全网最新最全首届“陇剑杯”网络安全大赛完整WIRTEUP --- wifi(1题)
网管小王最近喜欢上了ctf网络安全竞赛,他使用“哥斯拉”木引进玩玩upload-labs ,并且保存了内存镜像、 wifi和服务器流量,让您来分析后作答:(本题仅1小问)
小王往upload-labs上传木马后进行了cat /flag,flag内容为_____________。(压缩包里有解压密码的提示,需要额外添加花括号)
提取元数据 volatility -f 'Windows 7-dde00fa9.vmem' imageinfo
提取文件目录 volatility -f 'Windows 7-dde00fa9.vmem' --profile=Win7SP1x86_23418 filescan > 1.txt
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib
*** Failed to import volatility.plugins.linux.malfind (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.malware.timers (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.overlays.windows.win8 (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.drivermodule (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.overlays.mac.mac (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.overlays.windows.win8_kdbg (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.timeliner (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.malware.apihooks (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.multiscan (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.dumpcerts (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.tcaudit (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.malware.devicetree (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.overlays.windows.win10 (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.malware.threads (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.malware.idt (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.mac.mac_yarascan (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.linux.netscan (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.linux.linux_truecrypt (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.malware.malfind (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.ssdt (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.mac.malfind (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.malware.callbacks (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Failed to import '/usr/lib/libyara.so'
PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.dotnet/tools;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib;/usr/lib
*** Failed to import volatility.plugins.linux.linux_yarascan (OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory)
Offset(P) #Ptr #Hnd Access Name
------------------ ------ ------ ------ ----
0x000000001b7ebf80 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000001bbf9420 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\intelppm.sys
0x000000001bbf9b98 16 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\dumpfve.sys
0x000000001bc0e4a8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\msfs.sys
0x000000001bcd92d0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\FirewallAPI.dll
0x000000001bcd9a18 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\arialbd.ttf
0x000000001be2b368 15 0 RW-rwd \Device\HarddiskVolume1\$Mft
0x000000001be2be70 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wsnmp32.dll
0x000000001bea5448 1 1 R----- \Device\HarddiskVolume1\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
0x000000001bfa92c0 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\fltMgr.sys
0x000000001bfa9558 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\amdxata.sys
0x000000001bfa9990 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\msahci.sys
0x000000001bfa9ac8 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\ntfs.sys
0x000000001bfa9f80 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\storport.sys
0x000000001c0b4348 2 0 RW-rwd \Device\HarddiskVolume1\Windows\rescache\rc0002\ResCache.hit
0x000000001c0b4e70 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WSDMon.dll
0x000000001c128028 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog
0x000000001c1287f0 2 1 RW-rw- \Device\clfsKtmLog
0x000000001c128958 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog
0x000000001c41d828 3 0 RW-rwd \Device\HarddiskVolume1\$MftMirr
0x000000001c41d960 17 0 RW-rwd \Device\HarddiskVolume1\$Mft
0x000000001c41db68 2 1 RW-r-- \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
0x000000001c7ec038 8 0 R--r-d \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\zh-CN\mip.exe.mui
0x000000001c7ec280 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000001c7ec5c8 2 1 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\{529B7D2A-05D1-4F21-A001-8F4FF817FC3A}
0x000000001c8532b0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\intelppm.sys
0x000000001c8538e0 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000001c853ad8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\2c59ecaf-3a27-4640-9f4b-519b05bdd70f
0x000000001c853cf0 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart
0x000000001c8937a0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wcnwiz.dll
0x000000001ca2f620 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\usbport.sys
0x000000001ca2fce8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\tdi.sys
0x000000001ca2fed8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\usbuhci.sys
0x000000001cba5dc8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\CmBatt.sys
0x000000001cbff038 3 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\autoUpgrade.dll
0x000000001cbff210 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000001cbff2c8 3 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\vmbackup.dll
0x000000001cbff628 3 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\deployPkgPlugin.dll
0x000000001cbff6e0 3 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\powerOps.dll
0x000000001cbff810 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000001cea0448 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
0x000000001cea0730 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath
0x000000001cea07e8 17 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
0x000000001d0527f0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\prnso002.cat
0x000000001d052a80 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\2375f586-1009-41fb-b54e-30d8af2b781d
0x000000001d1b24c0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\usbehci.sys
0x000000001d1e94b0 17 0 RW-rwd \Device\HarddiskVolume1\$BitMap
