00000000`00004000
  353. 35 00054E06 000007ff`fffae000 00000000`00002000
  354. 36 00056E06 000007fe`f8049000 00000000`000025c8
  355. 37 000593CE 000007fe`fd2e4000 00000000`00000f00
  356. 38 0005A2CE 000007fe`fec0c000 00000000`00001848
  357. 39 0005BB16 000007fe`fc9f5000 00000000`00003364
  358. 40 0005EE7A 000007fe`ff173000 00000000`00002a10
  359. 41 0006188A 000007ff`fffd3000 00000000`00008380
  360. 42 00069C0A 00000000`002c1320 00000000`00002020
  361. 43 0006BC2A 000007fe`e9540000 00000000`00009b80
  362. 44 000757AA 00000000`002c35e8 00000000`00000028
  363. 45 000757D2 000007ff`fffdc000 00000000`00004000
  364. 46 000797D2 000007fe`fdbf9000 00000000`00002a90
  365. 47 0007C262 000007fe`f1a34000 00000000`00001994
  366. 48 0007DBF6 000007fe`f352b000 00000000`00000c3c
  367. 49 0007E832 000007fe`f7968000 00000000`00000dc0
  368. 50 0007F5F2 000007fe`f6ea6000 00000000`000029a4
  369. 51 00081F96 000007fe`fefe3000 00000000`00002630
  370. 52 000845C6 00000000`00303fb0 00000000`00000410
  371. 53 000849D6 000007fe`fcddf000 00000000`00001108
  372. 54 00085ADE 000007fe`fee31000 00000000`00005602
  373. 55 0008B0E0 000007fe`f8618000 00000000`0000091a
  374. 56 0008B9FA 000007fe`fec68000 00000000`00001314
  375. 57 0008CD0E 000007fe`fc4ee000 00000000`000033d4
  376. 58 000900E2 000007fe`f798d000 00000000`000008e4
  377. 59 000909C6 00000000`0031c6b0 00000000`00000410
  378. 60 00090DD6 000007fe`fc335000 00000000`00000810
  379. 61 000915E6 000007fe`fcfcb000 00000000`000006b0
  380. 62 00091C96 000007fe`fd197000 00000000`000020ac
  381. 63 00093D42 00000000`7700fd1a 00000000`00000100
  382. 64 00093E42 00000000`7700fe3a 00000000`00000100
  383. 65 00093F42 00000000`7701001a 00000000`00000100
  384. 66 00094042 00000000`7701028a 00000000`00000100
  385. 67 00094142 00000000`0033e180 00000000`00000410
  386. 68 00094552 00000000`770115da 00000000`00000100
  387. 69 00094652 00000000`00344da0 00000000`00000410
  388. 70 00094A62 000007fe`f4ce3000 00000000`00000ebc
  389. 71 0009591E 000007fe`f82bc000 00000000`000030fc
  390. 72 00098A1A 000007fe`fd001000 00000000`00000850
  391. 73 0009926A 000007fe`fce36000 00000000`00003240
  392. 74 0009C4AA 000007fe`fd904000 00000000`00006b68
  393. 75 000A3012 00000000`00373bc0 00000000`00000410
  394. 76 000A3422 00000000`00374010 00000000`00000410
  395. 77 000A3832 00000000`003748b0 00000000`00000410
  396. 78 000A3C42 00000000`00374d00 00000000`00000410
  397. 79 000A4052 000007fe`f47af000 00000000`00001328
  398. 80 000A537A 000007fe`f6807000 00000000`00000724
  399. 81 000A5A9E 000007fe`fce5b000 00000000`00000760
  400. 82 000A61FE 00000000`0017f7d8 00000000`00000828
  401. 83 000A6A26 00000000`0109f578 00000000`00000a88
  402. 84 000A74AE 00000000`008af628 00000000`000009d8
  403. 85 000A7E86 00000000`014efb78 00000000`00000488
  404. 86 000A830E 00000000`013af418 00000000`00000be8
  405. 87 000A8EF6 00000000`0126f688 00000000`00000978
  406. 88 000A986E 00000000`01eac668 00000000`00003998
  407. 89 000AD206 00000000`026bf838 00000000`000007c8
  408. 90 000AD9CE 00000000`0170fc08 00000000`000003f8
  409. Total memory: a6c20
  410. Stream 4: type ExceptionStream (6), size 000000A8, RVA 000001D0
  411. ThreadID 9848
  412. ExceptionCode 80000007
  413. ExceptionRecord 0
  414. ExceptionAddress 0
  415. Context record RVA 3210, size 4d0
  416. Stream 5: type SystemInfoStream (7), size 00000038, RVA 000000B0
  417. ProcessorArchitecture 0009 (PROCESSOR_ARCHITECTURE_AMD64)
  418. ProcessorLevel 0006
  419. ProcessorRevision 2505
  420. NumberOfProcessors 04
  421. MajorVersion 00000006
  422. MinorVersion 00000001
  423. BuildNumber 00001DB0 (7600)
  424. PlatformId 00000002 (VER_PLATFORM_WIN32_NT)
  425. CSDVersionRva 000020A4
  426. Length: 0
  427. Product: WinNt, suite: SingleUserTS Personal
  428. Stream 6: type MiscInfoStream (15), size 000000E8, RVA 000000E8
  429. Stream 7: type HandleDataStream (12), size 00003378, RVA 000B52B6
  430. 329 descriptors, header size is 16, descriptor size is 40
  431. Handle(0000000000000004,"Directory","\KnownDlls")
  432. Handle(0000000000000008,"File","")
  433. Handle(000000000000000C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions")
  434. Handle(0000000000000010,"Mutant","")
  435. Handle(0000000000000014,"ALPC Port","")
  436. Handle(0000000000000018,"Key","\REGISTRY\MACHINE")
