Listdlls.exe
- File Path:
C:\SysinternalsSuite\Listdlls.exe
- Description: Listdlls
Hashes
| Type |
Hash |
| MD5 |
60A2331A2B28968585C7C7229D2424A8 |
| SHA1 |
FBAC538166D61B4F10DB934BD4BC1B86C81E56FB |
| SHA256 |
B0F6800B2BB4C86E091120E9087C75F9B1B3E46B89CF65744D65CF5AB01FD385 |
| SHA384 |
1632CED4486E32BC117EB35D9C80BD6E99FCEE5013A9073FE2F611297BE50EF139826A6A38F2433B9E44E1603D3ADEAA |
| SHA512 |
159542A30195F58A6957D70282BD2DFF79708BD2228EBEBF7DB48E25D80E68EA17714B518A029D2E21ACF564D37982B43850249C944E99CE1B38864FFA00B009 |
| SSDEEP |
6144:IejqfgaIqi0N5fZC9kqf7Uxv9VYO1s+rTiMCOoRb0pyeZ7:IinaIqi07C7krtxnkmB |
| IMP |
89D7B24BD25C29C0F3B867880CCC6D9A |
| PESHA1 |
625F8D98D11F3EC383DEF8F7E4AD3A7A37BCCF32 |
| PE256 |
46FC26BB10D02AC2348B254A89B2D37A4D94ECE1AFFDABF9A4AB38BF1E0AECBC |
Runtime Data
Usage (stdout):
Listdlls v3.2 - Listdlls
Copyright (C) 1997-2016 Mark Russinovich
Sysinternals
Error opening System(4):
Access is denied.
Error opening Registry(124):
Access is denied.
Error opening smss.exe(428):
Access is denied.
Error opening csrss.exe(528):
Access is denied.
Error opening wininit.exe(600):
Access is denied.
Error opening services.exe(644):
Access is denied.
------------------------------------------------------------------------------
lsass.exe pid: 664
Command line: C:\Windows\system32\lsass.exe
Base Size Path
0x0000000036210000 0x12000 C:\Windows\system32\lsass.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000a9e00000 0x19d000 C:\Windows\system32\lsasrv.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000aab10000 0x56000 C:\Windows\System32\WLDAP32.dll
0x00000000aa0a0000 0x3c000 C:\Windows\system32\SspiCli.dll
0x00000000a9de0000 0x12000 C:\Windows\system32\MSASN1.dll
0x00000000a9d00000 0xdb000 C:\Windows\SYSTEM32\samsrv.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a9cd0000 0x27000 C:\Windows\system32\ncrypt.dll
0x00000000a9c90000 0x3b000 C:\Windows\system32\NTASN1.dll
0x00000000a9c60000 0x2c000 C:\Windows\system32\Wldp.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptprimitives.dll
0x00000000f63a0000 0x3000 C:\Windows\system32\msprivs.DLL
0x00000000a9c40000 0x15000 C:\Windows\SYSTEM32\netprovfw.dll
0x00000000a9c10000 0x2b000 C:\Windows\system32\JOINUTIL.DLL
0x00000000a9be0000 0x26000 C:\Windows\system32\negoexts.DLL
0x00000000a9bc0000 0x18000 C:\Windows\system32\CRYPTSP.dll
0x00000000a9bb0000 0xc000 C:\Windows\system32\CRYPTBASE.dll
0x00000000a9aa0000 0x10b000 C:\Windows\system32\kerberos.DLL
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a9a70000 0x2c000 C:\Windows\system32\KerbClientShared.dll
0x00000000a9a50000 0x15000 C:\Windows\system32\cryptdll.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a9950000 0x8a000 C:\Windows\system32\msv1_0.DLL
0x00000000a9930000 0x13000 C:\Windows\system32\NtlmShared.dll
0x00000000a9850000 0xda000 C:\Windows\system32\netlogon.DLL
0x00000000aa0e0000 0x2e000 C:\Windows\system32\USERENV.dll
0x00000000a9800000 0x42000 C:\Windows\system32\logoncli.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a97a0000 0xe000 C:\Windows\system32\gmsaclient.dll
0x00000000a9790000 0xc000 C:\Windows\system32\netutils.dll
0x00000000a96c0000 0xcb000 C:\Windows\system32\DNSAPI.dll
0x00000000a9680000 0x3b000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a9660000 0x12000 C:\Windows\system32\UMPDC.dll
0x00000000a9630000 0x2c000 C:\Windows\system32\tspkg.DLL
0x00000000a95e0000 0x4e000 C:\Windows\system32\pku2u.DLL
0x00000000a9550000 0x8e000 C:\Windows\system32\cloudAP.DLL
0x00000000aa120000 0x26000 C:\Windows\system32\profapi.dll
0x00000000a9450000 0xf8000 C:\Windows\SYSTEM32\aadcloudap.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a9430000 0x17000 C:\Windows\SYSTEM32\wkscli.dll
0x00000000a93a0000 0x8a000 C:\Windows\SYSTEM32\msvcp110_win.dll
0x00000000a9350000 0x4a000 C:\Windows\SYSTEM32\MicrosoftAccountCloudAP.dll
0x00000000a9340000 0xa000 C:\Windows\SYSTEM32\DPAPI.DLL
0x00000000a9300000 0x34000 C:\Windows\system32\rsaenh.dll
0x00000000a92c0000 0x3c000 C:\Windows\system32\wdigest.DLL
0x00000000a9220000 0x91000 C:\Windows\system32\schannel.DLL
0x00000000a9200000 0x1c000 C:\Windows\system32\efslsaext.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000a91c0000 0x3f000 C:\Windows\system32\dpapisrv.dll
0x00000000a91b0000 0xc000 C:\Windows\SYSTEM32\SspiSrv.dll
0x00000000a9070000 0xc000 C:\Windows\system32\KDCPW.DLL
0x00000000a9010000 0x5a000 C:\Windows\system32\scecli.DLL
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\winsta.dll
0x00000000a2590000 0x1b000 C:\Windows\system32\keyiso.dll
0x00000000a25f0000 0x5a000 C:\Windows\system32\NCRYPTPROV.DLL
0x00000000a90c0000 0x4c000 C:\Windows\system32\AUTHZ.dll
0x00000000a7300000 0x65000 C:\Windows\SYSTEM32\wevtapi.dll
0x00000000a4630000 0x42000 C:\Windows\System32\ngcpopkeysrv.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a9fa0000 0x2c000 C:\Windows\system32\DEVOBJ.dll
0x00000000a0d90000 0x117000 C:\Windows\system32\PCPKsp.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a4d90000 0x1b000 C:\Windows\system32\tbs.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x0000000097c60000 0x26000 C:\Windows\system32\ncryptsslp.dll
0x0000000097b60000 0x28000 C:\Windows\system32\dssenh.dll
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x00000000978d0000 0x15000 C:\Windows\SYSTEM32\mskeyprotect.dll
0x00000000984f0000 0x21000 C:\Windows\System32\SecureTimeAggregator.dll
0x00000000a73e0000 0xa000 C:\Windows\system32\DSROLE.dll
0x00000000985f0000 0x31000 C:\Windows\System32\cryptnet.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x000000009d4f0000 0x1d000 C:\Windows\system32\MPR.dll
0x0000000088680000 0x60000 C:\Windows\System32\vaultsvc.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000a5e00000 0xc000 C:\Windows\system32\Secur32.dll
0x00000000a4ab0000 0x19000 C:\Windows\system32\efssvc.dll
0x0000000097520000 0x124000 C:\Windows\system32\EFSCORE.dll
0x00000000963c0000 0x100000 C:\Windows\system32\WINHTTP.dll
0x000000008b340000 0x2af000 C:\Windows\system32\iertutil.dll
0x00000000a0c90000 0x29000 C:\Windows\system32\edpauditapi.dll
0x0000000083f60000 0x11b000 C:\Windows\SYSTEM32\tdh.dll
0x00000000a0c70000 0x17000 C:\Windows\SYSTEM32\efsext.dll
0x00000000aacd0000 0x741000 C:\Windows\System32\SHELL32.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\USER32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x0000000083db0000 0x1ae000 C:\Windows\system32\DUI70.dll
0x00000000a0c50000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x00000000a01e0000 0x14000 C:\Windows\SYSTEM32\wtsapi32.dll
0x00000000974a0000 0x72000 C:\Windows\system32\cryptngc.dll
0x00000000a0b80000 0x43000 C:\Windows\SYSTEM32\feclient.dll
0x00000000a0c30000 0x12000 C:\Windows\system32\EFSUTIL.dll
0x0000000089a40000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
------------------------------------------------------------------------------
svchost.exe pid: 776
Command line: C:\Windows\system32\svchost.exe -k DcomLaunch -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\system32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000a8f10000 0x25000 c:\windows\system32\umpnpmgr.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a8ed0000 0x32000 c:\windows\system32\umpo.dll
0x00000000a9660000 0x12000 c:\windows\system32\UMPDC.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a8e20000 0x7000 C:\Windows\system32\wshhyperv.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8ca0000 0x14b000 c:\windows\system32\rpcss.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000aa0a0000 0x3c000 c:\windows\system32\SspiCli.dll
0x00000000a8c10000 0x42000 c:\windows\system32\psmsrv.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000a8b10000 0xd4000 c:\windows\system32\lsm.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\USER32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a8ae0000 0x2f000 c:\windows\system32\dwmapi.dll
0x00000000a8a10000 0xc1000 C:\Windows\SYSTEM32\psmserviceexthost.dll
0x00000000a9680000 0x3b000 c:\windows\system32\IPHLPAPI.DLL
0x00000000a89e0000 0x2a000 c:\windows\system32\RMCLIENT.dll
0x00000000a8900000 0xda000 c:\windows\system32\wer.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a8830000 0xd0000 C:\Windows\SYSTEM32\bisrv.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a9fd0000 0x19000 c:\windows\system32\EventAggregation.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a8810000 0x14000 c:\windows\system32\ResourcePolicyClient.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000a8800000 0xc000 c:\windows\system32\SYSNTFY.dll
0x00000000a8700000 0xf3000 C:\Windows\SYSTEM32\dxgi.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a86e0000 0x11000 C:\Windows\SYSTEM32\embeddedmodesvcapi.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000aa0e0000 0x2e000 C:\Windows\System32\Userenv.dll
0x00000000a9fa0000 0x2c000 c:\windows\system32\DEVOBJ.dll
0x00000000a86b0000 0x26000 C:\Windows\SYSTEM32\resourcepolicyserver.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\CRYPTSP.dll
0x00000000a8660000 0x43000 c:\windows\system32\systemeventsbrokerserver.dll
0x00000000a8620000 0x40000 c:\windows\system32\BrokerLib.dll
0x00000000a85f0000 0x21000 c:\windows\system32\DAB.dll
0x00000000a8410000 0x11000 C:\Windows\system32\lsmproxy.dll
0x00000000a8290000 0xc000 C:\Windows\SYSTEM32\bi.dll
0x00000000a9bb0000 0xc000 C:\Windows\SYSTEM32\CRYPTBASE.DLL
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x00000000a9300000 0x34000 C:\Windows\system32\rsaenh.dll
0x00000000a6460000 0x19000 c:\windows\system32\samcli.dll
0x00000000a5920000 0x24000 c:\windows\system32\SAMLIB.dll
0x00000000a6b10000 0x14000 C:\Windows\SYSTEM32\wtsapi32.dll
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\WINSTA.dll
0x00000000aa120000 0x26000 c:\windows\system32\profapi.dll
0x00000000a1760000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
0x00000000a6ad0000 0xb000 C:\Windows\SYSTEM32\WINNSI.DLL
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x000000009a2a0000 0x20000 C:\Windows\System32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
0x000000009a1f0000 0x35000 C:\Windows\System32\ACPBackgroundManagerPolicy.dll
0x000000009a1d0000 0x16000 C:\Windows\System32\BackgroundMediaPolicy.dll
0x000000009a280000 0x16000 C:\Windows\system32\SmartCardBackgroundPolicy.dll
0x0000000099da0000 0x13000 C:\Windows\system32\SebBackgroundManagerPolicy.dll
0x00000000a0880000 0x207000 C:\Windows\System32\twinapi.appcore.dll
0x00000000ab420000 0x129000 C:\Windows\System32\ole32.dll
0x00000000ac5d0000 0x79000 C:\Windows\System32\coml2.dll
0x0000000099ac0000 0x7d000 C:\Windows\System32\OneCoreCommonProxyStub.dll
0x00000000995e0000 0x18000 C:\Windows\system32\execmodelproxy.dll
0x000000009d3d0000 0x59000 C:\Windows\System32\execmodelclient.dll
0x00000000a3240000 0xf2000 C:\Windows\System32\CoreMessaging.dll
0x00000000a79a0000 0xf7000 C:\Windows\System32\PROPSYS.dll
0x0000000093e40000 0x1d000 C:\Windows\SYSTEM32\licensemanagerapi.dll
0x0000000093de0000 0x51000 C:\Windows\SYSTEM32\capauthz.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000a9de0000 0x12000 C:\Windows\System32\MSASN1.dll
0x00000000a2340000 0x11000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
0x000000009ec90000 0x90000 C:\Windows\system32\apphelp.dll
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000a93a0000 0x8a000 C:\Windows\System32\msvcp110_win.dll
0x00000000a5050000 0x54000 C:\Windows\System32\usermgrproxy.dll
0x000000009c360000 0x588000 C:\Windows\System32\StartTileData.dll
0x00000000ac570000 0x55000 C:\Windows\System32\shlwapi.dll
0x00000000a3990000 0x793000 C:\Windows\SYSTEM32\windows.storage.dll
0x000000009d450000 0x5a000 C:\Windows\System32\Bcp47Langs.dll
0x000000009b190000 0x1f4000 C:\Windows\System32\Windows.CloudStore.dll
0x00000000a29e0000 0x1ed000 C:\Windows\System32\urlmon.dll
0x00000000a2730000 0x2af000 C:\Windows\System32\iertutil.dll
0x00000000977a0000 0x37000 C:\Windows\System32\AppExtension.dll
0x00000000a50b0000 0xfb000 C:\Windows\System32\AppXDeploymentClient.dll
0x000000009a7b0000 0x146000 C:\Windows\System32\Windows.StateRepositoryPS.dll
0x0000000096a20000 0xeb000 C:\Windows\System32\Windows.CloudStore.Schema.Shell.dll
0x00000000a9340000 0xa000 C:\Windows\System32\DPAPI.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a5e00000 0xc000 C:\Windows\system32\Secur32.dll
------------------------------------------------------------------------------
fontdrvhost.exe pid: 812
Command line: "fontdrvhost.exe"
Base Size Path
0x00000000d0bc0000 0xd2000 C:\Windows\system32\fontdrvhost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
------------------------------------------------------------------------------
svchost.exe pid: 844
Command line: C:\Windows\system32\svchost.exe -k RPCSS -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\system32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000a8c80000 0x19000 c:\windows\system32\rpcepmap.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000aa0a0000 0x3c000 C:\Windows\system32\sspicli.dll
0x00000000a8c60000 0x13000 C:\Windows\system32\RpcRtRemote.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000a8ca0000 0x14b000 c:\windows\system32\rpcss.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a8e30000 0x94000 C:\Windows\system32\FirewallAPI.dll
0x00000000a96c0000 0xcb000 C:\Windows\system32\DNSAPI.dll
0x00000000a9680000 0x3b000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a8df0000 0x2f000 C:\Windows\system32\fwbase.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a9660000 0x12000 C:\Windows\SYSTEM32\UMPDC.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a8e20000 0x7000 C:\Windows\system32\wshhyperv.dll
0x00000000a6890000 0x7f000 C:\Windows\system32\fwpuclnt.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a6b10000 0x14000 C:\Windows\SYSTEM32\wtsapi32.dll
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\WINSTA.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x00000000a2340000 0x11000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
0x0000000093de0000 0x51000 C:\Windows\SYSTEM32\capauthz.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a9de0000 0x12000 C:\Windows\SYSTEM32\MSASN1.dll
------------------------------------------------------------------------------
svchost.exe pid: 968
Command line: C:\Windows\system32\svchost.exe -k netsvcs -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\system32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000aa0e0000 0x2e000 c:\windows\system32\USERENV.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a9660000 0x12000 C:\Windows\SYSTEM32\UMPDC.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a8430000 0x3e000 C:\Windows\System32\netprofm.dll
0x00000000a7850000 0x142000 c:\windows\system32\gpsvc.dll
0x00000000a8800000 0xc000 c:\windows\system32\SYSNTFY.dll
0x00000000a7730000 0x1d000 c:\windows\system32\nlaapi.dll