0x000000001d1e9990 10 0 RW-rwd \Device\HarddiskVolume1\$MapAttributeValue
0x000000001d2b2038 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService
0x000000001d2b2230 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
0x000000001d2b2890 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
0x000000001d2b2b38 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
0x000000001d2b2f80 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\12a9c263-6999-4d88-a760-5bdcf6c9b44b
0x000000001d2b4928 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msra.exe
0x000000001d2f3bd0 14 0 R--r-- \Device\HarddiskVolume1\Windows\System32\ntdll.dll
0x000000001d3514c0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\cdrom.sys
0x000000001d3516a0 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\CodeIntegrity\bootcat.cache
0x000000001d453380 1 0 RW-rwd \Device\HarddiskVolume1\$NonCachedIo
0x000000001d8b41d8 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000001d8b45b0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\serenum.sys
0x000000001d8b4f80 6 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
0x000000001da754d8 1 1 R----- \Device\HarddiskVolume1\System Volume Information\{ea1e9d68-e32d-11eb-a936-94e70bb14e54}{3808876b-c176-4e48-b7ae-04046e6cc752}
0x000000001da75628 1 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000001db0d370 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
0x000000001db0d658 8 0 R--rwd \Device\HarddiskVolume1\Windows\Resources\Ease of Access Themes\classic.theme
0x000000001db0dbe8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cscobj.dll
0x000000001dbe9768 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\tdx.sys
0x000000001dbe9898 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\CompositeBus.sys
0x000000001dd31910 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\npfs.sys
0x000000001dfc8190 2 0 -W---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9431IYM4\ErrorPageTemplate[1]
0x000000001dfc8dd0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\perfh009.dat
0x000000001dfc8f80 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\localspl.dll
0x000000001e074038 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000001e0747f8 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000001e0c4038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\prfc0804.dat
0x000000001e0c4f80 8 0 R--rwd \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\glib-2.0.dll
0x000000001e399cb8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\snmpapi.dll
0x000000001e481440 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ddrawex.dll
0x000000001e481e38 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\monitor.sys
0x000000001e4d6038 4 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtoolsd.exe
0x000000001e4d6978 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SmartcardCredentialProvider.dll
0x000000001e4f9038 2 1 ------ \Device\Afd\Endpoint
0x000000001e4f9330 5 0 R--r-- \Device\HarddiskVolume1\Windows\Globalization\Sorting\SortDefault.nls
0x000000001e4f98a8 1 1 ------ \Device\NamedPipe\InitShutdown
0x000000001e61d3d0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\tunnel.sys
0x000000001e61dc00 1 1 R--rw- \Device\HarddiskVolume1\Windows
0x000000001e6d1530 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\tcpbidi.xml
0x000000001e6d18a0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wlandlg.dll
0x000000001e6d1a58 2 1 R--rwd \Device\HarddiskVolume1\Program Files
0x000000001eab5180 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\afd.sys
0x000000001eb5c888 15 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\vmmouse.sys
0x000000001eb5cc78 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\E1G60I32.sys
0x000000001ed8d420 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000001ed8dcb0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\zh-CN\powershell.exe.mui
0x000000001ed8dd68 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
0x000000001eda4650 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe
0x000000001eda4710 1 1 ------ \Device\NamedPipe\MsFteWds
0x000000001eda4a40 6 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
0x000000001eda4c98 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\StructuredQuery.dll
0x000000001eda4e30 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\winipsec.dll
0x000000001eee7028 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\fileinfo.sys
0x000000001eee72f8 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\cng.sys
0x000000001eee7430 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\pcw.sys
0x000000001eee7a58 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys
0x000000001eee7b90 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\ksecdd.sys
0x000000001ef3d338 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\usbmon.dll
0x000000001ef3d4f0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\PrintIsolationProxy.dll
0x000000001ef3d860 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\spoolss.dll
0x000000001f2f0218 16 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\crashdmp.sys
0x000000001f2f04d8 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000001f2f0f80 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\tcpmon.dll
0x000000001f49e170 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\ws2ifsl.sys
0x000000001f5192f8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\FXSMON.dll
0x000000001f5194b8 7 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf
0x000000001f78f038 7 0 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
0x000000001f78f1e0 8 0 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
0x000000001f78f4b0 2 1 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces
0x000000001f78f6d8 4 0 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
0x000000001f78f978 5 0 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
0x000000001f78fbd0 8 0 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
0x000000001f78ff80 8 0 R--r-- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1b4dd67f29cb1962.customDestinations-ms
0x000000001fc86280 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\recdisc.exe
0x000000001fc868e0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\spool\prtprocs\w32x86\winprint.dll