  437. Handle(000000000000001C,"Event","")
  438. Handle(0000000000000020,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER")
  439. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER")
  440. Handle(0000000000000028,"Event","")
  441. Handle(0000000000000000,"Event","")
  442. Handle(000000000000003C,"Event","")
  443. Handle(0000000000000040,"Event","")
  444. Handle(0000000000000044,"Event","")
  445. Handle(0000000000000048,"Event","")
  446. Handle(000000000000004C,"Event","")
  447. Handle(0000000000000050,"Event","")
  448. Handle(0000000000000054,"Directory","\BaseNamedObjects")
  449. Handle(0000000000000058,"Mutant","")
  450. Handle(0000000000000000,"Mutant","")
  451. Handle(0000000000000000,"Mutant","")
  452. Handle(0000000000000000,"Mutant","")
  453. Handle(0000000000000000,"Mutant","")
  454. Handle(0000000000000000,"Mutant","")
  455. Handle(0000000000000000,"Mutant","")
  456. Handle(0000000000000000,"Mutant","")
  457. Handle(0000000000000000,"Mutant","")
  458. Handle(000000000000007C,"Event","")
  459. Handle(0000000000000080,"Event","")
  460. Handle(0000000000000084,"Event","")
  461. Handle(0000000000000000,"Event","")
  462. Handle(0000000000000000,"Event","")
  463. Handle(0000000000000090,"Event","")
  464. Handle(0000000000000094,"Thread","")
  465. Handle(0000000000000098,"ALPC Port","")
  466. Handle(000000000000009C,"Event","")
  467. Handle(00000000000000A0,"Event","")
  468. Handle(00000000000000A4,"File","")
  469. Handle(0000000000000000,"File","")
  470. Handle(0000000000000000,"File","")
  471. Handle(00000000000000B0,"Event","")
  472. Handle(00000000000000B4,"Semaphore","")
  473. Handle(00000000000000B8,"Semaphore","")
  474. Handle(00000000000000BC,"Semaphore","")
  475. Handle(00000000000000C0,"Semaphore","")
  476. Handle(00000000000000C4,"Semaphore","")
  477. Handle(00000000000000C8,"Semaphore","")
  478. Handle(00000000000000CC,"Semaphore","")
  479. Handle(00000000000000D0,"Semaphore","")
  480. Handle(00000000000000D4,"KeyedEvent","")
  481. Handle(00000000000000D8,"IoCompletion","")
  482. Handle(00000000000000DC,"TpWorkerFactory","")
  483. Handle(00000000000000E0,"TpWorkerFactory","")
  484. Handle(00000000000000E4,"TpWorkerFactory","")
  485. Handle(00000000000000E8,"TpWorkerFactory","")
  486. Handle(00000000000000EC,"Timer","")
  487. Handle(00000000000000F0,"Timer","")
  488. Handle(00000000000000F4,"Thread","")
  489. Handle(00000000000000F8,"Thread","")
  490. Handle(00000000000000FC,"Timer","")
  491. Handle(0000000000000100,"ALPC Port","")
  492. Handle(0000000000000104,"Event","")
  493. Handle(0000000000000108,"Event","")
  494. Handle(000000000000010C,"Section","\BaseNamedObjects\Wmi Provider Sub System Counters")
  495. Handle(0000000000000110,"Event","")
  496. Handle(0000000000000114,"Event","")
  497. Handle(0000000000000118,"Event","")
  498. Handle(000000000000011C,"Event","\BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS")
  499. Handle(0000000000000120,"Event","")
  500. Handle(0000000000000124,"Thread","")
  501. Handle(0000000000000128,"Event","\BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM")
  502. Handle(000000000000012C,"Section","\BaseNamedObjects\__ComCatalogCache__")
  503. Handle(0000000000000130,"Key","\REGISTRY\MACHINE\SOFTWARE\Classes")
  504. Handle(0000000000000134,"Event","\KernelObjects\MaximumCommitCondition")
  505. Handle(0000000000000138,"Section","\BaseNamedObjects\__ComCatalogCache__")
  506. Handle(000000000000013C,"Event","")
  507. Handle(0000000000000140,"Section","\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro")
  508. Handle(0000000000000144,"ALPC Port","\RPC Control\OLE96F2B40F7AB74B1680BFFA433E32")
  509. Handle(0000000000000148,"Event","")
  510. Handle(0000000000000000,"Event","")
  511. Handle(0000000000000000,"Event","")
  512. Handle(0000000000000154,"Event","")
  513. Handle(0000000000000158,"ALPC Port","")
  514. Handle(000000000000015C,"Event","")
  515. Handle(0000000000000160,"Event","")
  516. Handle(0000000000000164,"Event","")
  517. Handle(0000000000000168,"Event","")
  518. Handle(000000000000016C,"Thread","")
  519. Handle(0000000000000170,"ALPC Port","")
  520. Handle(0000000000000174,"Event","")
  521. Handle(0000000000000178,"Event","")
  522. Handle(000000000000017C,"Event","")
  523. Handle(0000000000000180,"Thread","")
  524. Handle(0000000000000184,"Event","")