0x00000000a9680000 0x3b000 c:\windows\system32\IPHLPAPI.DLL
0x00000000a76b0000 0x7b000 c:\windows\system32\profsvc.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aa120000 0x26000 c:\windows\system32\profapi.dll
0x00000000a7460000 0x17000 c:\windows\system32\themeservice.dll
0x00000000a73e0000 0xa000 c:\windows\system32\DSROLE.dll
0x00000000a7370000 0x32000 C:\Windows\SYSTEM32\profsvcext.dll
0x00000000aab10000 0x56000 C:\Windows\System32\WLDAP32.dll
0x00000000a9800000 0x42000 c:\windows\system32\logoncli.dll
0x00000000a9430000 0x17000 c:\windows\system32\wkscli.dll
0x00000000a9790000 0xc000 c:\windows\system32\netutils.dll
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\winsta.dll
0x00000000a89e0000 0x2a000 C:\Windows\SYSTEM32\rmclient.dll
0x00000000a72e0000 0x18000 c:\windows\system32\sens.dll
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a6d80000 0xcc000 c:\windows\system32\schedsvc.dll
0x00000000a6c30000 0x4a000 c:\windows\system32\UBPM.dll
0x00000000a9fd0000 0x19000 c:\windows\system32\EventAggregation.dll
0x00000000aa0a0000 0x3c000 C:\Windows\System32\SspiCli.dll
0x00000000a90c0000 0x4c000 c:\windows\system32\AUTHZ.dll
0x00000000a6bf0000 0x11000 c:\windows\system32\WMICLNT.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a67d0000 0x6b000 C:\Windows\system32\taskcomp.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\cryptsp.dll
0x00000000a6aa0000 0xa000 c:\windows\system32\CSystemEventsBrokerClient.dll
0x00000000a65e0000 0x86000 c:\windows\system32\sessenv.dll
0x00000000a9010000 0x5a000 c:\windows\system32\SCECLI.dll
0x00000000a5ab0000 0x108000 c:\windows\system32\DismApi.DLL
0x00000000ab420000 0x129000 C:\Windows\System32\OLE32.dll
0x00000000a6460000 0x19000 c:\windows\system32\samcli.dll
0x00000000a6450000 0xa000 c:\windows\system32\VERSION.dll
0x00000000a6440000 0xe000 c:\windows\system32\TimeBrokerClient.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a5c00000 0x1a000 C:\Windows\system32\RdvVmTransport.dll
0x00000000a7480000 0xa000 C:\Windows\system32\vmbuspipe.dll
0x00000000a9fa0000 0x2c000 C:\Windows\system32\DEVOBJ.dll
0x00000000a9de0000 0x12000 C:\Windows\System32\MSASN1.dll
0x00000000a6290000 0x2f000 C:\Windows\SYSTEM32\WPTaskScheduler.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a6b10000 0x14000 C:\Windows\SYSTEM32\wtsapi32.dll
0x00000000a85e0000 0x8000 c:\windows\system32\DABAPI.dll
0x00000000a9300000 0x34000 C:\Windows\system32\rsaenh.dll
0x00000000a5e20000 0x171000 c:\windows\system32\usermgr.dll
0x00000000aba30000 0xae000 C:\Windows\System32\SHCORE.dll
0x00000000a5950000 0x156000 C:\Windows\SYSTEM32\wintypes.dll
0x00000000a5920000 0x24000 c:\windows\system32\SAMLIB.dll
0x00000000a50b0000 0xfb000 c:\windows\system32\AppXDeploymentClient.dll
0x00000000a9bb0000 0xc000 C:\Windows\system32\CRYPTBASE.dll
0x00000000a5050000 0x54000 C:\Windows\System32\usermgrproxy.dll
0x00000000a5de0000 0x10000 C:\Windows\System32\npmproxy.dll
0x00000000a7300000 0x65000 C:\Windows\SYSTEM32\wevtapi.dll
0x00000000a79a0000 0xf7000 C:\Windows\System32\PROPSYS.dll
0x00000000ac570000 0x55000 C:\Windows\System32\shlwapi.dll
0x00000000aacd0000 0x741000 C:\Windows\System32\SHELL32.dll
0x00000000a3990000 0x793000 C:\Windows\SYSTEM32\windows.storage.dll
0x00000000a4d40000 0x40000 c:\windows\system32\wbem\wmisvc.dll
0x00000000a3900000 0x86000 C:\Windows\SYSTEM32\wbemcomn.dll
0x00000000a3440000 0x108000 c:\windows\system32\ikeext.dll
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a6890000 0x7f000 c:\windows\system32\fwpuclnt.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000a2ff0000 0x26000 c:\windows\system32\NetSetupApi.dll
0x00000000a9340000 0xa000 C:\Windows\System32\DPAPI.dll
0x00000000a2f90000 0x40000 c:\windows\system32\wpnservice.dll
0x00000000a9cd0000 0x27000 c:\windows\system32\ncrypt.dll
0x00000000a9c90000 0x3b000 c:\windows\system32\NTASN1.dll
0x00000000a2ea0000 0xd4000 c:\windows\system32\iphlpsvc.dll
0x00000000a6ad0000 0xb000 c:\windows\system32\WINNSI.DLL
0x00000000a8e30000 0x94000 c:\windows\system32\FirewallAPI.dll
0x00000000a96c0000 0xcb000 c:\windows\system32\DNSAPI.dll
0x00000000a8df0000 0x2f000 c:\windows\system32\fwbase.dll
0x00000000a7ad0000 0x36000 C:\Windows\System32\XmlLite.dll
0x00000000a2bd0000 0x174000 C:\Windows\System32\wpncore.dll
0x00000000a66d0000 0x100000 C:\Windows\System32\WINHTTP.dll
0x00000000a29e0000 0x1ed000 C:\Windows\System32\urlmon.dll
0x00000000a2730000 0x2af000 C:\Windows\System32\iertutil.dll
0x00000000a2650000 0xdb000 C:\Windows\System32\winsqlite3.dll
0x00000000a6420000 0x17000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL
0x00000000a1f20000 0x23000 C:\Windows\system32\httpprxm.dll
0x00000000a1f00000 0x1e000 C:\Windows\system32\adhsvc.dll
0x00000000a25f0000 0x5a000 C:\Windows\system32\ncryptprov.dll
0x00000000a6c10000 0x1d000 C:\Windows\SYSTEM32\dhcpcsvc.DLL
0x00000000a1760000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
0x00000000a8380000 0x9000 C:\Windows\SYSTEM32\httpprxc.dll
0x00000000a2360000 0x51000 c:\windows\system32\srvsvc.dll
0x00000000a1fc0000 0x29000 C:\Windows\System32\Cabinet.dll
0x00000000a22c0000 0x11000 C:\Windows\system32\SSCORE.DLL
0x00000000a2170000 0x9000 C:\Windows\SYSTEM32\sscoreext.dll
0x00000000a5320000 0x41000 c:\windows\system32\FWPolicyIOMgr.dll
0x00000000a2110000 0x23000 C:\Windows\system32\mi.dll
0x00000000a20b0000 0x60000 C:\Windows\system32\miutils.dll
0x00000000a2070000 0x31000 C:\Windows\system32\wmidcom.dll
0x00000000a0fc0000 0x9c000 C:\Windows\system32\RESUTILS.DLL
0x00000000a0eb0000 0x108000 C:\Windows\system32\CLUSAPI.dll
0x00000000a3040000 0x19c000 C:\Windows\SYSTEM32\vssapi.dll
0x00000000a2fd0000 0x18000 C:\Windows\SYSTEM32\VssTrace.DLL
0x00000000a0550000 0x1de000 C:\Windows\system32\wbem\wbemcore.dll
0x00000000a10a0000 0x7d000 C:\Windows\system32\wbem\esscli.dll
0x00000000a1120000 0x10b000 C:\Windows\system32\wbem\FastProx.dll
0x00000000a2180000 0x14000 C:\Windows\system32\wbem\wbemsvc.dll
0x00000000a31e0000 0x28000 C:\Windows\system32\wbem\wmiutils.dll
0x00000000a1f50000 0x6a000 C:\Windows\system32\wbem\repdrvfs.dll
0x00000000a2150000 0x17000 C:\Windows\SYSTEM32\amsi.dll
0x00000000a0470000 0xd7000 C:\Windows\system32\wbem\wmiprvsd.dll
0x00000000a2000000 0x18000 C:\Windows\SYSTEM32\NCObjAPI.DLL
0x00000000a03e0000 0x83000 C:\Windows\system32\wbem\wbemess.dll
0x00000000a4de0000 0x90000 c:\windows\system32\usosvc.dll
0x00000000a5fd0000 0x37000 c:\windows\system32\UpdatePolicy.dll
0x00000000a55b0000 0x9000 C:\Windows\system32\DmIso8601Utils.DLL
0x00000000a6410000 0xa000 C:\Windows\System32\rasadhlp.dll
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000a93a0000 0x8a000 c:\windows\system32\msvcp110_win.dll
0x00000000a4810000 0xc3000 C:\Windows\System32\Windows.Web.dll
0x00000000a48e0000 0xb8000 C:\Windows\System32\Windows.Networking.Connectivity.dll
0x00000000a5fa0000 0x11000 C:\Windows\System32\dusmapi.dll
0x00000000a4190000 0x9d000 C:\Windows\System32\webio.dll
0x00000000a0880000 0x207000 C:\Windows\SYSTEM32\twinapi.appcore.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x00000000a9ff0000 0xa2000 C:\Windows\SYSTEM32\sxs.dll
0x00000000a9220000 0x91000 C:\Windows\system32\schannel.DLL
0x0000000097c90000 0x17c000 c:\windows\system32\tokenbroker.dll
0x0000000097b90000 0x13000 c:\windows\system32\TOKENBINDING.dll
0x00000000977e0000 0xe7000 C:\Windows\System32\Windows.ApplicationModel.dll
0x0000000099ac0000 0x7d000 C:\Windows\System32\OneCoreCommonProxyStub.dll
0x00000000978d0000 0x15000 C:\Windows\SYSTEM32\mskeyprotect.dll
0x00000000985f0000 0x31000 C:\Windows\system32\cryptnet.dll
0x00000000a2490000 0xf4000 C:\Windows\SYSTEM32\mrmcorer.dll
0x00000000a2340000 0x11000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
0x00000000965d0000 0x2d000 C:\Windows\SYSTEM32\bcp47mrm.dll
0x0000000096520000 0x2d000 C:\Windows\SYSTEM32\languageoverlayutil.dll
0x0000000097c60000 0x26000 C:\Windows\system32\ncryptsslp.dll
0x000000009dcc0000 0x21000 C:\Windows\system32\wbem\ncprov.dll
0x00000000ac5d0000 0x79000 C:\Windows\System32\coml2.dll
0x0000000098140000 0x10000 c:\windows\system32\OnDemandBrokerClient.dll
0x000000009d8d0000 0x1b4000 C:\Windows\system32\windowscodecs.dll
0x00000000964c0000 0x51000 C:\Windows\System32\vaultcli.dll
0x000000009b400000 0x2b000 C:\Windows\System32\IDStore.dll
0x0000000097300000 0xa9000 C:\Windows\System32\wlidprov.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a5e00000 0xc000 C:\Windows\system32\Secur32.dll
------------------------------------------------------------------------------
svchost.exe pid: 984
Command line: C:\Windows\System32\svchost.exe -k NetworkService
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\System32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a8470000 0x11a000 c:\windows\system32\termsrv.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a9660000 0x12000 c:\windows\system32\UMPDC.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a8410000 0x11000 C:\Windows\system32\lsmproxy.dll
0x00000000a89e0000 0x2a000 C:\Windows\SYSTEM32\rmclient.dll
0x00000000aa0a0000 0x3c000 C:\Windows\System32\sspicli.dll
0x00000000a82a0000 0x3b000 c:\windows\system32\REGAPI.dll
0x00000000a80f0000 0x192000 C:\Windows\system32\rdpcorets.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a9680000 0x3b000 C:\Windows\system32\IPHLPAPI.DLL
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000aa0e0000 0x2e000 C:\Windows\system32\USERENV.dll
0x00000000a80e0000 0xe000 C:\Windows\system32\rfxvmt.dll
0x00000000a8700000 0xf3000 C:\Windows\system32\dxgi.dll
0x00000000a7f60000 0x173000 C:\Windows\system32\RDPBASE.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a9bb0000 0xc000 C:\Windows\system32\CRYPTBASE.dll
0x00000000a90c0000 0x4c000 C:\Windows\system32\AUTHZ.dll
0x00000000a9bc0000 0x18000 C:\Windows\system32\CRYPTSP.dll
0x00000000a9cd0000 0x27000 C:\Windows\system32\ncrypt.dll
0x00000000a9340000 0xa000 C:\Windows\system32\DPAPI.DLL
0x00000000a7da0000 0x1c0000 C:\Windows\system32\RDPSERVERBASE.dll
0x00000000a7b30000 0x263000 C:\Windows\system32\d3d11.dll
0x00000000a7b10000 0x11000 C:\Windows\system32\tlscsp.dll
0x00000000a7ac0000 0x10000 C:\Windows\system32\websocket.dll
0x00000000a9c90000 0x3b000 C:\Windows\system32\NTASN1.dll
0x00000000a7aa0000 0x18000 C:\Windows\System32\umb.dll
0x00000000a79a0000 0xf7000 C:\Windows\system32\PROPSYS.dll
0x00000000ac100000 0x467000 C:\Windows\System32\SETUPAPI.dll
0x00000000a9fa0000 0x2c000 C:\Windows\System32\DEVOBJ.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000a9de0000 0x12000 C:\Windows\System32\MSASN1.dll
0x00000000a7480000 0xa000 C:\Windows\System32\vmbuspipe.dll
0x00000000a8fb0000 0x5a000 C:\Windows\System32\winsta.dll
0x00000000a9300000 0x34000 C:\Windows\system32\rsaenh.dll
0x00000000aa120000 0x26000 C:\Windows\System32\profapi.dll
0x00000000a0040000 0x84000 C:\Windows\system32\MF.dll
0x000000009fbb0000 0x48b000 C:\Windows\System32\MFCORE.DLL
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a47f0000 0x9000 C:\Windows\System32\ksuser.dll
0x000000009f9f0000 0x1bb000 C:\Windows\system32\MFPlat.dll
0x00000000a4420000 0x30000 C:\Windows\System32\RTWorkQ.DLL
0x000000009f950000 0x94000 C:\Windows\System32\mfh264enc.dll
0x000000009ed20000 0x49000 C:\Windows\SYSTEM32\pdh.dll
0x00000000ab420000 0x129000 C:\Windows\System32\OLE32.dll
0x00000000ac5d0000 0x79000 C:\Windows\System32\coml2.dll
0x00000000a9ff0000 0xa2000 C:\Windows\SYSTEM32\sxs.dll
------------------------------------------------------------------------------
svchost.exe pid: 1020
Command line: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\System32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a83a0000 0x62000 c:\windows\system32\ncbservice.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a9680000 0x3b000 c:\windows\system32\IPHLPAPI.DLL
0x00000000a8620000 0x40000 c:\windows\system32\BrokerLib.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a8390000 0xd000 c:\windows\system32\SystemEventsBrokerClient.dll
0x00000000a9660000 0x12000 C:\Windows\SYSTEM32\UMPDC.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a8340000 0x39000 C:\Windows\SYSTEM32\windows.devices.radios.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a8320000 0x1f000 C:\Windows\system32\BthRadioMedia.dll
0x00000000a9fa0000 0x2c000 C:\Windows\system32\DEVOBJ.dll
0x00000000a8380000 0x9000 C:\Windows\SYSTEM32\httpprxc.dll
0x00000000aa0a0000 0x3c000 c:\windows\system32\SspiCli.dll
0x00000000a82e0000 0x37000 C:\Windows\SYSTEM32\bluetoothapis.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a8290000 0xc000 C:\Windows\SYSTEM32\bi.dll
0x00000000a8430000 0x3e000 C:\Windows\System32\netprofm.dll
0x00000000a7750000 0xfb000 c:\windows\system32\sysmain.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a70b0000 0xbf000 c:\windows\system32\audioendpointbuilder.dll
0x00000000a6fe0000 0x85000 c:\windows\system32\MMDevAPI.DLL
0x00000000a6ec0000 0x67000 c:\windows\system32\umrdp.dll
0x00000000a7aa0000 0x18000 C:\Windows\System32\umb.dll
0x00000000ac100000 0x467000 C:\Windows\System32\SETUPAPI.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a6b10000 0x14000 C:\Windows\SYSTEM32\wtsapi32.dll
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\WINSTA.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a9de0000 0x12000 C:\Windows\System32\MSASN1.dll
0x00000000a79a0000 0xf7000 C:\Windows\system32\propsys.dll
0x00000000a5de0000 0x10000 C:\Windows\System32\npmproxy.dll
0x00000000a4d10000 0x22000 c:\windows\system32\trkwks.dll
0x000000009b120000 0x4e000 C:\Windows\System32\rdpendp.dll
0x00000000ab420000 0x129000 C:\Windows\System32\OLE32.dll
0x00000000a6010000 0x8e000 c:\windows\system32\WINSPOOL.DRV
0x000000009a6f0000 0xb4000 C:\Windows\System32\printui.dll
0x00000000aacd0000 0x741000 C:\Windows\System32\SHELL32.dll
0x00000000ac570000 0x55000 C:\Windows\System32\SHLWAPI.dll
0x000000009d350000 0x36000 C:\Windows\System32\puiapi.dll
0x000000009a450000 0x29b000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\Comctl32.dll
0x00000000a54d0000 0x14000 C:\Windows\System32\DEVRTL.dll
0x00000000a51e0000 0x13c000 C:\Windows\System32\drvstore.dll
0x00000000a22f0000 0x1b000 C:\Windows\System32\SPINF.dll
0x00000000a0880000 0x207000 C:\Windows\System32\twinapi.appcore.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x00000000ac5d0000 0x79000 C:\Windows\System32\coml2.dll
0x0000000099ac0000 0x7d000 C:\Windows\System32\OneCoreCommonProxyStub.dll
0x00000000995e0000 0x18000 C:\Windows\system32\execmodelproxy.dll
0x0000000088c30000 0x110000 c:\windows\system32\storsvc.dll
0x00000000a23d0000 0xb000 c:\windows\system32\FLTLIB.DLL
0x00000000a8900000 0xda000 c:\windows\system32\wer.dll
0x00000000a66d0000 0x100000 c:\windows\system32\WINHTTP.dll
0x00000000a1fc0000 0x29000 c:\windows\system32\Cabinet.dll
0x000000008aa90000 0x22000 c:\windows\system32\bcd.dll