0x000000001fc86a90 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\thumbcache.dll
0x000000001fc86c90 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000001fdf7038 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wwapi.dll
0x000000001fdf79f0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\stobject.dll
0x000000001fdf7d20 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WFS.exe
0x000000001fe280a8 1 1 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
0x000000001fe54488 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WSDApi.dll
0x000000001fe54c10 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\fdPnp.dll
0x000000001ff4b120 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\pacer.sys
0x000000001ff4b418 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\dxgkrnl.sys
0x000000001ff4b878 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\fdc.sys
0x000000002022b038 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\winsta.dll
0x000000002022bce8 8 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_move.cur
0x00000000204c5c38 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000002051bbf8 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x00000000209f0150 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x00000000209f08a0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\zh-CN\ndis.sys.mui
0x0000000020b30dc8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\winrnr.dll
0x0000000020b30f80 5 0 R--r-- \Device\HarddiskVolume1\Windows\System32\cmd.exe
0x0000000020b861d0 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat{93b3bf0a-e32d-11eb-94e6-94e70bb14e54}.TM
0x0000000020b86a10 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wlanmsm.dll
0x0000000020b86cd8 1 1 RW---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
0x0000000020b86d90 1 1 RW---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat
0x0000000020be4038 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
0x0000000020be4a58 6 0 RW-rwd \Device\HarddiskVolume1\$ConvertToNonresident
0x0000000020be4dc8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\tquery.dll
0x0000000020d17108 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\catsrvps.dll
0x0000000020d171c0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\catsrvut.dll
0x0000000020d175e0 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000020d17698 2 0 R--rw- \Device\HarddiskVolume1\ProgramData\VMware\VMware Tools\Unity Filters\googledesktop.txt
0x0000000020d5d228 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000020d5d3b8 1 1 R--rwd \Device\HarddiskVolume1穽
0x00000000211c86a0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\netbios.sys
0x00000000211c8b88 16 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\vm3dmp.sys
0x00000000211c8c30 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\vwififlt.sys
0x000000002123e5f8 11 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx
0x000000002123ec70 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ksuser.dll
0x00000000212bea90 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\wfplwf.sys
0x00000000215a0690 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\RDPREFMP.sys
0x0000000021b76228 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000021b763e0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\zh-CN\bthpan.sys.mui
0x0000000021b76498 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000021bc7dc8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\webservices.dll
0x0000000021c0e4f0 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\PeerDist.dll
0x0000000021cd82b0 2 1 ------ \Device\NamedPipe\epmapper
0x0000000021cd87a0 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000021cd8858 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-198-0
0x0000000021e716a8 1 0 R--r-- \Device\HarddiskVolume1\Windows\Prefetch\ReadyBoot\Trace7.fx
0x0000000021e71c10 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\prfh0804.dat
0x000000002208a160 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000002208a9b0 8 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe
0x000000002208ad28 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
0x00000000221b13a0 8 0 R--r-d \Device\HarddiskVolume1\Windows\AppPatch\drvmain.sdb
0x00000000221b14d8 6 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x00000000221b19a8 1 1 ------ \Device\NamedPipe\ProtectedPrefix
0x00000000222a4708 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\serial.sys
0x00000000222a4b58 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\wanarp.sys
0x00000000223a0168 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\rdbss.sys
0x000000002270c190 16 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000022776690 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x0000000022776938 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\KBDUS.DLL
0x000000002288f560 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe
0x000000002288f640 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\icardres.dll.mui
0x00000000228d3c58 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x00000000228d3f80 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\50740f13-6341-4e97-8425-a424dc33560f
0x0000000022a52520 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000022a52d20 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000022c22488 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000022c22a58 15 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmrawdsk.sys
0x0000000022e520b0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\agilevpn.sys
0x0000000022e527a0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\dxgmms1.sys
0x0000000022f20038 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000022f20790 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000023059518 9 1 RW-rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
0x0000000023059800 9 1 RW-rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
0x0000000023059c38 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\audiodg.exe.mui
0x0000000023059f80 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x0000000023146290 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x00000000232b8290 9 1 RW-rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid
0x00000000232b8988 9 1 RW-rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
0x00000000232b8da8 2 0 R----- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA
0x00000000234805c0 10 0 R----- \Device\CdRom0:$VMCB$
0x000000002353dc70 14 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\termdd.sys
0x00000000236f11a0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\win32k.sys
0x00000000236f1808 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x00000000236f1d20 1 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\MF\Active.GRL
0x0000000023769b68 10 0 RW-rwd \Device\HarddiskVolume1\$LogFile
0x0000000023769f80 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\Desktop
0x0000000023c68038 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msprivs.dll
0x000000003d72c5c8 5 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003d72c7b8 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003d7fe458 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog
0x000000003d7fe810 3 1 RW-r-- \Device\clfsTxfLog
0x000000003d800038 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\httpapi.dll
0x000000003d800160 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cscsvc.dll
0x000000003d8002d0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\umpo.dll
0x000000003d800388 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\FWPUCLNT.DLL
0x000000003d800d08 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msident.dll
0x000000003d800f80 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ieuinit.inf
0x000000003d801e50 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
0x000000003d801f08 5 0 R--r-- \Device\HarddiskVolume1\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
0x000000003d802488 2 1 ------ \Device\Afd\Endpoint
0x000000003d803228 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\odbcint.dll.mui
0x000000003d803640 2 1 ------ \Device\Afd\Endpoint
0x000000003d803aa8 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
0x000000003d8041e0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\svchost.exe
0x000000003d805388 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\en-US\azroles.dll.mui
0x000000003d805838 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wuauclt.exe
0x000000003d805e10 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms
0x000000003d806140 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ole32.dll
0x000000003d806318 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sechost.dll
0x000000003d806580 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WWanAPI.dll
0x000000003d807158 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wintrust.dll
0x000000003d8089d0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\jscript.dll
0x000000003d808af0 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\qmgrprxy.dll
0x000000003d808cd8 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003d808f80 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NetProjW.dll
0x000000003d8092d0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\perfdisk.dll
0x000000003d8094b0 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mssitlb.dll
0x000000003d8095a8 2 1 ------ \Device\Afd\Endpoint
0x000000003d809948 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
0x000000003d809ec8 5 0 R--rwd \Device\HarddiskVolume1\Windows\AppPatch\AcGenral.dll
0x000000003d809f80 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wwaninst.dll
0x000000003d80b770 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-204-0
0x000000003d80bcd0 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\CONHOST.EXE-3218E401.pf
0x000000003d80d918 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk
0x000000003d80deb0 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRNSFZZV\7z1900[1].exe
0x000000003d80e038 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\azroles.dll
0x000000003d80e600 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003d80e978 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms
0x000000003d80eea8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll
0x000000003d80f038 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\Vani.ttf
0x000000003d80f500 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NetworkList\Icons\{57FCF249-B130-4CA7-ACD9-A12A56F0A46D}_32.bin
0x000000003d810318 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msctf.dll
0x000000003d811188 6 0 RW---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4B152A35-E32E-11EB-A936-94E70BB14E54}.dat
0x000000003d8121d8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drt.dll
0x000000003d812290 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\perfos.dll
0x000000003d812440 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wlanapi.dll
0x000000003d8124f8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dot3api.dll
0x000000003d812878 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-StarterEdition~31bf3856ad364e35~x86~~6.1.7600.16385.cat
0x000000003d812d60 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003d812f80 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msdt.exe
0x000000003d814280 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\tbssvc.dll
0x000000003d8146a8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wlanhlp.dll
0x000000003d814ca8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dpx.dll
0x000000003d815c98 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca
0x000000003d816038 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
0x000000003d816388 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WLanConn.dll
0x000000003d816498 1 1 R--r-d \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat
0x000000003d8165b8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\audiodev.dll
0x000000003d816a70 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\Wpc.dll
0x000000003d8174e8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\bthprops.cpl
0x000000003d8179a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wevtapi.dll
0x000000003d818038 12 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rasmontr.dll
0x000000003d818160 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\perfc009.dat