  525. Handle(0000000000000188,"Event","")
  526. Handle(000000000000018C,"Event","")
  527. Handle(0000000000000190,"Event","")
  528. Handle(0000000000000194,"Event","")
  529. Handle(0000000000000198,"ALPC Port","")
  530. Handle(000000000000019C,"Event","")
  531. Handle(00000000000001A4,"Key","\REGISTRY\MACHINE\SOFTWARE\Classes")
  532. Handle(00000000000001A8,"Semaphore","")
  533. Handle(00000000000001AC,"Semaphore","")
  534. Handle(00000000000001B0,"Event","")
  535. Handle(00000000000001B4,"Event","")
  536. Handle(00000000000001B8,"Event","")
  537. Handle(00000000000001BC,"Event","")
  538. Handle(00000000000001C0,"Event","")
  539. Handle(00000000000001C4,"ALPC Port","")
  540. Handle(00000000000001C8,"Event","")
  541. Handle(00000000000001CC,"ALPC Port","")
  542. Handle(00000000000001D0,"Thread","")
  543. Handle(00000000000001D4,"ALPC Port","")
  544. Handle(00000000000001D8,"Event","")
  545. Handle(00000000000001DC,"Mutant","")
  546. Handle(00000000000001E0,"Event","")
  547. Handle(00000000000001E4,"Event","")
  548. Handle(0000000000000000,"Event","")
  549. Handle(00000000000001F0,"Event","")
  550. Handle(00000000000001F4,"Token","")
  551. Handle(00000000000001F8,"Semaphore","")
  552. Handle(00000000000001FC,"Event","")
  553. Handle(0000000000000200,"Event","")
  554. Handle(0000000000000204,"Event","")
  555. Handle(0000000000000208,"Event","")
  556. Handle(0000000000000000,"Event","")
  557. Handle(0000000000000210,"Event","")
  558. Handle(0000000000000000,"Event","")
  559. Handle(0000000000000218,"Event","")
  560. Handle(000000000000021C,"Semaphore","")
  561. Handle(0000000000000220,"Semaphore","")
  562. Handle(0000000000000224,"File","")
  563. Handle(0000000000000228,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum")
  564. Handle(000000000000022C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CLASS")
  565. Handle(0000000000000230,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services")
  566. Handle(0000000000000234,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PerHwIdStorage")
  567. Handle(0000000000000238,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses")
  568. Handle(000000000000023C,"Event","")
  569. Handle(0000000000000240,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers")
  570. Handle(0000000000000244,"Event","")
  571. Handle(0000000000000000,"Event","")
  572. Handle(000000000000024C,"Semaphore","")
  573. Handle(0000000000000250,"Event","")
  574. Handle(0000000000000254,"Event","")
  575. Handle(0000000000000000,"Event","")
  576. Handle(000000000000025C,"Semaphore","")
  577. Handle(0000000000000260,"Semaphore","")
  578. Handle(0000000000000264,"Semaphore","")
  579. Handle(0000000000000268,"Semaphore","")
  580. Handle(000000000000026C,"Semaphore","")
  581. Handle(0000000000000270,"Semaphore","")
  582. Handle(0000000000000274,"Semaphore","")
  583. Handle(0000000000000278,"Semaphore","")
  584. Handle(000000000000027C,"Semaphore","")
  585. Handle(0000000000000280,"Semaphore","")
  586. Handle(0000000000000284,"Semaphore","")
  587. Handle(0000000000000288,"Semaphore","")
  588. Handle(000000000000028C,"Semaphore","")
  589. Handle(0000000000000290,"Semaphore","")
  590. Handle(0000000000000294,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag")
  591. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag")
  592. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag")
  593. Handle(00000000000002A0,"File","")
  594. Handle(0000000000000000,"File","")
  595. Handle(00000000000002AC,"Event","")
  596. Handle(00000000000002B0,"Semaphore","")
  597. Handle(00000000000002B4,"Semaphore","")
  598. Handle(00000000000002B8,"Event","")
  599. Handle(00000000000002BC,"Event","")
  600. Handle(0000000000000000,"Event","")
  601. Handle(0000000000000000,"Event","")
  602. Handle(0000000000000000,"Event","")
  603. Handle(0000000000000000,"Event","")
  604. Handle(0000000000000000,"Event","")
  605. Handle(0000000000000000,"Event","")
  606. Handle(00000000000002DC,"Semaphore","")
  607. Handle(00000000000002E0,"Semaphore","")
  608. Handle(00000000000002E4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data\Performance")
  609. Handle(00000000000002EC,"Event","\BaseNamedObjects\TermSrvReadyEvent")
  610. Handle(00000000000002F0,"Event","")
  611. Handle(0000000000000000,"Event","")