0x00000000a3990000 0x793000 C:\Windows\system32\windows.storage.dll
0x00000000a50b0000 0xfb000 C:\Windows\System32\AppXDeploymentClient.dll
0x0000000088c00000 0x2f000 C:\Windows\SYSTEM32\storageusage.dll
0x00000000aa0e0000 0x2e000 C:\Windows\System32\USERENV.dll
0x00000000aa120000 0x26000 C:\Windows\System32\profapi.dll
0x0000000088580000 0xd9000 c:\windows\system32\pcasvc.dll
0x000000009ec90000 0x90000 c:\windows\system32\apphelp.dll
0x0000000095fb0000 0x11b000 c:\windows\system32\tdh.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\cryptsp.dll
0x000000009ad60000 0x41000 c:\windows\system32\APISAMPLING.dll
0x00000000a00d0000 0x8b000 c:\windows\system32\AEPIC.dll
0x0000000015560000 0x3000 C:\Windows\SYSTEM32\sfc.dll
0x00000000a5c30000 0x12000 C:\Windows\SYSTEM32\sfc_os.DLL
0x00000000a9300000 0x34000 C:\Windows\system32\rsaenh.dll
0x00000000a9bb0000 0xc000 C:\Windows\System32\CRYPTBASE.dll
0x00000000a5500000 0x4b000 C:\Windows\system32\spp.dll
0x00000000a4250000 0x19c000 C:\Windows\system32\VSSAPI.DLL
0x00000000a5390000 0x18000 C:\Windows\system32\VssTrace.DLL
0x00000000a47d0000 0x14000 C:\Windows\system32\vss_ps.dll
0x000000008ad80000 0xe3000 C:\Windows\System32\wuapi.dll
0x0000000089a40000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000899b0000 0x8a000 c:\windows\system32\msvcp110_win.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a5e00000 0xc000 C:\Windows\System32\Secur32.dll
------------------------------------------------------------------------------
svchost.exe pid: 1064
Command line: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\System32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a74e0000 0x1d0000 c:\windows\system32\wevtsvc.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000aa0e0000 0x2e000 c:\windows\system32\USERENV.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a7490000 0x4a000 c:\windows\system32\icsvc.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a7480000 0xa000 c:\windows\system32\vmbuspipe.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a97b0000 0x4b000 c:\windows\system32\POWRPROF.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a9680000 0x3b000 c:\windows\system32\IPHLPAPI.DLL
0x00000000a9fa0000 0x2c000 c:\windows\system32\DEVOBJ.dll
0x00000000a9660000 0x12000 c:\windows\system32\UMPDC.dll
0x00000000a73b0000 0x30000 c:\windows\system32\timebrokerserver.dll
0x00000000a8620000 0x40000 c:\windows\system32\BrokerLib.dll
0x00000000aa0a0000 0x3c000 C:\Windows\System32\sspicli.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x00000000a6e50000 0x67000 c:\windows\system32\dhcpcore.dll
0x00000000a89e0000 0x2a000 C:\Windows\SYSTEM32\rmclient.dll
0x00000000a8290000 0xc000 C:\Windows\SYSTEM32\bi.dll
0x00000000a8e30000 0x94000 C:\Windows\SYSTEM32\firewallapi.dll
0x00000000a96c0000 0xcb000 c:\windows\system32\DNSAPI.dll
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a8df0000 0x2f000 C:\Windows\SYSTEM32\fwbase.dll
0x00000000a6c80000 0x51000 C:\Windows\System32\dhcpcore6.dll
0x00000000a6ad0000 0xb000 C:\Windows\SYSTEM32\WINNSI.DLL
0x00000000a66d0000 0x100000 c:\windows\system32\winhttp.dll
0x00000000a6420000 0x17000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL
0x00000000a6410000 0xa000 C:\Windows\System32\rasadhlp.dll
0x00000000a6c10000 0x1d000 C:\Windows\SYSTEM32\dhcpcsvc.DLL
0x00000000a8e20000 0x7000 C:\Windows\system32\wshhyperv.dll
0x00000000a9bb0000 0xc000 C:\Windows\SYSTEM32\CRYPTBASE.dll
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000a93a0000 0x8a000 c:\windows\system32\msvcp110_win.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a0880000 0x207000 C:\Windows\System32\twinapi.appcore.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x00000000ab420000 0x129000 C:\Windows\System32\ole32.dll
0x00000000ac5d0000 0x79000 C:\Windows\System32\coml2.dll
0x0000000099ac0000 0x7d000 C:\Windows\System32\OneCoreCommonProxyStub.dll
0x00000000995e0000 0x18000 C:\Windows\system32\execmodelproxy.dll
0x00000000a1760000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
------------------------------------------------------------------------------
svchost.exe pid: 1080
Command line: C:\Windows\system32\svchost.exe -k LocalService -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\system32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a73f0000 0x6c000 c:\windows\system32\es.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a7170000 0x167000 c:\windows\system32\fntcache.dll
0x00000000aa120000 0x26000 c:\windows\system32\profapi.dll
0x00000000a7070000 0xe000 c:\windows\system32\nsisvc.dll
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000a93a0000 0x8a000 c:\windows\system32\msvcp110_win.dll
0x00000000a6ae0000 0x2e000 c:\windows\system32\FontProvider.dll
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a4c00000 0xd9000 c:\windows\system32\netprofmsvc.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a9680000 0x3b000 c:\windows\system32\IPHLPAPI.DLL
0x00000000a9430000 0x17000 c:\windows\system32\wkscli.dll
0x00000000a7730000 0x1d000 c:\windows\system32\nlaapi.dll
0x00000000a9790000 0xc000 c:\windows\system32\netutils.dll
0x00000000a6ad0000 0xb000 c:\windows\system32\WINNSI.DLL
0x00000000a6b60000 0x89000 c:\windows\system32\ncsi.dll
0x00000000a9660000 0x12000 c:\windows\system32\UMPDC.dll
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a8e20000 0x7000 C:\Windows\system32\wshhyperv.dll
0x00000000a5de0000 0x10000 C:\Windows\System32\npmproxy.dll
0x00000000a9ff0000 0xa2000 C:\Windows\SYSTEM32\sxs.dll
0x00000000ab420000 0x129000 C:\Windows\System32\ole32.dll
0x000000009d760000 0x61000 c:\windows\system32\dispbroker.desktop.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x000000009d6b0000 0xae000 c:\windows\system32\mscms.dll
0x00000000aa0e0000 0x2e000 c:\windows\system32\USERENV.dll
0x000000009dda0000 0x11000 c:\windows\system32\ColorAdapterClient.dll
0x000000009d610000 0xa0000 C:\Windows\System32\ActXPrxy.dll
0x0000000096860000 0x9b000 c:\windows\system32\cdpsvc.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x0000000099620000 0x49f000 c:\windows\system32\cdp.dll
0x00000000a5950000 0x156000 C:\Windows\SYSTEM32\wintypes.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a79a0000 0xf7000 c:\windows\system32\PROPSYS.dll
0x00000000a64b0000 0x130000 c:\windows\system32\dsreg.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\cryptsp.dll
0x00000000a22e0000 0x7000 C:\Windows\SYSTEM32\gamestreamingext.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a9de0000 0x12000 C:\Windows\System32\MSASN1.dll
0x00000000a9cd0000 0x27000 c:\windows\system32\ncrypt.dll
0x00000000a9c90000 0x3b000 c:\windows\system32\NTASN1.dll
0x00000000a25f0000 0x5a000 C:\Windows\system32\ncryptprov.dll
0x00000000a9bb0000 0xc000 C:\Windows\system32\CRYPTBASE.dll
0x0000000099c80000 0x115000 C:\Windows\system32\ShareHost.dll
0x00000000ac570000 0x55000 C:\Windows\System32\shlwapi.dll
0x00000000a3990000 0x793000 C:\Windows\system32\Windows.Storage.dll
0x00000000a3240000 0xf2000 C:\Windows\system32\CoreMessaging.dll
0x000000009de60000 0x35a000 C:\Windows\system32\CoreUIComponents.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a48e0000 0xb8000 C:\Windows\System32\Windows.Networking.Connectivity.dll
0x0000000096550000 0x15000 C:\Windows\System32\wshBth.dll
0x00000000a2140000 0xa000 c:\windows\system32\sbservicetrigger.dll
0x00000000a8340000 0x39000 C:\Windows\System32\Windows.Devices.Radios.dll
0x00000000a6b10000 0x14000 C:\Windows\SYSTEM32\wtsapi32.dll
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\WINSTA.dll
0x00000000ac5d0000 0x79000 C:\Windows\System32\coml2.dll
0x00000000a66d0000 0x100000 c:\windows\system32\WINHTTP.dll
0x00000000a6420000 0x17000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL
0x00000000a6c10000 0x1d000 C:\Windows\SYSTEM32\dhcpcsvc.DLL
0x000000009a3e0000 0x12000 c:\windows\system32\licensemanagersvc.dll
0x0000000095e90000 0x11d000 c:\windows\system32\LicenseManager.dll
0x00000000a4500000 0x30000 c:\windows\system32\CLIPC.dll
0x00000000a4ad0000 0xe3000 C:\Windows\System32\wuapi.dll
0x00000000a46c0000 0xf4000 C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
0x00000000a9340000 0xa000 C:\Windows\System32\DPAPI.DLL
0x0000000099ac0000 0x7d000 C:\Windows\System32\OneCoreCommonProxyStub.dll
0x00000000a1060000 0xb000 C:\Windows\SYSTEM32\msauserext.dll
0x0000000091aa0000 0x3b000 C:\Windows\System32\AuthBroker.dll
0x00000000a90c0000 0x4c000 C:\Windows\System32\AUTHZ.dll
0x00000000a4190000 0x9d000 c:\windows\system32\webio.dll
0x00000000aa0a0000 0x3c000 c:\windows\system32\SspiCli.dll
0x00000000a96c0000 0xcb000 C:\Windows\SYSTEM32\DNSAPI.dll
0x00000000a6410000 0xa000 C:\Windows\System32\rasadhlp.dll
0x00000000a6890000 0x7f000 C:\Windows\System32\fwpuclnt.dll
0x00000000a9220000 0x91000 C:\Windows\system32\schannel.DLL
0x00000000978d0000 0x15000 C:\Windows\SYSTEM32\mskeyprotect.dll
0x0000000097c60000 0x26000 C:\Windows\system32\ncryptsslp.dll
0x0000000095de0000 0xac000 c:\windows\system32\TextShaping.dll
0x000000008aa10000 0x16000 C:\Windows\System32\BitsProxy.dll
0x00000000a82e0000 0x37000 C:\Windows\SYSTEM32\bluetoothapis.dll
0x00000000a9fa0000 0x2c000 c:\windows\system32\DEVOBJ.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
Error opening Memory Compression(1108):
Access is denied.
------------------------------------------------------------------------------
svchost.exe pid: 1288
Command line: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\System32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a5700000 0x1e0000 c:\windows\system32\audiosrv.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000a6fe0000 0x85000 c:\windows\system32\MMDevAPI.DLL
0x00000000a9660000 0x12000 c:\windows\system32\UMPDC.dll
0x00000000a7ad0000 0x36000 c:\windows\system32\XmlLite.dll
0x00000000a9fa0000 0x2c000 c:\windows\system32\DEVOBJ.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a63a0000 0x54000 c:\windows\system32\AUDIOSRVPOLICYMANAGER.dll
0x00000000a97b0000 0x4b000 c:\windows\system32\POWRPROF.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a89e0000 0x2a000 C:\Windows\SYSTEM32\rmclient.dll
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\winsta.dll
0x00000000a6b10000 0x14000 C:\Windows\SYSTEM32\wtsapi32.dll
0x00000000a4130000 0x8000 C:\Windows\SYSTEM32\coreaudiopolicymanagerext.dll
0x0000000098a00000 0x180000 C:\Windows\System32\AudioSes.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a0880000 0x207000 C:\Windows\System32\twinapi.appcore.dll
0x0000000093de0000 0x51000 C:\Windows\SYSTEM32\capauthz.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a9de0000 0x12000 C:\Windows\SYSTEM32\MSASN1.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x000000009b120000 0x4e000 C:\Windows\System32\rdpendp.dll
0x00000000a79a0000 0xf7000 C:\Windows\System32\PROPSYS.dll
0x00000000ab420000 0x129000 C:\Windows\System32\OLE32.dll
0x0000000096780000 0x7e000 C:\Windows\System32\Windows.Media.Devices.dll
0x0000000087230000 0x7a000 c:\windows\system32\HrtfApo.dll
0x00000000a0310000 0x34000 c:\windows\system32\CompPkgSup.DLL
0x000000009a7b0000 0x146000 C:\Windows\System32\Windows.StateRepositoryPS.dll
0x0000000086d50000 0x156000 C:\Windows\System32\WinTypes.dll
0x00000000977e0000 0xe7000 C:\Windows\System32\Windows.ApplicationModel.dll
0x00000000a50b0000 0xfb000 C:\Windows\System32\AppXDeploymentClient.dll
0x0000000087120000 0x101000 C:\Windows\System32\Windows.Perception.Stub.dll
------------------------------------------------------------------------------
svchost.exe pid: 1348
Command line: C:\Windows\System32\svchost.exe -k NetworkService -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\System32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a6330000 0x65000 c:\windows\system32\nlasvc.dll
0x00000000a9680000 0x3b000 c:\windows\system32\IPHLPAPI.DLL
0x00000000a6ad0000 0xb000 c:\windows\system32\WINNSI.DLL
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a6c10000 0x1d000 c:\windows\system32\dhcpcsvc.DLL
0x00000000a6b60000 0x89000 c:\windows\system32\ncsi.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a9660000 0x12000 c:\windows\system32\UMPDC.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a6a10000 0x5c000 c:\windows\system32\dnsrslvr.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a96c0000 0xcb000 C:\Windows\SYSTEM32\DNSAPI.dll
0x00000000a6890000 0x7f000 C:\Windows\SYSTEM32\Fwpuclnt.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a6840000 0x4c000 c:\windows\system32\wkssvc.dll
0x00000000a9790000 0xc000 c:\windows\system32\netutils.dll
0x00000000aa0e0000 0x2e000 c:\windows\system32\USERENV.dll
0x00000000a6b40000 0xc000 c:\windows\system32\DSPARSE.dll
0x00000000aa0a0000 0x3c000 C:\Windows\System32\sspicli.dll
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x00000000a6ab0000 0x16000 C:\Windows\System32\ssdpapi.dll
0x00000000a8e30000 0x94000 C:\Windows\SYSTEM32\firewallapi.dll
0x00000000a8df0000 0x2f000 C:\Windows\SYSTEM32\fwbase.dll
0x00000000a6b30000 0x9000 C:\Windows\SYSTEM32\nrpsrv.DLL
0x00000000a6420000 0x17000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a64b0000 0x130000 c:\windows\system32\dsreg.dll
0x00000000a93a0000 0x8a000 c:\windows\system32\msvcp110_win.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\cryptsp.dll
0x00000000a6480000 0x2e000 C:\Windows\SYSTEM32\netjoin.dll
0x00000000a9c10000 0x2b000 C:\Windows\SYSTEM32\JOINUTIL.DLL
0x00000000a6bf0000 0x11000 c:\windows\system32\WMICLNT.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a6f30000 0xad000 C:\Windows\System32\taskschd.dll
0x00000000a62c0000 0x6a000 C:\Windows\system32\WlanApi.dll
0x00000000aa120000 0x26000 C:\Windows\System32\profapi.dll
0x00000000a9430000 0x17000 c:\windows\system32\wkscli.dll
0x00000000a6a70000 0x29000 C:\Windows\System32\mstask.dll
0x00000000a8e20000 0x7000 C:\Windows\system32\wshhyperv.dll
0x00000000a7300000 0x65000 C:\Windows\SYSTEM32\wevtapi.dll
0x00000000a6b10000 0x14000 C:\Windows\SYSTEM32\wtsapi32.dll
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\WINSTA.dll
0x00000000a89e0000 0x2a000 C:\Windows\SYSTEM32\rmclient.dll
0x00000000a51c0000 0x1f000 c:\windows\system32\cryptsvc.dll
0x00000000a4cf0000 0x15000 C:\Windows\System32\crypttpmeksvc.dll
0x00000000a3410000 0x26000 C:\Windows\System32\cryptcatsvc.dll
0x00000000a3380000 0x81000 C:\Windows\System32\webauthn.dll
0x00000000a3040000 0x19c000 C:\Windows\SYSTEM32\vssapi.dll
0x00000000a2fd0000 0x18000 C:\Windows\System32\VssTrace.DLL
0x00000000a6460000 0x19000 C:\Windows\System32\samcli.dll
0x00000000a5920000 0x24000 C:\Windows\System32\SAMLIB.dll
0x00000000a73f0000 0x6c000 C:\Windows\System32\ES.DLL
0x00000000a79a0000 0xf7000 C:\Windows\System32\PROPSYS.dll
0x00000000a9fa0000 0x2c000 c:\windows\system32\DEVOBJ.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a66d0000 0x100000 c:\windows\system32\WINHTTP.dll