0x000000003d818960 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\netsh.exe.mui
0x000000003d818d78 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\osk.exe
0x000000003d81b1d8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
0x000000003d81c198 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
0x000000003d81c638 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mscoree.dll
0x000000003d81ca80 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\comctl32.dll
0x000000003d81d860 8 0 R--rwd \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtools.dll
0x000000003d81df80 1 1 ------ \Device\NamedPipe\W32TIME_ALT
0x000000003d81e038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\umpo.dll.mui
0x000000003d81e388 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dbghelp.dll
0x000000003d81eb40 1 1 RW---- \Device\HarddiskVolume1\System Volume Information\Syscache.hve.LOG1
0x000000003d81ee60 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\davclnt.dll
0x000000003d81fd60 8 0 R--rwd \Device\HarddiskVolume1\Windows\rescache\rc0001\ResCache.hit
0x000000003d820540 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mmres.dll
0x000000003d820db8 2 0 -W---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P2DFGMSC\dnserror[1]
0x000000003d821038 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003d821390 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\conhost.exe
0x000000003d822cb0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\EhStorAPI.dll
0x000000003d822d68 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mssvp.dll
0x000000003d822e20 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dxtmsft.dll
0x000000003d823388 9 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\WLanConn.dll.mui
0x000000003d823f80 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\audiodg.exe
0x000000003d8241e8 7 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat
0x000000003d824690 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\FXSST.dll
0x000000003d824b58 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003d824d78 4 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
0x000000003d826038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dxgi.dll
0x000000003d826130 8 0 R--rwd \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
0x000000003d826260 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dimsjob.dll
0x000000003d826f80 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\QUTIL.DLL
0x000000003d827240 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\nsi.dll
0x000000003d827638 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\FXSRESM.dll.mui
0x000000003d829038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\secur32.dll
0x000000003d829190 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sspicli.dll
0x000000003d8295a0 2 0 R--r-- \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
0x000000003d829b50 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx
0x000000003d82a770 1 1 ------ \Device\Afd\Endpoint
0x000000003d82bf80 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
0x000000003d82d490 1 1 -W-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt
0x000000003d82e128 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\user32.dll
0x000000003d82e2f0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\gdi32.dll
0x000000003d82e648 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003d82f0d0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\eappcfg.dll
0x000000003d82f318 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\eappprxy.dll
0x000000003d82f538 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\davhlpr.dll
0x000000003d82f6b8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\FXSSVC.exe
0x000000003d82f7e0 1 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkLocationWizard%4Operational.evtx
0x000000003d82fb60 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\advpack.dll
0x000000003d82fc18 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\usercpl.dll
0x000000003d830388 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
0x000000003d831318 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
0x000000003d8320c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
0x000000003d832318 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\atl.dll
0x000000003d832770 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\FXSAPI.dll
0x000000003d833e80 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\fwcfg.dll
0x000000003d834038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\crypt32.dll
0x000000003d834888 1 1 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
0x000000003d834940 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mblctr.exe
0x000000003d835638 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
0x000000003d835dc0 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\filemgmt.dll
0x000000003d836b40 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
0x000000003d837038 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\chtbrkr.dll
0x000000003d837288 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\lpk.dll
0x000000003d837600 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\FXSRESM.dll
0x000000003d8377c8 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
0x000000003d837b38 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\propsys.dll
0x000000003d837d88 10 0 R--rwd \Device\HarddiskVolume1\Windows\System32\SyncInfrastructure.dll
0x000000003d838180 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\setupapi.dll
0x000000003d839858 7 0 R--r-- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
0x000000003d83bdb0 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\verdana.ttf
0x000000003d83c1d0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
0x000000003d83c2f8 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003d83c8d8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ieapfltr.dat
0x000000003d83d038 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\advapi32.dll
0x000000003d83d808 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\userenv.dll
0x000000003d83d9c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cscobj.dll