  612. Handle(00000000000002F8,"Event","")
  613. Handle(0000000000000000,"Event","")
  614. Handle(0000000000000300,"Event","")
  615. Handle(0000000000000304,"Mutant","")
  616. Handle(0000000000000308,"Event","")
  617. Handle(000000000000030C,"Mutant","")
  618. Handle(0000000000000310,"ALPC Port","")
  619. Handle(0000000000000314,"Event","")
  620. Handle(000000000000031C,"Thread","")
  621. Handle(0000000000000320,"Event","")
  622. Handle(0000000000000324,"Event","")
  623. Handle(0000000000000328,"Event","")
  624. Handle(0000000000000000,"Event","")
  625. Handle(0000000000000338,"Thread","")
  626. Handle(0000000000000000,"Thread","a")
  627. Handle(0000000000000000,"Thread","a")
  628. Handle(0000000000000344,"File","")
  629. Handle(0000000000000000,"File","")
  630. Handle(000000000000034C,"Event","")
  631. Handle(0000000000000350,"Section","\BaseNamedObjects\windows_shell_global_counters")
  632. Handle(0000000000000354,"Section","\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db")
  633. Handle(0000000000000358,"Section","\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db")
  634. Handle(0000000000000000,"Section","\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db")
  635. Handle(0000000000000360,"Thread","")
  636. Handle(0000000000000364,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag")
  637. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag")
  638. Handle(000000000000036C,"Event","")
  639. Handle(0000000000000370,"Event","")
  640. Handle(0000000000000374,"Section","\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro")
  641. Handle(0000000000000378,"Event","")
  642. Handle(0000000000000000,"Event","")
  643. Handle(0000000000000380,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag")
  644. Handle(0000000000000384,"Event","")
  645. Handle(0000000000000388,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PropertyBag")
  646. Handle(000000000000038C,"Section","\BaseNamedObjects\windows_shell_global_counters")
  647. Handle(0000000000000000,"Section","\BaseNamedObjects\windows_shell_global_counters")
  648. Handle(0000000000000394,"Key","\REGISTRY\USER")
  649. Handle(0000000000000398,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\PropertyBag")
  650. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\PropertyBag")
  651. Handle(0000000000000000,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\PropertyBag")
  652. Handle(00000000000003A4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{33E28130-4E1E-4676-835A-98395C3BC3BB}\PropertyBag")
  653. Handle(00000000000003AC,"Mutant","")
  654. Handle(00000000000003B0,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}\PropertyBag")
  655. Handle(00000000000003B4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{491E922F-5643-4AF4-A7EB-4E7A138D8174}\PropertyBag")
  656. Handle(00000000000003B8,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag")
  657. Handle(00000000000003BC,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{2400183A-6185-49FB-A2D8-4A392A602BA3}\PropertyBag")
  658. Handle(00000000000003C0,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{56784854-C6CB-462B-8169-88E350ACB882}\PropertyBag")
  659. Handle(00000000000003C4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{A302545D-DEFF-464B-ABE8-61C8648D939B}\PropertyBag")
  660. Handle(00000000000003C8,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag")
  661. Handle(00000000000003CC,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}\PropertyBag")
  662. Handle(00000000000003D0,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}\PropertyBag")
  663. Handle(00000000000003D4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{4BD8D571-6D19-48D3-BE97-422220080E43}\PropertyBag")
  664. Handle(00000000000003D8,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\PropertyBag")
  665. Handle(00000000000003DC,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{A990AE9F-A03B-4E80-94BC-9912D7504104}\PropertyBag")
  666. Handle(00000000000003E0,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\PropertyBag")
  667. Handle(00000000000003E4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag")
  668. Handle(00000000000003E8,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag")
  669. Handle(00000000000003EC,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\PropertyBag")