0x00000000a9800000 0x42000 c:\windows\system32\logoncli.dll
0x00000000a9bb0000 0xc000 C:\Windows\SYSTEM32\CRYPTBASE.dll
0x00000000aab10000 0x56000 C:\Windows\System32\WLDAP32.dll
0x00000000a4190000 0x9d000 c:\windows\system32\webio.dll
0x00000000a6410000 0xa000 C:\Windows\System32\rasadhlp.dll
0x00000000a9de0000 0x12000 C:\Windows\System32\MSASN1.dll
0x00000000a9300000 0x34000 C:\Windows\system32\rsaenh.dll
0x00000000a1fc0000 0x29000 C:\Windows\System32\Cabinet.dll
0x00000000985f0000 0x31000 c:\windows\system32\CRYPTNET.dll
0x0000000098ba0000 0x32b000 C:\Windows\System32\ESENT.dll
0x00000000a8430000 0x3e000 C:\Windows\System32\netprofm.dll
0x00000000a5de0000 0x10000 C:\Windows\System32\npmproxy.dll
------------------------------------------------------------------------------
svchost.exe pid: 1416
Command line: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\system32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a6910000 0xfa000 c:\windows\system32\wcmsvc.dll
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a9680000 0x3b000 c:\windows\system32\IPHLPAPI.DLL
0x00000000a9660000 0x12000 c:\windows\system32\UMPDC.dll
0x00000000aa0e0000 0x2e000 c:\windows\system32\USERENV.dll
0x00000000a6ad0000 0xb000 c:\windows\system32\WINNSI.DLL
0x00000000a7730000 0x1d000 c:\windows\system32\nlaapi.dll
0x00000000a6b50000 0xa000 c:\windows\system32\MobileNetworking.dll
0x00000000a66d0000 0x100000 c:\windows\system32\WINHTTP.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a6270000 0x11000 C:\Windows\SYSTEM32\cmintegrator.dll
0x00000000a5ca0000 0x45000 C:\Windows\system32\wcmcsp.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a6bf0000 0x11000 C:\Windows\system32\WMICLNT.dll
0x00000000a5de0000 0x10000 C:\Windows\System32\npmproxy.dll
0x00000000a8e30000 0x94000 C:\Windows\SYSTEM32\firewallapi.dll
0x00000000a96c0000 0xcb000 C:\Windows\SYSTEM32\DNSAPI.dll
0x00000000a8df0000 0x2f000 C:\Windows\SYSTEM32\fwbase.dll
0x00000000a8f80000 0x29000 C:\Windows\SYSTEM32\profext.dll
0x00000000aa120000 0x26000 c:\windows\system32\profapi.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000aa240000 0x27000 C:\Windows\System32\Bcrypt.dll
------------------------------------------------------------------------------
svchost.exe pid: 1428
Command line: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\System32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a6670000 0x59000 c:\windows\system32\dusmsvc.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a8390000 0xd000 c:\windows\system32\SystemEventsBrokerClient.dll
0x00000000a6b50000 0xa000 c:\windows\system32\MobileNetworking.dll
0x00000000a9680000 0x3b000 c:\windows\system32\IPHLPAPI.DLL
0x00000000aa0e0000 0x2e000 c:\windows\system32\USERENV.dll
0x00000000a6bf0000 0x11000 c:\windows\system32\WMICLNT.dll
0x00000000a6ad0000 0xb000 c:\windows\system32\WINNSI.DLL
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x00000000a6c10000 0x1d000 C:\Windows\SYSTEM32\dhcpcsvc.dll
------------------------------------------------------------------------------
spoolsv.exe pid: 1560
Command line: C:\Windows\System32\spoolsv.exe
Base Size Path
0x00000000c3490000 0xc9000 C:\Windows\System32\spoolsv.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\USER32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a96c0000 0xcb000 C:\Windows\System32\DNSAPI.dll
0x00000000a9680000 0x3b000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000aa0a0000 0x3c000 C:\Windows\System32\SspiCli.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a9660000 0x12000 C:\Windows\System32\UMPDC.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a6ad0000 0xb000 C:\Windows\SYSTEM32\WINNSI.DLL
0x00000000a6410000 0xa000 C:\Windows\System32\rasadhlp.dll
0x00000000a6130000 0x13e000 C:\Windows\System32\localspl.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000ac100000 0x467000 C:\Windows\System32\SETUPAPI.dll
0x00000000a5c50000 0x1d000 C:\Windows\System32\SPOOLSS.DLL
0x00000000a5c70000 0x28000 C:\Windows\System32\srvcli.dll
0x00000000ab420000 0x129000 C:\Windows\System32\ole32.dll
0x00000000a5c30000 0x12000 C:\Windows\System32\sfc_os.dll
0x00000000a6400000 0xc000 C:\Windows\System32\Secur32.dll
0x00000000a6010000 0x8e000 C:\Windows\system32\winspool.drv
0x00000000a60a0000 0x13000 C:\Windows\System32\PrintIsolationProxy.dll
0x00000000a60e0000 0x22000 C:\Windows\System32\AppMon.dll
0x00000000aa120000 0x26000 C:\Windows\System32\profapi.dll
0x00000000a60c0000 0x11000 C:\Windows\System32\FXSMON.DLL
0x00000000a5bc0000 0x3b000 C:\Windows\System32\tcpmon.dll
0x00000000a5df0000 0xc000 C:\Windows\System32\snmpapi.dll
0x00000000a5900000 0x16000 C:\Windows\System32\wsnmp32.dll
0x00000000a4f60000 0xea000 C:\Windows\System32\usbmon.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a5e10000 0xc000 C:\Windows\System32\WINUSB.DLL
0x00000000a58e0000 0x12000 C:\Windows\System32\deviceassociation.dll
0x00000000a9fa0000 0x2c000 C:\Windows\System32\DEVOBJ.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000a9de0000 0x12000 C:\Windows\System32\MSASN1.dll
0x00000000a15f0000 0x170000 C:\Windows\System32\APMon.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000a9790000 0xc000 C:\Windows\System32\netutils.dll
0x00000000a66d0000 0x100000 C:\Windows\System32\WINHTTP.dll
0x00000000a6b10000 0x14000 C:\Windows\System32\WTSAPI32.dll
0x00000000a2200000 0xb2000 C:\Windows\System32\wsdapi.dll
0x00000000a8e30000 0x94000 C:\Windows\System32\FirewallAPI.dll
0x00000000a1490000 0x153000 C:\Windows\System32\webservices.dll
0x00000000a8df0000 0x2f000 C:\Windows\System32\fwbase.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a1230000 0x25e000 C:\Windows\System32\msxml6.dll
0x00000000a51e0000 0x13c000 C:\Windows\System32\drvstore.dll
0x00000000a4f50000 0x10000 C:\Windows\system32\spool\PRTPROCS\x64\winprint.dll
0x00000000aa0e0000 0x2e000 C:\Windows\System32\USERENV.dll
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x00000000a73e0000 0xa000 C:\Windows\System32\DSROLE.dll
0x00000000a4e70000 0xdc000 C:\Windows\System32\win32spl.dll
0x00000000a9bc0000 0x18000 C:\Windows\System32\CRYPTSP.dll
0x00000000a8fb0000 0x5a000 C:\Windows\System32\WINSTA.dll
0x00000000a9300000 0x34000 C:\Windows\system32\rsaenh.dll
0x00000000a9bb0000 0xc000 C:\Windows\System32\CRYPTBASE.dll
0x00000000aacd0000 0x741000 C:\Windows\System32\SHELL32.dll
0x00000000a54d0000 0x14000 C:\Windows\System32\DEVRTL.dll
0x000000009b100000 0x1e000 C:\Windows\System32\SPFILEQ.dll
0x00000000a22f0000 0x1b000 C:\Windows\System32\SPINF.dll
0x00000000a3990000 0x793000 C:\Windows\SYSTEM32\windows.storage.dll
0x00000000a9c60000 0x2c000 C:\Windows\System32\Wldp.dll
0x00000000ac570000 0x55000 C:\Windows\System32\shlwapi.dll
0x00000000a1fc0000 0x29000 C:\Windows\System32\cabinet.dll
0x00000000969f0000 0x2f000 C:\Windows\system32\spool\DRIVERS\x64\3\tsprint.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
------------------------------------------------------------------------------
svchost.exe pid: 1684
Command line: C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\system32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a5cf0000 0xe2000 c:\windows\system32\bfe.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a90c0000 0x4c000 c:\windows\system32\AUTHZ.dll
0x00000000a9680000 0x3b000 c:\windows\system32\IPHLPAPI.DLL
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000aa0a0000 0x3c000 c:\windows\system32\SspiCli.dll
0x00000000a7300000 0x65000 C:\Windows\SYSTEM32\wevtapi.dll
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a53b0000 0x118000 c:\windows\system32\mpssvc.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a6890000 0x7f000 c:\windows\system32\fwpuclnt.dll
0x00000000a96c0000 0xcb000 c:\windows\system32\DNSAPI.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a8df0000 0x2f000 c:\windows\system32\fwbase.dll
0x00000000a86e0000 0x11000 C:\Windows\SYSTEM32\embeddedmodesvcapi.dll
0x00000000a5320000 0x41000 c:\windows\system32\FWPolicyIOMgr.dll
0x00000000a9430000 0x17000 c:\windows\system32\wkscli.dll
0x00000000a9790000 0xc000 c:\windows\system32\netutils.dll
0x00000000a8380000 0x9000 C:\Windows\SYSTEM32\httpprxc.dll
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000a93a0000 0x8a000 c:\windows\system32\msvcp110_win.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a5c20000 0xa000 C:\Windows\system32\adhapi.dll
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x00000000a6420000 0x17000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL
0x00000000a6c10000 0x1d000 C:\Windows\SYSTEM32\dhcpcsvc.DLL
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a6ad0000 0xb000 C:\Windows\SYSTEM32\WINNSI.DLL
0x00000000a51b0000 0xc000 C:\Windows\system32\wfapigp.dll
0x00000000a2490000 0xf4000 C:\Windows\SYSTEM32\mrmcorer.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000a2730000 0x2af000 C:\Windows\SYSTEM32\iertutil.dll
0x00000000a2340000 0x11000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
0x00000000a8f40000 0x33000 C:\Windows\system32\ntmarta.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a5de0000 0x10000 C:\Windows\System32\npmproxy.dll
------------------------------------------------------------------------------
svchost.exe pid: 1992
Command line: C:\Windows\System32\svchost.exe -k utcsvc -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\System32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a3550000 0x3ab000 c:\windows\system32\diagtrack.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a9680000 0x3b000 c:\windows\system32\IPHLPAPI.DLL
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000a93a0000 0x8a000 c:\windows\system32\msvcp110_win.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a9bb0000 0xc000 C:\Windows\System32\CRYPTBASE.DLL
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a0880000 0x207000 C:\Windows\System32\twinapi.appcore.dll
0x00000000aa0e0000 0x2e000 c:\windows\system32\USERENV.dll
0x00000000aa120000 0x26000 c:\windows\system32\profapi.dll
0x00000000aa0a0000 0x3c000 C:\Windows\SYSTEM32\SspiCli.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a8e20000 0x7000 C:\Windows\system32\wshhyperv.dll
0x00000000a0750000 0x12d000 c:\windows\system32\WindowsPerformanceRecorderControl.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000a7ad0000 0x36000 c:\windows\system32\XmlLite.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a00d0000 0x8b000 C:\Windows\SYSTEM32\aepic.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\cryptsp.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x00000000427d0000 0x3000 C:\Windows\SYSTEM32\sfc.dll
0x00000000a5c30000 0x12000 C:\Windows\SYSTEM32\sfc_os.DLL
0x00000000ac100000 0x467000 C:\Windows\System32\SETUPAPI.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a9300000 0x34000 C:\Windows\system32\rsaenh.dll
0x00000000a49a0000 0xe5000 C:\Windows\System32\FlightSettings.dll
------------------------------------------------------------------------------
svchost.exe pid: 2020
Command line: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\System32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a3340000 0x31000 c:\windows\system32\dps.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a3240000 0xf2000 c:\windows\system32\coremessaging.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a6f30000 0xad000 C:\Windows\System32\taskschd.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x00000000a3020000 0x1f000 c:\windows\system32\wdi.dll
0x00000000a2f80000 0x9000 C:\Windows\system32\pnpts.dll
0x00000000a2d50000 0x148000 C:\Windows\system32\diagperf.dll
------------------------------------------------------------------------------
CExecSvc.exe pid: 1192
Command line: C:\Windows\system32\cexecsvc.exe
Base Size Path
0x0000000058a20000 0x3d000 C:\Windows\system32\cexecsvc.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aa120000 0x26000 C:\Windows\system32\profapi.dll
0x00000000aa0a0000 0x3c000 C:\Windows\system32\SspiCli.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a5e00000 0xc000 C:\Windows\system32\Secur32.dll
------------------------------------------------------------------------------
VmComputeAgent.exe pid: 2152
Command line: C:\Windows\system32\vmcomputeagent.exe
Base Size Path
0x00000000d6c10000 0x13e000 C:\Windows\system32\vmcomputeagent.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a2440000 0x4c000 C:\Windows\system32\wc_storage.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a7300000 0x65000 C:\Windows\system32\wevtapi.dll
0x00000000a7ad0000 0x36000 C:\Windows\system32\XmlLite.dll
0x00000000a2430000 0xd000 C:\Windows\system32\HvSocket.dll
0x00000000a9680000 0x3b000 C:\Windows\system32\IPHLPAPI.DLL
0x00000000a9fa0000 0x2c000 C:\Windows\system32\DEVOBJ.dll
0x00000000a2ff0000 0x26000 C:\Windows\system32\NetSetupApi.dll
0x00000000a8e30000 0x94000 C:\Windows\system32\FirewallAPI.dll
0x00000000a23e0000 0x47000 C:\Windows\system32\container.dll
0x00000000a0cc0000 0x97000 C:\Windows\system32\GNS.dll
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a96c0000 0xcb000 C:\Windows\system32\DNSAPI.dll
0x00000000a6890000 0x7f000 C:\Windows\system32\fwpuclnt.dll
0x00000000a23d0000 0xb000 C:\Windows\system32\FLTLIB.DLL
0x00000000a2020000 0x4e000 C:\Windows\system32\CIMFS.dll
0x00000000a8df0000 0x2f000 C:\Windows\system32\fwbase.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a8e20000 0x7000 C:\Windows\system32\wshhyperv.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a6420000 0x17000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL
0x00000000a6c10000 0x1d000 C:\Windows\SYSTEM32\dhcpcsvc.DLL
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a5e00000 0xc000 C:\Windows\system32\Secur32.dll
0x00000000973f0000 0x3c000 C:\Windows\system32\SSPICLI.DLL
------------------------------------------------------------------------------
svchost.exe pid: 1760
Command line: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\system32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000a0160000 0x76000 c:\windows\system32\ipsecsvc.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000a6890000 0x7f000 c:\windows\system32\fwpuclnt.dll
0x00000000a90c0000 0x4c000 c:\windows\system32\AUTHZ.dll
0x00000000a8e30000 0x94000 c:\windows\system32\FirewallAPI.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a96c0000 0xcb000 c:\windows\system32\DNSAPI.dll
0x00000000a4530000 0x1e000 c:\windows\system32\FwRemoteSvr.DLL
0x00000000a8df0000 0x2f000 c:\windows\system32\fwbase.dll
0x00000000a9680000 0x3b000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a5320000 0x41000 c:\windows\system32\FWPolicyIOMgr.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a6420000 0x17000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL
0x00000000a6c10000 0x1d000 C:\Windows\SYSTEM32\dhcpcsvc.DLL
0x00000000aa0a0000 0x3c000 C:\Windows\system32\sspicli.dll
Error opening csrss.exe(2468):
Access is denied.