0x000000003d83dc10 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cscapi.dll
0x000000003d83ddc8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cscdll.dll
0x000000003d83df80 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cscui.dll
0x000000003d83e638 3 0 RW---- \Device\HarddiskVolume1\Windows\Prefetch\AgAppLaunch.db
0x000000003d83eae8 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\catroot2\edb.log
0x000000003d83f1c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\winbrand.dll
0x000000003d83f4c0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\lsmproxy.dll
0x000000003d83fb28 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\devrtl.dll
0x000000003d83fce0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\nci.dll
0x000000003d8405e0 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\建议网站~.feed-ms
0x000000003d840938 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\appinfo.dll
0x000000003d840a78 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\fontext.dll
0x000000003d840de0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\shacct.dll
0x000000003d841210 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
0x000000003d841840 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003d842528 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\apds.dll
0x000000003d8428c8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\winrnr.dll
0x000000003d842980 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\NapiNSP.dll
0x000000003d843390 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu
0x000000003d8436d0 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\tahomabd.ttf
0x000000003d844158 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wshbth.dll
0x000000003d844a10 2 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
0x000000003d845038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
0x000000003d847e48 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
0x000000003d848488 1 1 ------ \Device\NamedPipe\W32TIME_ALT
0x000000003d8485a0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rtutils.dll
0x000000003d848888 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rasman.dll
0x000000003d848b68 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rasapi32.dll
0x000000003d848dc8 8 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
0x000000003d849520 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\taskhost.exe
0x000000003d849e38 1 1 RW---- \Device\HarddiskVolume1\System Volume Information\Syscache.hve
0x000000003d84a318 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\credssp.dll
0x000000003d84a490 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\vmictimeprovider.dll
0x000000003d84a598 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\urlmon.dll
0x000000003d84a7d0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\iertutil.dll
0x000000003d84ab40 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msidle.dll
0x000000003d84abf8 7 0 R--rwd \Device\HarddiskVolume1\Users\Public\Videos\desktop.ini
0x000000003d84b318 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wcncsvc.dll
0x000000003d84b550 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\winspool.drv
0x000000003d84baf0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\elslad.dll
0x000000003d84bd20 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ACCTRES.dll
0x000000003d84bdd8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003d84bec8 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\pdh.dll
0x000000003d84bf80 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\fms.dll
0x000000003d84c940 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\inetcomm.dll
0x000000003d84e038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\Display.dll.mui
0x000000003d84f4a0 8 0 R--rw- \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\resume-vm-default.bat
0x000000003d84f9a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mssprxy.dll
0x000000003d84fa60 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf
0x000000003d851318 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
0x000000003d852500 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mssph.dll
0x000000003d8528d0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\credui.dll
0x000000003d854160 12 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mctadmin.exe
0x000000003d855f80 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
0x000000003d8560f8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
0x000000003d856f80 8 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMwareResolutionSet.exe
0x000000003d857290 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Links\desktop.ini
0x000000003d857450 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\pngfilt.dll
0x000000003d857728 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\RacEngn.dll
0x000000003d857a50 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\certprop.dll
0x000000003d858620 2 1 ------ \Device\NamedPipe\srvsvc
0x000000003d858848 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mfplat.dll
0x000000003d858bf0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\schedcli.dll
0x000000003d859728 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003d85a6a8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\NCProv.dll
0x000000003d85b550 15 0 R--rwd \Device\HarddiskVolume1\Windows\System32\usbceip.dll
0x000000003d85c318 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\usp10.dll
0x000000003d85c548 2 0 -W---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9431IYM4\httpErrorPagesScripts[2]
0x000000003d85d258 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\zh-CN\cdrom.sys.mui
0x000000003d85d5c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\avrt.dll
0x000000003d85d728 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003d85d870 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu
0x000000003d85f038 7 0 R--r-- \Device\HarddiskVolume1\Windows\Prefetch\AgRobust.db
0x000000003d860468 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003d860be8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msfeeds.dll
0x000000003d860ca0 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\KernelBase.dll.mui
0x000000003d860d58 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\Links\RecentPlaces.lnk