  670. Handle(00000000000003F0,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance")
  671. Handle(00000000000003F4,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag")
  672. Handle(00000000000003F8,"Key","\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PERFLIB")
  673. Handle(0000000000000404,"Event","")
  674. Handle(0000000000000408,"Event","")
  675. Handle(000000000000040C,"Event","")
  676. Handle(0000000000000410,"Event","")
  677. Handle(0000000000000414,"Event","")
  678. Handle(0000000000000418,"Mutant","\BaseNamedObjects\.NET CLR Data_Perf_Library_Lock_PID_10f0")
  679. Handle(0000000000000424,"Thread","")
  680. Handle(0000000000000428,"Mutant","\BaseNamedObjects\.NET CLR Networking_Perf_Library_Lock_PID_10f0")
  681. Handle(000000000000042C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0\Performance")
  682. Handle(0000000000000430,"Mutant","\BaseNamedObjects\.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_10f0")
  683. Handle(0000000000000434,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle\Performance")
  684. Handle(0000000000000438,"Mutant","\BaseNamedObjects\.NET Data Provider for Oracle_Perf_Library_Lock_PID_10f0")
  685. Handle(000000000000043C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer\Performance")
  686. Handle(0000000000000440,"Mutant","\BaseNamedObjects\.NET Data Provider for SqlServer_Perf_Library_Lock_PID_10f0")
  687. Handle(0000000000000444,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\.NETFramework\Performance")
  688. Handle(0000000000000448,"Mutant","\BaseNamedObjects\.NETFramework_Perf_Library_Lock_PID_10f0")
  689. Handle(000000000000044C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BITS\Performance")
  690. Handle(0000000000000450,"Mutant","\BaseNamedObjects\BITS_Perf_Library_Lock_PID_10f0")
  691. Handle(0000000000000454,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ESENT\Performance")
  692. Handle(0000000000000458,"Mutant","\BaseNamedObjects\ESENT_Perf_Library_Lock_PID_10f0")
  693. Handle(000000000000045C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Lsa\Performance")
  694. Handle(0000000000000460,"Mutant","\BaseNamedObjects\Lsa_Perf_Library_Lock_PID_10f0")
  695. Handle(0000000000000464,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MAV Client PerfMon Provider\Performance")
  696. Handle(0000000000000468,"Mutant","\BaseNamedObjects\MAV Client PerfMon Provider_Perf_Library_Lock_PID_10f0")
  697. Handle(000000000000046C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC\Performance")
  698. Handle(0000000000000470,"Mutant","\BaseNamedObjects\MSDTC_Perf_Library_Lock_PID_10f0")
  699. Handle(0000000000000474,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0\Performance")
  700. Handle(0000000000000478,"Mutant","\BaseNamedObjects\MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_10f0")
  701. Handle(000000000000047C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Performance")
  702. Handle(0000000000000480,"Mutant","\BaseNamedObjects\MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_10f0")
  703. Handle(0000000000000484,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS\Performance")
  704. Handle(0000000000000488,"Mutant","\BaseNamedObjects\MSSCNTRS_Perf_Library_Lock_PID_10f0")
  705. Handle(000000000000048C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfDisk\Performance")
  706. Handle(0000000000000490,"Mutant","\BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_10f0")
  707. Handle(0000000000000494,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfNet\Performance")
  708. Handle(0000000000000498,"Mutant","\BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_10f0")
  709. Handle(000000000000049C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfOS\Performance")
  710. Handle(00000000000004A0,"Mutant","\BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_10f0")
  711. Handle(00000000000004A4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PerfProc\Performance")
  712. Handle(00000000000004A8,"Mutant","\BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_10f0")
  713. Handle(00000000000004AC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\rdyboost\Performance")
  714. Handle(00000000000004B0,"Mutant","\BaseNamedObjects\rdyboost_Perf_Library_Lock_PID_10f0")