------------------------------------------------------------------------------
winlogon.exe pid: 2484
Command line: winlogon.exe
Base Size Path
0x0000000036af0000 0xe2000 C:\Windows\system32\winlogon.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a9660000 0x12000 C:\Windows\system32\UMPDC.dll
0x00000000aa120000 0x26000 C:\Windows\system32\profapi.dll
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\winsta.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aab70000 0x30000 C:\Windows\System32\IMM32.DLL
0x00000000abfe0000 0x115000 C:\Windows\System32\MSCTF.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aa0a0000 0x3c000 C:\Windows\system32\SspiCli.dll
0x00000000aa0e0000 0x2e000 C:\Windows\system32\USERENV.dll
0x00000000a8f80000 0x29000 C:\Windows\SYSTEM32\profext.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000aa240000 0x27000 C:\Windows\System32\Bcrypt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptprimitives.dll
0x00000000a8e30000 0x94000 C:\Windows\SYSTEM32\firewallapi.dll
0x00000000a96c0000 0xcb000 C:\Windows\system32\DNSAPI.dll
0x00000000a9680000 0x3b000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a8df0000 0x2f000 C:\Windows\system32\fwbase.dll
0x00000000a4400000 0x1e000 C:\Windows\SYSTEM32\uxinit.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000a8ae0000 0x2f000 C:\Windows\system32\dwmapi.dll
0x000000009f6c0000 0x9f000 C:\Windows\system32\UxTheme.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a9340000 0xa000 C:\Windows\system32\DPAPI.dll
0x00000000a9bb0000 0xc000 C:\Windows\system32\CRYPTBASE.dll
0x00000000a3220000 0x14000 C:\Windows\SYSTEM32\dwminit.dll
0x000000009ec90000 0x90000 C:\Windows\system32\apphelp.dll
0x00000000a64b0000 0x130000 C:\Windows\system32\dsreg.dll
0x00000000a93a0000 0x8a000 C:\Windows\system32\msvcp110_win.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\cryptsp.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x000000009d4f0000 0x1d000 C:\Windows\system32\MPR.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a5e00000 0xc000 C:\Windows\system32\Secur32.dll
------------------------------------------------------------------------------
fontdrvhost.exe pid: 2712
Command line: "fontdrvhost.exe"
Base Size Path
0x00000000d0bc0000 0xd2000 C:\Windows\system32\fontdrvhost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
------------------------------------------------------------------------------
WUDFHost.exe pid: 2732
Command line: "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-5008a698-3d99-4cc4-b340-87785375ed84 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-67bed9b0-b09c-4ea2-b90e-05427dba3257 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2a684d20-30c0-448d-9d62-b51c5e27b1e1 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b2f1abd3-39b3-4f97-990d-6383d6745dc0 -LifetimeId:3addc031-bae4-4bbe-8b88-1f71849c4886 -DeviceGroupId: -HostArg:0
Base Size Path
0x000000003bdb0000 0x47000 C:\Windows\System32\WUDFHost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000a9080000 0x32000 C:\Windows\SYSTEM32\WUDFPlatform.dll
0x00000000a9fa0000 0x2c000 C:\Windows\SYSTEM32\DEVOBJ.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000aa0a0000 0x3c000 C:\Windows\SYSTEM32\SspiCli.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000a4140000 0x41000 c:\windows\system32\drivers\umdf\rdpidd.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a7b30000 0x263000 C:\Windows\System32\d3d11.dll
0x00000000a8700000 0xf3000 C:\Windows\System32\dxgi.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\gdi32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\USER32.dll
0x000000009f760000 0x1e4000 C:\Windows\System32\dbghelp.dll
0x000000009f600000 0xbb000 C:\Windows\System32\WUDFx02000.dll
0x000000009f5b0000 0x43000 c:\windows\system32\drivers\umdf\iddcx.dll
0x000000009eff0000 0x5c0000 C:\Windows\System32\d2d1.dll
0x000000009ed70000 0x27e000 C:\Windows\System32\DWrite.dll
0x000000009d4b0000 0x3b000 C:\Windows\SYSTEM32\dxcore.dll
0x000000009cbc0000 0x6f6000 C:\Windows\System32\d3d10warp.dll
------------------------------------------------------------------------------
dwm.exe pid: 3024
Command line: "dwm.exe"
Base Size Path
0x0000000094e20000 0x1f000 C:\Windows\system32\dwm.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x000000009ec90000 0x90000 C:\Windows\SYSTEM32\apphelp.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\gdi32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a1070000 0x2a000 C:\Windows\SYSTEM32\dwmredir.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\USER32.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8700000 0xf3000 C:\Windows\system32\dxgi.dll
0x000000009e810000 0x374000 C:\Windows\system32\dwmcore.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x000000009eff0000 0x5c0000 C:\Windows\system32\d2d1.dll
0x000000009eb90000 0xff000 C:\Windows\SYSTEM32\udwm.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a3240000 0xf2000 C:\Windows\system32\CoreMessaging.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a7b30000 0x263000 C:\Windows\system32\d3d11.dll
0x000000009e1c0000 0x45d000 C:\Windows\system32\D3DCOMPILER_47.dll
0x00000000a9bc0000 0x18000 C:\Windows\system32\CRYPTSP.dll
0x000000009e620000 0x1e5000 C:\Windows\system32\dcomp.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x000000009de60000 0x35a000 C:\Windows\system32\CoreUIComponents.dll
0x00000000aba30000 0xae000 C:\Windows\System32\SHCORE.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a5950000 0x156000 C:\Windows\SYSTEM32\wintypes.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000aab70000 0x30000 C:\Windows\System32\IMM32.DLL
0x00000000a9660000 0x12000 C:\Windows\system32\UMPDC.dll
0x00000000a7ad0000 0x36000 C:\Windows\system32\XmlLite.dll
0x000000009f6c0000 0x9f000 C:\Windows\system32\uxtheme.dll
0x00000000a0730000 0x15000 C:\Windows\SYSTEM32\dwmghost.dll
0x00000000a8ae0000 0x2f000 C:\Windows\system32\dwmapi.dll
0x00000000a4620000 0xa000 C:\Windows\system32\avrt.dll
0x000000009da90000 0x22c000 C:\Windows\SYSTEM32\ism.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a79a0000 0xf7000 C:\Windows\system32\PROPSYS.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a43f0000 0xd000 C:\Windows\system32\HID.DLL
0x000000009ddc0000 0x6a000 C:\Windows\system32\NInput.dll
0x00000000a9de0000 0x12000 C:\Windows\system32\MSASN1.dll
0x00000000a8fb0000 0x5a000 C:\Windows\system32\WINSTA.dll
0x000000009d8d0000 0x1b4000 C:\Windows\system32\WindowsCodecs.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x000000009d820000 0xa1000 C:\Windows\System32\windowmanagementapi.dll
0x00000000a0880000 0x207000 C:\Windows\SYSTEM32\twinapi.appcore.dll
0x00000000a9300000 0x34000 C:\Windows\system32\rsaenh.dll
0x00000000a9bb0000 0xc000 C:\Windows\system32\CRYPTBASE.dll
0x000000009d7d0000 0x47000 C:\Windows\System32\UIAnimation.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x000000009d760000 0x61000 C:\Windows\System32\DispBroker.Desktop.dll
0x000000009d6b0000 0xae000 C:\Windows\System32\mscms.dll
0x00000000aa0e0000 0x2e000 C:\Windows\System32\USERENV.dll
0x000000009dda0000 0x11000 C:\Windows\System32\ColorAdapterClient.dll
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x000000009d610000 0xa0000 C:\Windows\System32\ActXPrxy.dll
0x000000009d5f0000 0x15000 c:\windows\system32\gameinput.dll
0x000000009d510000 0xd3000 C:\Windows\System32\Windows.Gaming.Input.dll
0x000000009d2c0000 0x5f000 C:\Windows\System32\DispBroker.dll
0x00000000a1760000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
0x000000009cbc0000 0x6f6000 C:\Windows\system32\D3D10Warp.dll
0x000000009d4b0000 0x3b000 C:\Windows\SYSTEM32\dxcore.dll
0x00000000a1fc0000 0x29000 C:\Windows\system32\Cabinet.dll
0x000000009bb30000 0x8d000 C:\Windows\System32\Windows.Graphics.dll
0x00000000abfe0000 0x115000 C:\Windows\System32\MSCTF.dll
0x0000000095de0000 0xac000 C:\Windows\system32\TextShaping.dll
------------------------------------------------------------------------------
svchost.exe pid: 3208
Command line: C:\Windows\System32\svchost.exe -k netsvcs -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\System32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x000000009c950000 0x26f000 c:\windows\system32\installservice.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a9660000 0x12000 c:\windows\system32\UMPDC.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a3990000 0x793000 C:\Windows\SYSTEM32\windows.storage.dll
0x00000000a66d0000 0x100000 c:\windows\system32\WINHTTP.dll
0x00000000aa0e0000 0x2e000 c:\windows\system32\USERENV.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\cryptsp.dll
0x000000009d4f0000 0x1d000 c:\windows\system32\MPR.dll
0x00000000a9c60000 0x2c000 c:\windows\system32\Wldp.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x000000009c360000 0x588000 C:\Windows\System32\StartTileData.dll
0x00000000ac570000 0x55000 C:\Windows\System32\shlwapi.dll
0x00000000aa0a0000 0x3c000 C:\Windows\System32\SspiCli.dll
0x00000000a3240000 0xf2000 C:\Windows\System32\CoreMessaging.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x000000009d450000 0x5a000 C:\Windows\System32\Bcp47Langs.dll
0x000000009d430000 0x12000 C:\Windows\System32\EAMProgressHandler.dll
0x00000000a4810000 0xc3000 C:\Windows\System32\Windows.Web.dll
0x00000000a2730000 0x2af000 C:\Windows\System32\iertutil.dll
0x000000009a7b0000 0x146000 C:\Windows\System32\Windows.StateRepositoryPS.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a5e00000 0xc000 C:\Windows\System32\Secur32.dll
0x00000000847e0000 0x54000 C:\Windows\System32\usermgrproxy.dll
0x0000000082480000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
------------------------------------------------------------------------------
svchost.exe pid: 3252
Command line: C:\Windows\system32\svchost.exe -k appmodel -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\system32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x000000009bdd0000 0x590000 c:\windows\system32\windows.staterepository.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x000000009bd10000 0xb1000 c:\windows\system32\StateRepository.Core.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000a2340000 0x11000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x000000009a7b0000 0x146000 C:\Windows\System32\Windows.StateRepositoryPS.dll
0x00000000a5950000 0x156000 C:\Windows\System32\WinTypes.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x000000008b0b0000 0x64000 c:\windows\system32\capabilityaccessmanager.dll
0x0000000093de0000 0x51000 C:\Windows\SYSTEM32\capauthz.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a9de0000 0x12000 C:\Windows\System32\MSASN1.dll
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000a93a0000 0x8a000 c:\windows\system32\msvcp110_win.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a5e00000 0xc000 C:\Windows\system32\Secur32.dll
0x00000000973f0000 0x3c000 C:\Windows\system32\SSPICLI.DLL
------------------------------------------------------------------------------
rdpclip.exe pid: 3536
Command line: rdpclip
Base Size Path
0x000000002e300000 0x77000 C:\Windows\System32\rdpclip.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\ADVAPI32.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\USER32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ab420000 0x129000 C:\Windows\System32\OLE32.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000aacd0000 0x741000 C:\Windows\System32\SHELL32.dll
0x00000000ac100000 0x467000 C:\Windows\System32\setupapi.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a6b10000 0x14000 C:\Windows\System32\WTSAPI32.dll
0x00000000a8fb0000 0x5a000 C:\Windows\System32\WINSTA.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000a6010000 0x8e000 C:\Windows\System32\WINSPOOL.DRV
0x000000009d4f0000 0x1d000 C:\Windows\System32\MPR.dll
0x00000000a8ae0000 0x2f000 C:\Windows\System32\dwmapi.dll
0x00000000a9fa0000 0x2c000 C:\Windows\System32\DEVOBJ.dll
0x00000000a9bb0000 0xc000 C:\Windows\System32\CRYPTBASE.DLL
0x00000000aab70000 0x30000 C:\Windows\System32\IMM32.DLL
0x000000009f6c0000 0x9f000 C:\Windows\system32\uxtheme.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x000000009a330000 0xa9000 C:\Windows\system32\twinapi.dll
0x00000000ac570000 0x55000 C:\Windows\System32\SHLWAPI.dll
0x00000000abfe0000 0x115000 C:\Windows\System32\MSCTF.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000a9de0000 0x12000 C:\Windows\System32\MSASN1.dll
0x00000000a3990000 0x793000 C:\Windows\system32\windows.storage.dll
0x00000000a9c60000 0x2c000 C:\Windows\system32\Wldp.dll
0x000000009a1a0000 0x24000 C:\Windows\SYSTEM32\edputil.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a6400000 0xc000 C:\Windows\System32\Secur32.dll
0x00000000aa0a0000 0x3c000 C:\Windows\System32\SSPICLI.DLL
------------------------------------------------------------------------------
sihost.exe pid: 3576
Command line: sihost.exe
Base Size Path
0x0000000097ca0000 0x21000 C:\Windows\system32\sihost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a3240000 0xf2000 C:\Windows\system32\CoreMessaging.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aab70000 0x30000 C:\Windows\System32\IMM32.DLL
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x000000009a310000 0x20000 C:\Windows\system32\desktopshellext.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000ac570000 0x55000 C:\Windows\System32\shlwapi.dll
0x00000000a6b10000 0x14000 C:\Windows\SYSTEM32\wtsapi32.dll
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\WINSTA.dll
0x000000009a2f0000 0x1d000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
0x00000000a1760000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
0x000000009f6c0000 0x9f000 C:\Windows\system32\uxtheme.dll
0x000000009a230000 0x3c000 C:\Windows\System32\ClipboardServer.dll
0x00000000a89e0000 0x2a000 C:\Windows\System32\RMCLIENT.dll
0x000000009a0d0000 0xc7000 C:\Windows\system32\activationmanager.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a50b0000 0xfb000 C:\Windows\system32\AppXDeploymentClient.dll
0x00000000a5950000 0x156000 C:\Windows\SYSTEM32\wintypes.dll
0x00000000aa120000 0x26000 C:\Windows\system32\profapi.dll
0x00000000a0880000 0x207000 C:\Windows\system32\twinapi.appcore.dll
0x000000009d4f0000 0x1d000 C:\Windows\system32\MPR.dll
0x000000009a2c0000 0x29000 C:\Windows\System32\AppointmentActivation.dll
0x00000000a2340000 0x11000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
0x000000009a050000 0x7d000 C:\Windows\System32\modernexecserver.dll
0x00000000a5050000 0x54000 C:\Windows\System32\usermgrproxy.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x000000009de60000 0x35a000 C:\Windows\system32\CoreUIComponents.dll
0x000000009d3d0000 0x59000 C:\Windows\system32\ExecModelClient.dll
0x00000000a79a0000 0xf7000 C:\Windows\system32\PROPSYS.dll
0x0000000099ea0000 0x1a4000 C:\Windows\System32\windowmanagement.dll
0x00000000a3210000 0xf000 C:\Windows\System32\NotificationPlatformComponent.dll
0x0000000099dc0000 0xe0000 C:\Windows\System32\AppContracts.dll
0x0000000099c80000 0x115000 C:\Windows\system32\ShareHost.dll
0x00000000a3990000 0x793000 C:\Windows\SYSTEM32\windows.storage.dll
0x00000000a93a0000 0x8a000 C:\Windows\system32\msvcp110_win.dll
0x00000000a9c60000 0x2c000 C:\Windows\system32\Wldp.dll
0x0000000099bc0000 0xbc000 C:\Windows\System32\Windows.System.Launcher.dll
0x0000000099ac0000 0x7d000 C:\Windows\System32\OneCoreCommonProxyStub.dll
0x0000000099600000 0x15000 C:\Windows\system32\PackageStateChangeHandler.dll
0x00000000995e0000 0x18000 C:\Windows\system32\execmodelproxy.dll
0x0000000099510000 0xa6000 C:\Windows\System32\twinui.appcore.dll
0x00000000993b0000 0xa1000 C:\Windows\System32\UiaManager.dll
0x0000000098a00000 0x180000 C:\Windows\System32\AudioSes.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a6fe0000 0x85000 C:\Windows\System32\MMDevAPI.DLL
0x00000000a9fa0000 0x2c000 C:\Windows\System32\DEVOBJ.dll
0x00000000a9660000 0x12000 C:\Windows\SYSTEM32\UMPDC.dll
0x0000000098820000 0xaf000 C:\Windows\System32\daxexec.dll
0x00000000a23d0000 0xb000 C:\Windows\System32\FLTLIB.DLL
0x00000000a23e0000 0x47000 C:\Windows\System32\container.dll
0x00000000a9680000 0x3b000 C:\Windows\System32\IPHLPAPI.DLL
0x0000000098210000 0x2de000 C:\Windows\system32\mssrch.dll
0x00000000a9a50000 0x15000 C:\Windows\system32\cryptdll.dll
0x0000000098ba0000 0x32b000 C:\Windows\system32\ESENT.dll
0x0000000097e10000 0x32c000 C:\Windows\system32\TQUERY.DLL
0x0000000097bb0000 0x1e000 C:\Windows\system32\CoreShellExtFramework.dll
0x00000000aa0e0000 0x2e000 C:\Windows\system32\USERENV.dll
0x0000000097a00000 0x152000 C:\Windows\System32\InputHost.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000ab420000 0x129000 C:\Windows\System32\ole32.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a6400000 0xc000 C:\Windows\system32\Secur32.dll
0x00000000aa0a0000 0x3c000 C:\Windows\system32\SSPICLI.DLL
------------------------------------------------------------------------------
svchost.exe pid: 3664
Command line: C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\system32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aab70000 0x30000 C:\Windows\System32\IMM32.DLL
0x0000000099b40000 0x7a000 c:\windows\system32\cdpusersvc.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x0000000099620000 0x49f000 c:\windows\system32\cdp.dll
0x00000000aba30000 0xae000 C:\Windows\System32\SHCORE.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a9660000 0x12000 c:\windows\system32\UMPDC.dll
0x00000000a79a0000 0xf7000 c:\windows\system32\PROPSYS.dll
0x00000000a64b0000 0x130000 c:\windows\system32\dsreg.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a93a0000 0x8a000 c:\windows\system32\msvcp110_win.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\cryptsp.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000995c0000 0x19000 c:\windows\system32\wpnuserservice.dll
0x00000000a2730000 0x2af000 c:\windows\system32\iertutil.dll
0x0000000099490000 0x79000 c:\windows\system32\faultrep.dll
0x000000009f760000 0x1e4000 c:\windows\system32\dbghelp.dll
0x0000000099460000 0x2c000 c:\windows\system32\dbgcore.DLL
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a22e0000 0x7000 C:\Windows\SYSTEM32\gamestreamingext.dll
0x00000000a2bd0000 0x174000 C:\Windows\System32\wpncore.dll
0x00000000a2650000 0xdb000 C:\Windows\System32\winsqlite3.dll
0x00000000a66d0000 0x100000 C:\Windows\System32\WINHTTP.dll
0x00000000a29e0000 0x1ed000 C:\Windows\System32\urlmon.dll
0x00000000a5950000 0x156000 C:\Windows\SYSTEM32\wintypes.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000988d0000 0x12d000 C:\Windows\System32\NotificationController.dll
0x00000000a89e0000 0x2a000 C:\Windows\System32\RMCLIENT.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x00000000a1760000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
0x0000000097bd0000 0x82000 C:\Windows\System32\QuietHours.dll
0x00000000a3990000 0x793000 C:\Windows\SYSTEM32\windows.storage.dll
0x00000000ac570000 0x55000 C:\Windows\System32\shlwapi.dll
0x00000000aa120000 0x26000 C:\Windows\SYSTEM32\profapi.dll
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\winsta.dll
0x0000000099ac0000 0x7d000 C:\Windows\System32\OneCoreCommonProxyStub.dll
0x0000000098700000 0x11d000 C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll
0x00000000aa0a0000 0x3c000 C:\Windows\System32\SspiCli.dll
0x00000000a0880000 0x207000 C:\Windows\SYSTEM32\twinapi.appcore.dll
0x000000009d3d0000 0x59000 C:\Windows\System32\execmodelclient.dll
0x00000000a3240000 0xf2000 C:\Windows\System32\CoreMessaging.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000995e0000 0x18000 C:\Windows\system32\execmodelproxy.dll
0x000000009f6c0000 0x9f000 C:\Windows\system32\uxtheme.dll
0x00000000abfe0000 0x115000 C:\Windows\System32\MSCTF.dll
0x00000000a9de0000 0x12000 C:\Windows\System32\MSASN1.dll
0x00000000a6b10000 0x14000 C:\Windows\SYSTEM32\wtsapi32.dll
0x00000000a9cd0000 0x27000 c:\windows\system32\ncrypt.dll
0x00000000a9c90000 0x3b000 c:\windows\system32\NTASN1.dll
0x00000000a25f0000 0x5a000 C:\Windows\system32\ncryptprov.dll
0x0000000098630000 0x99000 C:\Windows\System32\TileDataRepository.dll
0x000000009bd10000 0xb1000 C:\Windows\System32\StateRepository.Core.dll
0x000000009bdd0000 0x590000 C:\Windows\System32\Windows.StateRepository.dll
0x000000009a7b0000 0x146000 C:\Windows\System32\Windows.StateRepositoryPS.dll
0x0000000097950000 0x40000 C:\Windows\System32\Windows.StateRepositoryClient.dll
0x0000000098560000 0x90000 C:\Windows\System32\appresolver.dll
0x00000000ab420000 0x129000 C:\Windows\System32\ole32.dll
0x000000009d450000 0x5a000 C:\Windows\System32\Bcp47Langs.dll
0x00000000aa0e0000 0x2e000 C:\Windows\System32\USERENV.dll
0x00000000a0d60000 0x29000 C:\Windows\System32\SLC.dll
0x000000009de30000 0x25000 C:\Windows\System32\sppc.dll
0x0000000098b80000 0x14000 C:\Windows\System32\threadpoolwinrt.dll
0x000000009b190000 0x1f4000 C:\Windows\System32\Windows.CloudStore.dll
0x00000000977a0000 0x37000 C:\Windows\System32\AppExtension.dll
0x00000000a50b0000 0xfb000 C:\Windows\System32\AppXDeploymentClient.dll
0x0000000096a20000 0xeb000 C:\Windows\System32\Windows.CloudStore.Schema.Shell.dll
0x000000009bbc0000 0x149000 C:\Windows\System32\wpnapps.dll
0x00000000a7ad0000 0x36000 C:\Windows\System32\XmlLite.dll
0x00000000a9bb0000 0xc000 C:\Windows\system32\CRYPTBASE.dll
0x0000000096800000 0x60000 C:\Windows\System32\NotificationControllerPS.dll
0x00000000964c0000 0x51000 C:\Windows\System32\vaultcli.dll
0x00000000a48e0000 0xb8000 C:\Windows\System32\Windows.Networking.Connectivity.dll
0x00000000a5de0000 0x10000 C:\Windows\System32\npmproxy.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a9680000 0x3b000 C:\Windows\System32\IPHLPAPI.DLL
0x00000000a6ad0000 0xb000 C:\Windows\SYSTEM32\WINNSI.DLL
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a6420000 0x17000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL
0x00000000a6c10000 0x1d000 C:\Windows\SYSTEM32\dhcpcsvc.DLL
0x0000000093e60000 0xc3000 C:\Windows\System32\ShellCommonCommonProxyStub.dll
0x00000000a8340000 0x39000 C:\Windows\System32\Windows.Devices.Radios.dll
0x0000000088ad0000 0x5c000 c:\windows\system32\aphostservice.dll
0x0000000088aa0000 0x26000 c:\windows\system32\NetworkHelper.dll
0x000000008ab30000 0x15000 c:\windows\system32\UserDataPlatformHelperUtil.dll
0x0000000088a30000 0x65000 c:\windows\system32\SYNCUTIL.dll
0x00000000a4d80000 0xd000 c:\windows\system32\MCCSPal.dll
0x0000000089400000 0x20000 c:\windows\system32\DMCfgUtils.dll
0x00000000a4bc0000 0x33000 c:\windows\system32\DMCmnUtils.dll
0x0000000088a10000 0x1f000 c:\windows\system32\dmxmlhelputils.dll
0x00000000889f0000 0x14000 c:\windows\system32\InprocLogger.dll
0x00000000a49a0000 0xe5000 C:\Windows\System32\FlightSettings.dll
0x00000000a9950000 0x8a000 C:\Windows\system32\msv1_0.DLL
0x00000000a9930000 0x13000 C:\Windows\system32\NtlmShared.dll
0x00000000a9a50000 0x15000 C:\Windows\system32\cryptdll.dll
0x0000000088950000 0x9c000 C:\Windows\System32\SyncController.dll
0x00000000a4ce0000 0xf000 C:\Windows\System32\dsclient.dll
0x0000000088900000 0x47000 C:\Windows\System32\AccountAccessor.dll
0x00000000a8390000 0xd000 C:\Windows\System32\SystemEventsBrokerClient.dll
0x00000000888e0000 0x17000 C:\Windows\System32\APHostClient.dll
0x00000000887e0000 0xf5000 C:\Windows\System32\PIMSTORE.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a23c0000 0x10000 C:\Windows\System32\UserDataLanguageUtil.dll
0x00000000887b0000 0x30000 C:\Windows\System32\MCCSEngineShared.dll
0x0000000088790000 0x11000 C:\Windows\System32\UserDataTypeHelperUtil.dll
0x0000000088740000 0x44000 C:\Windows\System32\CEMAPI.dll
0x00000000886e0000 0x5e000 C:\Windows\System32\PhoneUtil.dll
0x00000000a2340000 0x11000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a6400000 0xc000 C:\Windows\system32\Secur32.dll
0x00000000a4550000 0xc3000 C:\Windows\System32\Windows.Web.dll
0x00000000a0aa0000 0x24000 C:\Windows\SYSTEM32\edputil.dll
------------------------------------------------------------------------------
taskhostw.exe pid: 3716
Command line: taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
Base Size Path
0x00000000d3c50000 0x1a000 C:\Windows\system32\taskhostw.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aab70000 0x30000 C:\Windows\System32\imm32.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\USER32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x000000009f6c0000 0x9f000 C:\Windows\system32\uxtheme.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x0000000098ed0000 0x4da000 C:\Windows\system32\wininet.dll
0x0000000098ba0000 0x32b000 C:\Windows\system32\ESENT.dll
0x00000000a3990000 0x793000 C:\Windows\SYSTEM32\windows.storage.dll
0x00000000a9c60000 0x2c000 C:\Windows\system32\Wldp.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000aba30000 0xae000 C:\Windows\System32\SHCORE.dll
0x00000000ac570000 0x55000 C:\Windows\System32\shlwapi.dll
0x00000000aa120000 0x26000 C:\Windows\SYSTEM32\profapi.dll
0x00000000a2730000 0x2af000 C:\Windows\system32\iertutil.dll
0x00000000979e0000 0x1e000 C:\Windows\system32\MsCtfMonitor.dll
0x00000000abfe0000 0x115000 C:\Windows\System32\MSCTF.dll
0x00000000a8fb0000 0x5a000 C:\Windows\system32\WINSTA.dll
0x00000000978f0000 0x45000 C:\Windows\system32\MSUTB.dll
0x0000000097770000 0x1b000 C:\Windows\System32\PlaySndSrv.dll
0x00000000986d0000 0x27000 C:\Windows\System32\WINMM.dll
0x00000000a9bb0000 0xc000 C:\Windows\system32\CRYPTBASE.DLL
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a6400000 0xc000 C:\Windows\system32\Secur32.dll
0x00000000aa0a0000 0x3c000 C:\Windows\system32\SSPICLI.DLL
0x000000009b430000 0x26000 C:\Windows\SYSTEM32\winmmbase.dll
0x00000000a6fe0000 0x85000 C:\Windows\SYSTEM32\MMDevAPI.DLL
0x00000000a9fa0000 0x2c000 C:\Windows\SYSTEM32\DEVOBJ.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a0390000 0x46000 C:\Windows\system32\wdmaud.drv
0x00000000a47f0000 0x9000 C:\Windows\system32\ksuser.dll
0x00000000a4620000 0xa000 C:\Windows\system32\AVRT.dll
0x000000009b120000 0x4e000 C:\Windows\system32\rdpendp.dll
0x00000000a6b10000 0x14000 C:\Windows\system32\WTSAPI32.dll
0x00000000a79a0000 0xf7000 C:\Windows\system32\PROPSYS.dll
0x00000000ab420000 0x129000 C:\Windows\System32\OLE32.dll
0x0000000098a00000 0x180000 C:\Windows\system32\AUDIOSES.DLL
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a9660000 0x12000 C:\Windows\system32\UMPDC.dll
0x00000000a5590000 0xd000 C:\Windows\system32\msacm32.drv
0x00000000a0370000 0x1e000 C:\Windows\system32\MSACM32.dll
0x00000000a5580000 0xb000 C:\Windows\system32\midimap.dll
------------------------------------------------------------------------------
svchost.exe pid: 3916
Command line: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Base Size Path
0x000000004abe0000 0x11000 C:\Windows\System32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000981d0000 0x3f000 c:\windows\system32\tabsvc.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a43f0000 0xd000 c:\windows\system32\HID.DLL
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a6b10000 0x14000 c:\windows\system32\WTSAPI32.dll
0x00000000a8fb0000 0x5a000 c:\windows\system32\WINSTA.dll
0x00000000aa0e0000 0x2e000 c:\windows\system32\USERENV.dll
0x00000000aa120000 0x26000 c:\windows\system32\profapi.dll
0x00000000aa0a0000 0x3c000 C:\Windows\SYSTEM32\SspiCli.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a5e00000 0xc000 C:\Windows\System32\Secur32.dll
------------------------------------------------------------------------------
ctfmon.exe pid: 3980
Command line: "ctfmon.exe"
Base Size Path
0x0000000013360000 0x7000 C:\Windows\system32\ctfmon.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000979e0000 0x1e000 C:\Windows\system32\MsCtfMonitor.DLL
0x00000000abfe0000 0x115000 C:\Windows\System32\MSCTF.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\USER32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aab70000 0x30000 C:\Windows\System32\IMM32.dll
0x00000000978f0000 0x45000 C:\Windows\system32\MSUTB.dll
0x00000000a8fb0000 0x5a000 C:\Windows\system32\WINSTA.dll
0x00000000ab420000 0x129000 C:\Windows\System32\ole32.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x000000009f6c0000 0x9f000 C:\Windows\system32\uxtheme.dll
0x00000000a3240000 0xf2000 C:\Windows\system32\CoreMessaging.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x000000009de60000 0x35a000 C:\Windows\system32\CoreUIComponents.dll
0x00000000aba30000 0xae000 C:\Windows\System32\SHCORE.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a5950000 0x156000 C:\Windows\SYSTEM32\wintypes.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x0000000096e60000 0x49c000 C:\Windows\system32\InputService.dll
0x00000000aa120000 0x26000 C:\Windows\system32\profapi.dll
0x0000000096c10000 0x24a000 C:\Windows\system32\TextInputMethodFormatter.dll
0x0000000097990000 0x48000 C:\Windows\system32\MTFServer.dll
0x0000000096b10000 0xfd000 C:\Windows\SYSTEM32\TextInputFramework.dll
0x0000000098530000 0x29000 C:\Windows\system32\InputLocaleManager.dll
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000a93a0000 0x8a000 C:\Windows\system32\msvcp110_win.dll
0x000000009d450000 0x5a000 C:\Windows\system32\Bcp47Langs.dll
0x00000000a1ff0000 0x9000 C:\Windows\system32\KBDUS.DLL
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x000000009a400000 0x47000 C:\Windows\System32\mtf.dll
0x0000000097a00000 0x152000 C:\Windows\SYSTEM32\inputhost.dll
0x00000000a79a0000 0xf7000 C:\Windows\system32\PROPSYS.dll
0x00000000a4810000 0xc3000 C:\Windows\System32\Windows.Web.dll
0x00000000a2730000 0x2af000 C:\Windows\System32\iertutil.dll
0x00000000a1760000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
0x0000000097940000 0xf000 C:\Windows\System32\WordBreakers.dll
0x00000000a9bb0000 0xc000 C:\Windows\system32\CRYPTBASE.DLL