  715. Handle(00000000000004B4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\Performance")
  716. Handle(00000000000004B8,"Mutant","\BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_10f0")
  717. Handle(00000000000004BC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0\Performance")
  718. Handle(00000000000004C0,"Mutant","\BaseNamedObjects\ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_10f0")
  719. Handle(00000000000004C4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0\Performance")
  720. Handle(00000000000004C8,"Mutant","\BaseNamedObjects\ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_10f0")
  721. Handle(00000000000004CC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0\Performance")
  722. Handle(00000000000004D0,"Mutant","\BaseNamedObjects\ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_10f0")
  723. Handle(00000000000004D4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0\Performance")
  724. Handle(00000000000004D8,"Mutant","\BaseNamedObjects\SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_10f0")
  725. Handle(00000000000004DC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Performance")
  726. Handle(00000000000004E0,"Mutant","\BaseNamedObjects\SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_10f0")
  727. Handle(00000000000004E4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Spooler\Performance")
  728. Handle(00000000000004E8,"Mutant","\BaseNamedObjects\Spooler_Perf_Library_Lock_PID_10f0")
  729. Handle(00000000000004EC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Performance")
  730. Handle(00000000000004F0,"Mutant","\BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_10f0")
  731. Handle(00000000000004F4,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Tcpip\Performance")
  732. Handle(00000000000004F8,"Mutant","\BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_10f0")
  733. Handle(00000000000004FC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TermService\Performance")
  734. Handle(0000000000000500,"Mutant","\BaseNamedObjects\TermService_Perf_Library_Lock_PID_10f0")
  735. Handle(0000000000000504,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGatherer\Performance")
  736. Handle(0000000000000508,"Mutant","\BaseNamedObjects\UGatherer_Perf_Library_Lock_PID_10f0")
  737. Handle(000000000000050C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC\Performance")
  738. Handle(0000000000000510,"Mutant","\BaseNamedObjects\UGTHRSVC_Perf_Library_Lock_PID_10f0")
  739. Handle(0000000000000514,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\usbhub\Performance")
  740. Handle(0000000000000518,"Mutant","\BaseNamedObjects\usbhub_Perf_Library_Lock_PID_10f0")
  741. Handle(000000000000051C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0\Performance")
  742. Handle(0000000000000520,"Mutant","\BaseNamedObjects\Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_10f0")
  743. Handle(0000000000000524,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WmiApRpl\Performance")
  744. Handle(0000000000000528,"Mutant","\BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_10f0")
  745. Handle(000000000000052C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi\Performance")
  746. Handle(0000000000000530,"Mutant","\BaseNamedObjects\WSearchIdxPi_Perf_Library_Lock_PID_10f0")
  747. Handle(0000000000000534,"Mutant","\BaseNamedObjects\LOADPERF_MUTEX")
  748. Handle(0000000000000538,"Mutant","")
  749. Handle(000000000000053C,"Semaphore","")
  750. Handle(0000000000000540,"Section","")
  751. Handle(0000000000000544,"Token","")
  752. Handle(000000000000054C,"Thread","")
  753. Handle(0000000000000558,"ALPC Port","")
  754. Handle(000000000000055C,"Event","")
  755. Handle(0000000000000560,"Mutant","")
  756. Handle(0000000000000564,"Mutant","")
  757. Handle(0000000000000568,"Event","")
  758. Handle(000000000000056C,"Event","")
  759. Handle(0000000000000574,"Thread","")
  760. Stream 8: type CommentStreamW (11), size 00000108, RVA 00006AEA
  761. '
  762. *** procdump.exe -64 -c 15 -s 1 4336 WmiPrvSE1.dmp
  763. *** Process exceeded 15% CPU for 1 second. Thread consuming CPU: 9848 (0x2678)'
  764. Stream 9: type UnusedStream (0), size 00000000, RVA 00000000
  765. Stream 10: type UnusedStream (0), size 00000000, RVA 00000000
  766. Stream 11: type UnusedStream (0), size 00000000, RVA 00000000
  767.  