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a6400000 0xc000 C:\Windows\system32\Secur32.dll
0x00000000aa0a0000 0x3c000 C:\Windows\system32\SSPICLI.DLL
------------------------------------------------------------------------------
explorer.exe pid: 3996
Command line: C:\Windows\Explorer.EXE
Base Size Path
0x00000000d3010000 0x45d000 C:\Windows\Explorer.EXE
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000ac570000 0x55000 C:\Windows\System32\shlwapi.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000a00d0000 0x8b000 C:\Windows\SYSTEM32\AEPIC.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000aacd0000 0x741000 C:\Windows\System32\SHELL32.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x000000009a330000 0xa9000 C:\Windows\SYSTEM32\TWINAPI.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\cryptsp.dll
0x00000000a3990000 0x793000 C:\Windows\SYSTEM32\windows.storage.dll
0x00000000a79a0000 0xf7000 C:\Windows\SYSTEM32\PROPSYS.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000a8700000 0xf3000 C:\Windows\SYSTEM32\dxgi.dll
0x0000000098ed0000 0x4da000 C:\Windows\SYSTEM32\WININET.dll
0x000000009f6c0000 0x9f000 C:\Windows\SYSTEM32\UxTheme.dll
0x00000000a8ae0000 0x2f000 C:\Windows\SYSTEM32\dwmapi.dll
0x00000000a0880000 0x207000 C:\Windows\SYSTEM32\twinapi.appcore.dll
0x00000000aa0a0000 0x3c000 C:\Windows\SYSTEM32\SspiCli.dll
0x00000000aa0e0000 0x2e000 C:\Windows\SYSTEM32\USERENV.dll
0x00000000a6b10000 0x14000 C:\Windows\SYSTEM32\WTSAPI32.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\Wldp.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000aab70000 0x30000 C:\Windows\System32\IMM32.DLL
0x00000000a9660000 0x12000 C:\Windows\SYSTEM32\UMPDC.dll
0x000000009ddc0000 0x6a000 C:\Windows\SYSTEM32\NInput.dll
0x00000000abfe0000 0x115000 C:\Windows\System32\MSCTF.dll
0x00000000ab420000 0x129000 C:\Windows\System32\ole32.dll
0x000000009a450000 0x29b000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21\comctl32.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x0000000098560000 0x90000 C:\Windows\System32\appresolver.dll
0x000000009d450000 0x5a000 C:\Windows\System32\Bcp47Langs.dll
0x00000000a0d60000 0x29000 C:\Windows\System32\SLC.dll
0x000000009de30000 0x25000 C:\Windows\System32\sppc.dll
0x00000000aa120000 0x26000 C:\Windows\SYSTEM32\profapi.dll
0x000000009c360000 0x588000 C:\Windows\System32\StartTileData.dll
0x00000000a3240000 0xf2000 C:\Windows\System32\CoreMessaging.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x000000009a7b0000 0x146000 C:\Windows\System32\Windows.StateRepositoryPS.dll
0x000000009b400000 0x2b000 C:\Windows\System32\IDStore.dll
0x00000000977e0000 0xe7000 C:\Windows\System32\Windows.ApplicationModel.dll
0x00000000a50b0000 0xfb000 C:\Windows\System32\AppXDeploymentClient.dll
0x00000000a5920000 0x24000 C:\Windows\System32\SAMLIB.dll
0x0000000097300000 0xa9000 C:\Windows\System32\wlidprov.dll
0x00000000a6460000 0x19000 C:\Windows\System32\samcli.dll
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000a93a0000 0x8a000 C:\Windows\SYSTEM32\msvcp110_win.dll
0x0000000097950000 0x40000 C:\Windows\System32\Windows.StateRepositoryClient.dll
0x00000000a5950000 0x156000 C:\Windows\System32\WinTypes.dll
0x00000000a1760000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
0x00000000969a0000 0x50000 C:\Windows\SYSTEM32\SndVolSSO.DLL
0x00000000a6fe0000 0x85000 C:\Windows\SYSTEM32\MMDevAPI.DLL
0x00000000a9fa0000 0x2c000 C:\Windows\SYSTEM32\DEVOBJ.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a8fb0000 0x5a000 C:\Windows\SYSTEM32\winsta.dll
0x000000009b120000 0x4e000 C:\Windows\SYSTEM32\rdpendp.dll
0x0000000096930000 0x66000 C:\Windows\SYSTEM32\OLEACC.dll
0x0000000095de0000 0xac000 C:\Windows\SYSTEM32\TextShaping.dll
0x000000009d8d0000 0x1b4000 C:\Windows\system32\windowscodecs.dll
0x000000009e620000 0x1e5000 C:\Windows\SYSTEM32\dcomp.dll
0x0000000095da0000 0x3e000 C:\Windows\system32\dataexchange.dll
0x00000000a7b30000 0x263000 C:\Windows\system32\d3d11.dll
0x000000009ec90000 0x90000 C:\Windows\SYSTEM32\apphelp.dll
0x0000000098630000 0x99000 C:\Windows\System32\TileDataRepository.dll
0x000000009bd10000 0xb1000 C:\Windows\System32\StateRepository.Core.dll
0x000000009bdd0000 0x590000 C:\Windows\System32\Windows.StateRepository.dll
0x0000000095b70000 0x221000 C:\Windows\system32\explorerframe.dll
0x00000000a2340000 0x11000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
0x00000000a2490000 0xf4000 C:\Windows\System32\MrmCoreR.dll
0x0000000096600000 0x14c000 C:\Windows\System32\Windows.UI.dll
0x000000009d820000 0xa1000 C:\Windows\System32\WindowManagementAPI.dll
0x0000000096b10000 0xfd000 C:\Windows\System32\TextInputFramework.dll
0x0000000097a00000 0x152000 C:\Windows\System32\InputHost.dll
0x000000009de60000 0x35a000 C:\Windows\System32\CoreUIComponents.dll
0x0000000096520000 0x2d000 C:\Windows\SYSTEM32\languageoverlayutil.dll
0x00000000965d0000 0x2d000 C:\Windows\System32\bcp47mrm.dll
0x00000000a2730000 0x2af000 C:\Windows\System32\iertutil.dll
0x00000000ac5d0000 0x79000 C:\Windows\System32\coml2.dll
0x0000000095b00000 0x65000 C:\Windows\System32\thumbcache.dll
0x0000000095510000 0x5f0000 C:\Windows\system32\twinui.pcshell.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x000000009ed70000 0x27e000 C:\Windows\system32\DWrite.dll
0x0000000099620000 0x49f000 C:\Windows\system32\cdp.dll
0x00000000a64b0000 0x130000 C:\Windows\system32\dsreg.dll
0x00000000954a0000 0x6f000 C:\Windows\system32\wincorlib.DLL
0x000000009a1a0000 0x24000 C:\Windows\SYSTEM32\edputil.dll
0x00000000953e0000 0xbe000 C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
0x00000000a9430000 0x17000 C:\Windows\SYSTEM32\wkscli.dll
0x00000000a9790000 0xc000 C:\Windows\SYSTEM32\netutils.dll
0x0000000099ac0000 0x7d000 C:\Windows\System32\OneCoreCommonProxyStub.dll
0x0000000096900000 0x22000 C:\Windows\SYSTEM32\cldapi.dll
0x00000000a23d0000 0xb000 C:\Windows\SYSTEM32\FLTLIB.DLL
0x0000000099510000 0xa6000 C:\Windows\System32\twinui.appcore.dll
0x0000000094bc0000 0x5f4000 C:\Windows\system32\twinui.dll
0x000000009ed20000 0x49000 C:\Windows\system32\pdh.dll
0x0000000094b10000 0xab000 C:\Windows\System32\ApplicationFrame.dll
0x000000009eff0000 0x5c0000 C:\Windows\System32\d2d1.dll
0x00000000951e0000 0x80000 C:\Windows\SYSTEM32\PhotoMetadataHandler.dll
0x00000000949c0000 0x7d000 C:\Windows\SYSTEM32\ntshrui.dll
0x0000000094880000 0x139000 C:\Windows\System32\Windows.UI.Immersive.dll
0x00000000a5c70000 0x28000 C:\Windows\SYSTEM32\srvcli.dll
0x0000000094860000 0x12000 C:\Windows\SYSTEM32\cscapi.dll
0x00000000986d0000 0x27000 C:\Windows\SYSTEM32\WINMM.dll
0x00000000947f0000 0x6b000 C:\Windows\System32\AboveLockAppHost.dll
0x00000000947b0000 0x35000 C:\Windows\System32\npsm.dll
0x0000000094750000 0x54000 C:\Windows\System32\Windows.Shell.BlueLightReduction.dll
0x00000000a4810000 0xc3000 C:\Windows\System32\Windows.Web.dll
0x000000009d6b0000 0xae000 C:\Windows\System32\mscms.dll
0x000000009dda0000 0x11000 C:\Windows\System32\ColorAdapterClient.dll
0x000000009b190000 0x1f4000 C:\Windows\System32\Windows.CloudStore.dll
0x00000000a29e0000 0x1ed000 C:\Windows\System32\urlmon.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x00000000977a0000 0x37000 C:\Windows\System32\AppExtension.dll
0x0000000096a20000 0xeb000 C:\Windows\System32\Windows.CloudStore.Schema.Shell.dll
0x00000000a9bb0000 0xc000 C:\Windows\SYSTEM32\CRYPTBASE.DLL
0x0000000094640000 0x110000 C:\Windows\System32\Windows.Internal.Signals.dll
0x0000000095fb0000 0x11b000 C:\Windows\SYSTEM32\tdh.dll
0x00000000944c0000 0x17e000 C:\Windows\System32\TaskFlowDataEngine.dll
0x000000009b700000 0xa6000 C:\Windows\System32\StructuredQuery.dll
0x0000000094480000 0x37000 C:\Windows\System32\EhStorShell.dll
0x00000000ac100000 0x467000 C:\Windows\System32\SETUPAPI.dll
0x0000000098700000 0x11d000 C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll
0x00000000943f0000 0x88000 C:\Windows\System32\Windows.Data.Activities.dll
0x0000000094320000 0xcd000 C:\Windows\System32\cscui.dll
0x0000000094110000 0x207000 C:\Windows\system32\windowsudk.shellcommon.dll
0x0000000094090000 0x80000 C:\Windows\system32\DictationManager.dll
0x0000000098150000 0x20000 C:\Windows\System32\Windows.StateRepositoryBroker.dll
0x0000000096800000 0x60000 C:\Windows\System32\NotificationControllerPS.dll
0x00000000a89e0000 0x2a000 C:\Windows\System32\RMCLIENT.dll
0x000000009b880000 0x87000 C:\Windows\System32\Windows.Devices.Enumeration.dll
0x000000009b530000 0x45000 C:\Windows\System32\MSWB7.dll
0x000000009b390000 0x20000 C:\Windows\System32\DevDispItemProvider.dll
0x000000009d610000 0xa0000 C:\Windows\System32\ActXPrxy.dll
0x00000000a48e0000 0xb8000 C:\Windows\System32\Windows.Networking.Connectivity.dll
0x000000009cbc0000 0x6f6000 C:\Windows\SYSTEM32\d3d10warp.dll
0x000000009d4b0000 0x3b000 C:\Windows\SYSTEM32\dxcore.dll
0x000000009d7d0000 0x47000 C:\Windows\System32\UIAnimation.dll
0x0000000093f80000 0x109000 C:\Windows\System32\Windows.UI.Core.TextInput.dll
0x0000000093f60000 0x12000 C:\Windows\System32\PCShellCommonProxyStub.dll
0x00000000a4450000 0x72000 C:\Windows\system32\cryptngc.dll
0x00000000a9cd0000 0x27000 C:\Windows\system32\ncrypt.dll
0x00000000a9c90000 0x3b000 C:\Windows\system32\NTASN1.dll
0x0000000093f30000 0x2f000 C:\Windows\SYSTEM32\cflapi.dll
0x000000009f9f0000 0x1bb000 C:\Windows\SYSTEM32\MFPlat.DLL
0x00000000a4420000 0x30000 C:\Windows\SYSTEM32\RTWorkQ.DLL
0x00000000a8810000 0x14000 C:\Windows\SYSTEM32\resourcepolicyclient.dll
0x0000000093100000 0x2f4000 C:\Windows\SYSTEM32\UIAutomationCore.DLL
0x00000000900b0000 0x51000 C:\Windows\system32\stobject.dll
0x00000000a6bf0000 0x11000 C:\Windows\system32\WMICLNT.dll
0x000000008ff40000 0x88000 C:\Windows\System32\InputSwitch.dll
0x00000000a9ff0000 0xa2000 C:\Windows\SYSTEM32\sxs.dll
0x000000009b0f0000 0xf000 C:\Windows\system32\BatMeter.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000a9de0000 0x12000 C:\Windows\System32\MSASN1.dll
0x000000009a270000 0xe000 C:\Windows\System32\Windows.UI.Shell.dll
0x00000000a9300000 0x34000 C:\Windows\system32\rsaenh.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a7080000 0x23000 C:\Windows\SYSTEM32\gpapi.dll
0x000000008d300000 0x3e000 C:\Windows\system32\prnfldr.dll
0x00000000a73f0000 0x6c000 C:\Windows\system32\es.dll
0x00000000a5670000 0x83000 C:\Windows\system32\dxp.dll
0x000000008d2b0000 0x41000 C:\Windows\system32\SHDOCVW.dll
0x00000000a5660000 0xd000 C:\Windows\SYSTEM32\atlthunk.dll
0x000000008d270000 0x19000 C:\Windows\system32\Syncreg.dll
0x000000008d210000 0x53000 C:\Windows\System32\Actioncenter.dll
0x00000000a7300000 0x65000 C:\Windows\System32\wevtapi.dll
0x000000008d180000 0x62000 C:\Windows\System32\Windows.FileExplorer.Common.dll
0x00000000a5de0000 0x10000 C:\Windows\System32\npmproxy.dll
0x00000000a9680000 0x3b000 C:\Windows\System32\IPHLPAPI.DLL
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a5fa0000 0x11000 C:\Windows\System32\dusmapi.dll
0x000000008d1f0000 0x15000 C:\Windows\system32\wpdshserviceobj.dll
0x000000008d040000 0x5e000 C:\Windows\System32\wpnclient.dll
0x000000008d000000 0x31000 C:\Windows\System32\PortableDeviceTypes.dll
0x000000008cf50000 0xa1000 C:\Windows\System32\PortableDeviceApi.dll
0x000000008cf20000 0x2d000 C:\Windows\system32\SettingMonitor.dll
0x000000008ce00000 0x117000 C:\Windows\system32\SettingSyncCore.dll
0x000000008cdb0000 0x50000 C:\Windows\System32\cscobj.dll
0x000000008cd70000 0x3a000 C:\Windows\System32\srchadmin.dll
0x000000008cca0000 0xc6000 C:\Windows\SYSTEM32\windows.storage.search.dll
0x000000008cbc0000 0x83000 C:\Windows\System32\SyncCenter.dll
0x000000008cb30000 0x84000 C:\Windows\System32\imapi2.dll
0x0000000098520000 0xd000 C:\Windows\SYSTEM32\LINKINFO.dll
0x0000000098a00000 0x180000 C:\Windows\SYSTEM32\AUDIOSES.DLL
0x000000009b910000 0x219000 C:\Windows\System32\pnidui.dll
0x00000000a6b50000 0xa000 C:\Windows\System32\MobileNetworking.dll
0x00000000a8430000 0x3e000 C:\Windows\System32\netprofm.dll
0x000000009dd30000 0x6d000 C:\Windows\System32\NetworkUXBroker.dll
0x000000009dcf0000 0x34000 C:\Windows\System32\EthernetMediaManager.dll
0x00000000a66d0000 0x100000 C:\Windows\System32\WINHTTP.dll
0x00000000a62c0000 0x6a000 C:\Windows\System32\wlanapi.dll
0x000000009b830000 0x46000 C:\Windows\System32\bthprops.cpl
0x000000009b7d0000 0x52000 C:\Windows\System32\smartscreenps.dll
0x00000000a6420000 0x17000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL
0x00000000a6c10000 0x1d000 C:\Windows\SYSTEM32\dhcpcsvc.DLL
0x0000000091cb0000 0xdb000 C:\Windows\System32\ieproxy.dll
0x000000008d0a0000 0xdb000 C:\Windows\System32\windows.internal.shell.broker.dll
0x00000000a5050000 0x54000 C:\Windows\System32\usermgrproxy.dll
0x000000008bea0000 0x1ae000 C:\Windows\system32\DUI70.dll
0x000000008be00000 0x95000 C:\Windows\system32\DUser.dll
0x000000008fbd0000 0x34f000 C:\Windows\SYSTEM32\MsftEdit.dll
0x00000000918f0000 0x1a7000 C:\Windows\System32\Windows.Globalization.dll
0x000000009c920000 0x25000 C:\Windows\SYSTEM32\globinputhost.dll
0x000000008bd50000 0xa8000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0x000000008b960000 0x3ec000 C:\Windows\system32\UIRibbon.dll
0x00000000a7ad0000 0x36000 C:\Windows\system32\XmlLite.dll
0x000000008b7b0000 0x1a6000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_faefa4f37613d18e\gdiplus.dll
0x000000009a900000 0xb9000 C:\Windows\system32\SettingSync.dll
0x000000008b5f0000 0x1bc000 C:\Windows\System32\cdprt.dll
0x000000009b7b0000 0x17000 C:\Windows\system32\NetworkExplorer.dll
0x000000009a9e0000 0x3d000 C:\Windows\System32\WorkFoldersShell.dll
0x000000009d4f0000 0x1d000 C:\Windows\SYSTEM32\MPR.dll
0x000000008acd0000 0x54000 C:\Windows\System32\dlnashext.dll
0x000000008a9c0000 0x13000 C:\Windows\SYSTEM32\VirtDisk.dll
0x0000000098820000 0xaf000 C:\Windows\SYSTEM32\daxexec.dll
0x00000000a23e0000 0x47000 C:\Windows\System32\container.dll
0x000000008a0b0000 0x74e000 C:\Windows\System32\ieframe.dll
0x00000000a25b0000 0x18000 C:\Windows\System32\NETAPI32.dll
0x00000000a6450000 0xa000 C:\Windows\System32\VERSION.dll
0x000000008a050000 0x54000 C:\Windows\SYSTEM32\msIso.dll
0x00000000a6400000 0xc000 C:\Windows\SYSTEM32\Secur32.dll
0x000000009b3b0000 0x42000 C:\Windows\SYSTEM32\MLANG.dll
0x0000000091e70000 0x10c2000 C:\Windows\System32\Windows.UI.Xaml.dll
0x0000000089db0000 0x24b000 C:\Windows\ShellComponents\WindowsInternal.ComposableShell.Experiences.Switcher.dll
0x0000000089d30000 0x7d000 C:\Windows\ShellExperiences\TileControl.dll
0x0000000089b20000 0x20e000 C:\Windows\ShellComponents\TaskFlowUI.dll
0x00000000993b0000 0xa1000 C:\Windows\System32\UiaManager.dll
0x00000000a55d0000 0x49000 C:\Windows\system32\zipfldr.dll
0x000000008d340000 0x22e000 C:\Windows\System32\icu.dll
0x00000000a8590000 0x4d000 C:\Windows\System32\Windows.UI.AppDefaults.dll
0x0000000089590000 0x33000 C:\Windows\system32\twext.dll
0x0000000089560000 0x25000 C:\Windows\SYSTEM32\CHARTV.dll
0x0000000088660000 0x16000 C:\Windows\SYSTEM32\pcacli.dll
0x00000000a5c30000 0x12000 C:\Windows\System32\sfc_os.dll
0x0000000087360000 0x3c000 C:\Windows\System32\wscinterop.dll
0x0000000087310000 0x4c000 C:\Windows\System32\WSCAPI.dll
0x000000008ad40000 0x19000 C:\Windows\System32\wscui.cpl
0x00000000860d0000 0xde000 C:\Windows\System32\werconcpl.dll
0x00000000a21a0000 0x52000 C:\Windows\System32\framedynos.dll
0x00000000a8900000 0xda000 C:\Windows\System32\wer.dll
0x000000008ac10000 0x14000 C:\Windows\System32\hcproviders.dll
0x0000000097790000 0x9000 C:\Windows\system32\IconCodecService.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000a5620000 0x2f000 C:\Windows\SYSTEM32\storageusage.dll
------------------------------------------------------------------------------
svchost.exe pid: 3696
Command line: C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p
Base Size Path
0x000000009d6e0000 0x11000 C:\Windows\system32\svchost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000aab70000 0x30000 C:\Windows\System32\IMM32.DLL
0x0000000095260000 0xfe000 c:\windows\system32\cbdhsvc.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000a97b0000 0x4b000 C:\Windows\SYSTEM32\powrprof.dll
0x00000000a9660000 0x12000 C:\Windows\SYSTEM32\UMPDC.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\WLDP.DLL
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000ab420000 0x129000 C:\Windows\System32\ole32.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x00000000a5050000 0x54000 C:\Windows\System32\usermgrproxy.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a1760000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
0x00000000a0880000 0x207000 C:\Windows\System32\twinapi.appcore.dll
0x00000000a5950000 0x156000 C:\Windows\System32\WinTypes.dll
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000a93a0000 0x8a000 c:\windows\system32\msvcp110_win.dll
0x000000009f6c0000 0x9f000 C:\Windows\system32\uxtheme.dll
0x0000000094a40000 0xc5000 C:\Windows\System32\windows.applicationmodel.datatransfer.dll
0x00000000ac5d0000 0x79000 C:\Windows\System32\coml2.dll
0x00000000a3990000 0x793000 C:\Windows\SYSTEM32\windows.storage.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a3240000 0xf2000 C:\Windows\System32\CoreMessaging.dll
0x00000000a2730000 0x2af000 C:\Windows\System32\iertutil.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x0000000099620000 0x49f000 c:\windows\system32\cdp.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000a79a0000 0xf7000 c:\windows\system32\PROPSYS.dll
0x00000000a64b0000 0x130000 c:\windows\system32\dsreg.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\cryptsp.dll
0x00000000a6110000 0x16000 C:\Windows\SYSTEM32\usermgrcli.dll
0x000000009de60000 0x35a000 c:\windows\system32\CoreUIComponents.dll
0x000000009a2f0000 0x1d000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
0x000000009a1a0000 0x24000 C:\Windows\SYSTEM32\edputil.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x0000000098560000 0x90000 C:\Windows\System32\appresolver.dll
0x00000000ac570000 0x55000 C:\Windows\System32\SHLWAPI.dll
0x000000009d450000 0x5a000 C:\Windows\System32\Bcp47Langs.dll
0x00000000a0d60000 0x29000 C:\Windows\System32\SLC.dll
0x00000000aa0e0000 0x2e000 C:\Windows\System32\USERENV.dll
0x000000009de30000 0x25000 C:\Windows\System32\sppc.dll
0x00000000aacd0000 0x741000 C:\Windows\System32\SHELL32.dll
0x000000009a7b0000 0x146000 C:\Windows\System32\Windows.StateRepositoryPS.dll
0x00000000a4810000 0xc3000 C:\Windows\System32\Windows.Web.dll
0x00000000a2340000 0x11000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a6400000 0xc000 C:\Windows\system32\Secur32.dll
0x00000000aa0a0000 0x3c000 C:\Windows\system32\SSPICLI.DLL
------------------------------------------------------------------------------
ApplicationFrameHost.exe pid: 4216
Command line: C:\Windows\system32\ApplicationFrameHost.exe -Embedding
Base Size Path
0x0000000048da0000 0x15000 C:\Windows\system32\ApplicationFrameHost.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000a8700000 0xf3000 C:\Windows\system32\dxgi.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\gdi32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\USER32.dll
0x00000000aab70000 0x30000 C:\Windows\System32\IMM32.DLL
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab8a0000 0xa8000 C:\Windows\System32\clbcatq.dll
0x0000000094b10000 0xab000 C:\Windows\System32\ApplicationFrame.dll
0x00000000aba30000 0xae000 C:\Windows\System32\SHCORE.dll
0x00000000a79a0000 0xf7000 C:\Windows\System32\PROPSYS.dll
0x00000000ac570000 0x55000 C:\Windows\System32\SHLWAPI.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000a0880000 0x207000 C:\Windows\System32\twinapi.appcore.dll
0x00000000a9fa0000 0x2c000 C:\Windows\System32\DEVOBJ.dll
0x000000009f6c0000 0x9f000 C:\Windows\System32\UxTheme.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000965d0000 0x2d000 C:\Windows\System32\bcp47mrm.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x000000009a330000 0xa9000 C:\Windows\System32\TWINAPI.dll
0x000000009eff0000 0x5c0000 C:\Windows\System32\d2d1.dll
0x00000000a7b30000 0x263000 C:\Windows\System32\d3d11.dll
0x00000000a8ae0000 0x2f000 C:\Windows\System32\dwmapi.dll
0x00000000a1760000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
0x00000000abfe0000 0x115000 C:\Windows\System32\MSCTF.dll
0x000000009cbc0000 0x6f6000 C:\Windows\system32\D3D10Warp.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a3990000 0x793000 C:\Windows\SYSTEM32\windows.storage.dll
0x00000000a9c60000 0x2c000 C:\Windows\system32\Wldp.dll
0x000000009d4b0000 0x3b000 C:\Windows\SYSTEM32\dxcore.dll
0x000000009e620000 0x1e5000 C:\Windows\System32\dcomp.dll
0x00000000a3240000 0xf2000 C:\Windows\System32\CoreMessaging.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x0000000093100000 0x2f4000 C:\Windows\system32\UIAutomationCore.DLL
0x00000000a6b10000 0x14000 C:\Windows\SYSTEM32\wtsapi32.dll
0x00000000a8fb0000 0x5a000 C:\Windows\system32\WINSTA.dll
0x00000000aacd0000 0x741000 C:\Windows\System32\SHELL32.dll
0x00000000aa120000 0x26000 C:\Windows\System32\profapi.dll
0x00000000a2340000 0x11000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
0x000000009a7b0000 0x146000 C:\Windows\System32\Windows.StateRepositoryPS.dll
0x000000009d8d0000 0x1b4000 C:\Windows\system32\windowscodecs.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x00000000a2490000 0xf4000 C:\Windows\SYSTEM32\mrmcorer.dll
0x00000000a2730000 0x2af000 C:\Windows\SYSTEM32\iertutil.dll
0x0000000096600000 0x14c000 C:\Windows\System32\Windows.UI.dll
0x000000009d820000 0xa1000 C:\Windows\System32\WindowManagementAPI.dll
0x0000000096b10000 0xfd000 C:\Windows\System32\TextInputFramework.dll
0x0000000097a00000 0x152000 C:\Windows\System32\InputHost.dll
0x00000000a5950000 0x156000 C:\Windows\SYSTEM32\wintypes.dll
0x000000009de60000 0x35a000 C:\Windows\System32\CoreUIComponents.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x0000000096520000 0x2d000 C:\Windows\SYSTEM32\languageoverlayutil.dll
0x0000000095de0000 0xac000 C:\Windows\system32\TextShaping.dll
0x00000000a0280000 0x79000 C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a6400000 0xc000 C:\Windows\system32\Secur32.dll
0x00000000aa0a0000 0x3c000 C:\Windows\system32\SSPICLI.DLL
------------------------------------------------------------------------------
MicrosoftEdge.exe pid: 4252
Command line: "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
Base Size Path
0x00000000dd890000 0xf9a000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
0x00000000acab0000 0x1f5000 C:\Windows\SYSTEM32\ntdll.dll
0x00000000ac650000 0xbd000 C:\Windows\System32\KERNEL32.DLL
0x00000000aa2d0000 0x2c7000 C:\Windows\System32\KERNELBASE.dll
0x000000009ec90000 0x90000 C:\Windows\SYSTEM32\apphelp.dll
0x00000000aba30000 0xae000 C:\Windows\System32\shcore.dll
0x00000000aabd0000 0x9e000 C:\Windows\System32\msvcrt.dll
0x00000000ac710000 0x355000 C:\Windows\System32\combase.dll
0x00000000aa830000 0x100000 C:\Windows\System32\ucrtbase.dll
0x00000000abe10000 0x124000 C:\Windows\System32\RPCRT4.dll
0x00000000abf40000 0x9b000 C:\Windows\System32\sechost.dll
0x00000000ab7d0000 0xcd000 C:\Windows\System32\OLEAUT32.dll
0x00000000aa680000 0x9d000 C:\Windows\System32\msvcp_win.dll
0x00000000a8bf0000 0x13000 C:\Windows\SYSTEM32\kernel.appcore.dll
0x00000000a9430000 0x17000 C:\Windows\SYSTEM32\wkscli.dll
0x00000000954a0000 0x6f000 C:\Windows\SYSTEM32\wincorlib.DLL
0x00000000a9790000 0xc000 C:\Windows\SYSTEM32\netutils.dll
0x00000000aaa90000 0x7f000 C:\Windows\System32\bcryptPrimitives.dll
0x00000000ab550000 0x1a0000 C:\Windows\System32\user32.dll
0x00000000aa650000 0x22000 C:\Windows\System32\win32u.dll
0x00000000aaba0000 0x2a000 C:\Windows\System32\GDI32.dll
0x00000000aa720000 0x109000 C:\Windows\System32\gdi32full.dll
0x00000000aab70000 0x30000 C:\Windows\System32\IMM32.DLL
0x00000000a0880000 0x207000 C:\Windows\SYSTEM32\twinapi.appcore.dll
0x00000000a2730000 0x2af000 C:\Windows\SYSTEM32\iertutil.dll
0x00000000ab970000 0xaa000 C:\Windows\System32\advapi32.dll
0x00000000a5950000 0x156000 C:\Windows\System32\WinTypes.dll
0x0000000093d60000 0x73000 C:\Windows\SYSTEM32\edgeIso.dll
0x00000000aa270000 0x60000 C:\Windows\System32\WINTRUST.dll
0x00000000aa0e0000 0x2e000 C:\Windows\SYSTEM32\USERENV.dll
0x00000000aa930000 0x15d000 C:\Windows\System32\CRYPT32.dll
0x00000000a9de0000 0x12000 C:\Windows\SYSTEM32\MSASN1.dll
0x0000000093400000 0x952000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
0x00000000a29e0000 0x1ed000 C:\Windows\SYSTEM32\urlmon.dll
0x00000000a8f40000 0x33000 C:\Windows\SYSTEM32\ntmarta.dll
0x00000000a3990000 0x793000 C:\Windows\SYSTEM32\Windows.Storage.dll
0x00000000a89e0000 0x2a000 C:\Windows\SYSTEM32\RMCLIENT.dll
0x00000000a4500000 0x30000 C:\Windows\SYSTEM32\clipc.dll
0x00000000a9c60000 0x2c000 C:\Windows\SYSTEM32\Wldp.dll
0x00000000a9bc0000 0x18000 C:\Windows\SYSTEM32\cryptsp.dll
0x00000000930d0000 0x29000 C:\Windows\SYSTEM32\EShims.dll
0x00000000aa120000 0x26000 C:\Windows\SYSTEM32\profapi.dll
0x00000000a8f80000 0x29000 C:\Windows\SYSTEM32\profext.dll
0x00000000930b0000 0x11000 C:\Windows\SYSTEM32\Windows.Internal.SecurityMitigationsBroker.dll
0x00000000abb70000 0x1d000 C:\Windows\System32\imagehlp.dll
0x00000000a8700000 0xf3000 C:\Windows\SYSTEM32\dxgi.dll
0x00000000ac570000 0x55000 C:\Windows\System32\shlwapi.dll
0x00000000a3240000 0xf2000 C:\Windows\SYSTEM32\CoreMessaging.dll
0x00000000abd40000 0x6b000 C:\Windows\System32\WS2_32.dll
0x00000000ab420000 0x129000 C:\Windows\System32\ole32.dll
0x0000000092f40000 0x170000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eData.dll
0x00000000aa240000 0x27000 C:\Windows\System32\bcrypt.dll
0x0000000098ba0000 0x32b000 C:\Windows\SYSTEM32\ESENT.dll
0x0000000091e70000 0x10c2000 C:\Windows\System32\Windows.UI.Xaml.dll
0x000000009e620000 0x1e5000 C:\Windows\SYSTEM32\dcomp.dll
0x000000009d450000 0x5a000 C:\Windows\SYSTEM32\Bcp47Langs.dll
0x00000000a8e30000 0x94000 C:\Windows\SYSTEM32\firewallapi.dll
0x00000000a96c0000 0xcb000 C:\Windows\SYSTEM32\DNSAPI.dll
0x00000000a9680000 0x3b000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
0x00000000aba20000 0x9000 C:\Windows\System32\NSI.dll
0x00000000a8df0000 0x2f000 C:\Windows\SYSTEM32\fwbase.dll
0x0000000091e00000 0x61000 C:\Windows\System32\Windows.Storage.ApplicationData.dll
0x000000009f6c0000 0x9f000 C:\Windows\system32\uxtheme.dll
0x00000000a2340000 0x11000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
0x0000000098ed0000 0x4da000 C:\Windows\SYSTEM32\WININET.dll
0x00000000aa0a0000 0x3c000 C:\Windows\SYSTEM32\SspiCli.dll
0x0000000098b80000 0x14000 C:\Windows\System32\threadpoolwinrt.dll
0x0000000096600000 0x14c000 C:\Windows\System32\Windows.UI.dll
0x000000009d820000 0xa1000 C:\Windows\SYSTEM32\WindowManagementAPI.dll
0x0000000097a00000 0x152000 C:\Windows\SYSTEM32\InputHost.dll
0x0000000096b10000 0xfd000 C:\Windows\SYSTEM32\TextInputFramework.dll
0x00000000a79a0000 0xf7000 C:\Windows\SYSTEM32\PROPSYS.dll
0x000000009de60000 0x35a000 C:\Windows\SYSTEM32\CoreUIComponents.dll
0x00000000a1760000 0x794000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
0x0000000091d90000 0x17000 C:\Windows\SYSTEM32\ondemandconnroutehelper.dll
0x00000000a66d0000 0x100000 C:\Windows\SYSTEM32\winhttp.dll
0x00000000a99e0000 0x6a000 C:\Windows\system32\mswsock.dll
0x00000000a6ad0000 0xb000 C:\Windows\SYSTEM32\WINNSI.DLL
0x00000000a6ce0000 0x9e000 C:\Windows\SYSTEM32\policymanager.dll
0x00000000a93a0000 0x8a000 C:\Windows\SYSTEM32\msvcp110_win.dll
0x00000000977e0000 0xe7000 C:\Windows\System32\Windows.ApplicationModel.dll
0x00000000a7b30000 0x263000 C:\Windows\SYSTEM32\d3d11.dll
0x00000000a2490000 0xf4000 C:\Windows\System32\MrmCoreR.dll
0x000000009cbc0000 0x6f6000 C:\Windows\SYSTEM32\d3d10warp.dll
0x000000009a7b0000 0x146000 C:\Windows\System32\Windows.StateRepositoryPS.dll
0x0000000096520000 0x2d000 C:\Windows\SYSTEM32\languageoverlayutil.dll
0x0000000091cb0000 0xdb000 C:\Windows\System32\ieproxy.dll
0x000000009d4b0000 0x3b000 C:\Windows\SYSTEM32\dxcore.dll
0x00000000aa1f0000 0x4d000 C:\Windows\System32\cfgmgr32.dll
0x00000000965d0000 0x2d000 C:\Windows\SYSTEM32\bcp47mrm.dll
0x00000000a9bb0000 0xc000 C:\Windows\SYSTEM32\CRYPTBASE.DLL
0x00000000a50b0000 0xfb000 C:\Windows\System32\AppXDeploymentClient.dll
0x0000000091ae0000 0x1a5000 C:\Windows\System32\ShellExperiences\WindowsInternal.Xaml.Controls.Tabs.dll
0x000000009eff0000 0x5c0000 C:\Windows\SYSTEM32\d2d1.dll
0x000000009ed70000 0x27e000 C:\Windows\SYSTEM32\dwrite.dll
0x00000000918f0000 0x1a7000 C:\Windows\System32\Windows.Globalization.dll
0x0000000095de0000 0xac000 C:\Windows\SYSTEM32\TextShaping.dll
0x00000000abfe0000 0x115000 C:\Windows\System32\msctf.dll
0x000000009a2f0000 0x1d000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
0x00000000995e00
Child Processes:
conhost.exe Listdlls64.exe
Open Handles:
| Path |
Type |
| (RW-) C:\Windows |
File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 |
File |
| (RW-) C:\xCyclopedia |
File |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
| Path |
| C:\SysinternalsSuite\Listdlls.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
330000010A2C79AED7797BA6AC00010000010A
- Thumbprint:
3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
- Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: Listdlls.exe
- Product Name: Sysinternals Listdlls
- Company Name: Sysinternals
- File Version: 3.2
- Product Version: 3.2
- Language: English (United States)
- Legal Copyright: Copyright (C) 1997-2016 Mark Russinovich
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/68
- VirusTotal Link: https://www.virustotal.com/gui/file/b0f6800b2bb4c86e091120e9087c75f9b1b3e46b89cf65744d65cf5ab01fd385/detection/
Possible Misuse
The following table contains possible examples of Listdlls.exe being misused. While Listdlls.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
MIT License. Copyright (c) 2020-2021 Strontic.