  768. Strings
  769.  
  770. India Standard Time
  771. India Daylight Time
  772. MqoLJ,
  773. C:\Windows\System32\wbem\WmiPrvSE.exe
  774. C:\Windows\System32\ntdll.dll
  775. C:\Windows\System32\kernel32.dll
  776. C:\Windows\System32\KERNELBASE.dll
  777. C:\Windows\System32\advapi32.dll
  778. C:\Windows\System32\msvcrt.dll
  779. C:\Windows\System32\sechost.dll
  780. C:\Windows\System32\rpcrt4.dll
  781. C:\Windows\System32\user32.dll
  782. C:\Windows\System32\gdi32.dll
  783. C:\Windows\System32\lpk.dll
  784. C:\Windows\System32\usp10.dll
  785. C:\Windows\System32\wbemcomn.dll
  786. C:\Windows\System32\oleaut32.dll
  787. C:\Windows\System32\ole32.dll
  788. C:\Windows\System32\ws2_32.dll
  789. C:\Windows\System32\nsi.dll
  790. C:\Windows\System32\wbem\fastprox.dll
  791. C:\Windows\System32\ntdsapi.dll
  792. C:\Windows\System32\ncobjapi.dll
  793. C:\Windows\System32\imm32.dll
  794. C:\Windows\System32\msctf.dll
  795. C:\Windows\System32\CRYPTBASE.dll
  796. C:\Windows\System32\ntmarta.dll
  797. C:\Windows\System32\Wldap32.dll
  798. C:\Windows\System32\clbcatq.dll
  799. C:\Windows\System32\cryptsp.dll
  800. C:\Windows\System32\rsaenh.dll
  801. C:\Windows\System32\RpcRtRemote.dll
  802. C:\Windows\System32\wbem\wbemsvc.dll
  803. C:\Windows\System32\wbem\wmiutils.dll
  804. C:\Windows\System32\wbem\cimwin32.dll
  805. C:\Windows\System32\framedynos.dll
  806. C:\Windows\System32\sspicli.dll
  807. C:\Windows\System32\wtsapi32.dll
  808. C:\Windows\System32\devobj.dll
  809. C:\Windows\System32\cfgmgr32.dll
  810. C:\Windows\System32\IPHLPAPI.DLL
  811. C:\Windows\System32\winnsi.dll
  812. C:\Windows\System32\dhcpcsvc.dll
  813. C:\Windows\System32\dhcpcsvc6.DLL
  814. C:\Windows\System32\winbrand.dll
  815. C:\Windows\System32\credssp.dll
  816. C:\Windows\System32\schannel.dll
  817. C:\Windows\System32\crypt32.dll
  818. C:\Windows\System32\msasn1.dll
  819. C:\Windows\System32\wkscli.dll
  820. C:\Windows\System32\cscapi.dll
  821. C:\Windows\System32\winsta.dll
  822. C:\Windows\System32\powrprof.dll
  823. C:\Windows\System32\setupapi.dll
  824. C:\Windows\System32\shell32.dll
  825. C:\Windows\System32\shlwapi.dll
  826. C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
  827. C:\Windows\System32\linkinfo.dll
  828. C:\Windows\System32\propsys.dll
  829. C:\Windows\System32\version.dll
  830. C:\Windows\System32\apphelp.dll
  831. C:\Windows\System32\profapi.dll
  832. C:\Windows\System32\userenv.dll
  833. C:\Windows\System32\perfos.dll
  834. C:\Windows\System32\wintrust.dll
  835. 3++S++
  836. 3++S++
  837. 3++S++
  838. 3++S++
  839. 3++S++
  840. 3++S++
  841. 3++S++
  842. 3++S++
  843. I\Proces 0
  844. 3++S++
  845. WmiPrvSE.pdb
  846. ntdll.pdb
  847. kernel32.pdb
  848. kernelbase.pdb
  849. advapi32.pdb
  850. msvcrt.pdb
  851. sechost.pdb
  852. RSDSE!JH
  853. rpcrt4.pdb
  854. user32.pdb
  855. gdi32.pdb
  856. lpk.pdb
  857. usp10.pdb
  858. Rr>nr@
  859. wbemcomn.pdb
  860. oleaut32.pdb
  861. ole32.pdb
  862. ws2_32.pdb
  863. RSDS=k
  864. nsi.pdb
  865. fastprox.pdb
  866. ntdsapi.pdb
  867. NCObjAPI.pdb
  868. imm32.pdb
  869. msctf.pdb
  870. cryptbase.pdb
  871. ntmarta.pdb
  872. wldap32.pdb
  873. CLBCatQ.pdb
  874. cryptsp.pdb
  875. rsaenh.pdb
  876. RpcRtRemote.pdb
  877. wbemsvc.pdb
  878. wmiutils.pdb
  879. cimwin32.pdb
  880. RSDSO9
  881. framedynos.pdb
  882. sspicli.pdb
  883. wtsapi32.pdb
  884. devobj.pdb
  885. cfgmgr32.pdb
  886. iphlpapi.pdb
  887. winnsi.pdb
  888. dhcpcsvc.pdb
  889. dhcpcsvc6.pdb
  890. winbrand.pdb
  891. credssp.pdb
  892. schannel.pdb
  893. crypt32.pdb
  894. msasn1.pdb
  895. wkscli.pdb
  896. cscapi.pdb
  897. winsta.pdb
  898. powrprof.pdb
  899. setupapi.pdb
  900. shell32.pdb
  901. shlwapi.pdb
  902. comctl32.pdb
  903. linkinfo.pdb
  904. propsys.pdb
  905. version.pdb
  906. apphelp.pdb
  907. profapi.pdb
  908. userenv.pdb
  909. perfos.pdb
  910. wintrust.pdb
  911. *** procdump.exe -64 -c 15 -s 1 4336 WmiPrvSE1.dmp
  912. *** Process exceeded 15% CPU for 1 second. Thread consuming CPU: 9848 (0x2678)
  913. .?AVexception@@
  914. .?AVbad_alloc@std@@
  915. .?AVlogic_error@std@@
  916. .?AVlength_error@std@@
  917. .?AVout_of_range@std@@
  918. wmiprvse.exe
  919. C:\Windows\system32\
  920. .?AVCX_Exception@@
  921. .?AVCX_MemoryException@@
  922. .?AVexception@@
  923. .?AVlogic_error@std@@
  924. .?AVlength_error@std@@
  925. .?AVout_of_range@std@@
  926. .?AVSafeIntException@@
  927. .?AVbad_alloc@std@@
  928. NT AUTHORITY
  929. certificate
  930. Schannel
  931. C:\Windows\Registration
  932. C:\Windows\system32\emptyregdb.dat
  933. C:\Windows\Registration
  934. .?AUISimpleTableControl@@
  935. .?AUISimpleTableRead@@
  936. .?AUISimpleTableWrite@@
  937. .?AUISimpleLogicTableDispenser@@
  938. .?AUIUnknown@@
  939. .?AUIClassFactory@@
  940. .?AVCLTBase@@
  941. .?AVCSLTComsClient@@
  942. .?AVCSLTComs@@
  943. SOFTWARE\Classes\CLSID
  944. InprocServer32
  945. ThreadingModel
  946. .?AUISimpleTableMarshall@@
  947. .?AVCSimpleDataTableCursor@@
  948. .?AVCSLTShapeless@@
  949. .?AVCNonFailFastingAllocator@@
  950. .?AV?$EnumMap@U_GUID@@HVHashGUID@@VCNonFailFastingAllocator@@@@
  951. .?AVEnum@@
  952. 0123456789abcdef
  953. C:\Windows\system32\WBEM\Logs\
  954. .?AVCX_Exception@@
  955. .?AVCX_MemoryException@@
  956. .?AVComException@@
  957. .?AVSafeIntException@@
  958. .?AVCX_VarVectorException@@
  959. .?AVexception@@
  960. .?AVlogic_error@std@@
  961. .?AVlength_error@std@@
  962. .?AVout_of_range@std@@
  963. .?AVbad_alloc@std@@
  964. .?AV_com_error@@
  965. .?AVCCscNetApiInterface@@
  966. .?AVCCscNetApiInterfaceV1@@
  967. dwmapi.dll
  968. dxgi.dll
  969. dwmapi.dll
  970. dxgi.dll
  971. dwmapi.dll
  972. NETAPI32.DLL
  973. DSROLE.DLL
  974. SCHEDCLI.DLL
  975. BROWCLI.DLL
  976. LOGONCLI.DLL
  977. netutils.dll
  978. srvcli.dll
  979. SAMCLI.DLL
  980. netutils.dll
  981. shdocvw.dll
  982. dxgi.dll
  983. y(~~r'
  984. lA<>6+A
  985. .~~r'2`|%:
RAW Paste Data