0x000000003d860f80 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\werconcpl.dll
0x000000003d861c00 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sqmapi.dll
0x000000003d862038 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\bitsigd.dll
0x000000003d862270 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\aeevts.dll
0x000000003d862558 8 0 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk
0x000000003d863de8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
0x000000003d865a98 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
0x000000003d865d10 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\verclsid.exe
0x000000003d865f80 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003d866f00 10 0 -W---- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_07a532f2\Report.wer
0x000000003d867400 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
0x000000003d868828 8 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
0x000000003d868dd0 7 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
0x000000003d8694d0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\oleacc.dll
0x000000003d86a038 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
0x000000003d86ce68 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\url.dll
0x000000003d86d168 11 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WinSATAPI.dll
0x000000003d86db80 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mlang.dll
0x000000003d86de80 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\nlaapi.dll
0x000000003d86e458 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wininet.dll
0x000000003d86e6e8 13 0 R--rwd \Device\HarddiskVolume1\Program Files\Internet Explorer\ieproxy.dll
0x000000003d86f138 11 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ipnathlp.dll
0x000000003d86fc28 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\normaliz.dll
0x000000003d8700c0 12 0 R--rwd \Device\HarddiskVolume1\Windows\System32\upnp.dll
0x000000003d871038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
0x000000003d871120 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ssdpsrv.dll
0x000000003d8718c8 2 0 -W---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P2DFGMSC\background_gradient[2]
0x000000003d872388 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ssdpapi.dll
0x000000003d8725e0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\INETRES.dll
0x000000003d872d58 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\webio.dll
0x000000003d872f80 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\winhttp.dll
0x000000003d87ef80 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\apphelp.dll
0x000000003d880208 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\consent.exe
0x000000003d880588 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\desk.cpl
0x000000003d880b98 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\uDWM.dll
0x000000003d880f80 16 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ws2help.dll
0x000000003d88a670 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\mssvp.dll.mui
0x000000003d88aec8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\HelpPaneProxy.dll
0x000000003d88af80 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\SoundRecorder.exe
0x000000003d88b278 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\powercpl.dll
0x000000003d88b558 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\umrdp.dll
0x000000003d88bb30 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003d88bf80 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WsmSvc.dll
0x000000003d88c470 8 0 -W-r-- \Device\HarddiskVolume1\Windows\System32\wbem\Performance\WmiApRpl.ini.ini
0x000000003d88d038 8 0 R--rwd \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\iconv.dll
0x000000003d88d238 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\hdaudbus.sys
0x000000003d88d938 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\WWanMM.dll.mui
0x000000003d88fbf0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mapi32.dll
0x000000003d890178 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
0x000000003d89f7e0 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wpccpl.dll
0x000000003d8a3258 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msoeacct.dll
0x000000003d8a3500 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msinfo32.exe
0x000000003d8a36a8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msfeedsbs.dll
0x000000003d8a3940 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msidcrl30.dll
0x000000003d8a3b90 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\accessibilitycpl.dll
0x000000003d8ae588 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\browcli.dll
0x000000003d8aec28 8 0 R--r-- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICRFFTLT\favicon[1].ico
0x000000003d8aef80 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\Links
0x000000003d8b0358 2 1 ------ \Device\nativewifip\{529b7d2a-05d1-4f21-a001-8f4ff817fc3a}
0x000000003d901700 4 1 RW-rwd \Device\HarddiskVolume1\Windows\CSC\v2.0.6\pq
0x000000003d901e00 4 0 RW-rwd \Device\HarddiskVolume1\$MapAttributeValue
0x000000003d9be450 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\vga.sys
0x000000003da01038 8 0 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
0x000000003da01178 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\networkexplorer.dll
0x000000003da012b0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\PortableDeviceTypes.dll
0x000000003da01a98 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Burn\Burn
0x000000003da02038 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
0x000000003da022f8 8 0 R--rwd \Device\HarddiskVolume1\$Recycle.Bin\S-1-5-21-632115932-2214978728-2420482550-1000\desktop.ini
0x000000003da03390 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Pictures\desktop.ini
0x000000003da03910 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msdtctm.dll
0x000000003da039c8 8 0 R--rwd \Device\HarddiskVolume1\Users\Public\Pictures\desktop.ini
0x000000003da03da0 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003da044b0 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
0x000000003da04770 8 0 R--rwd \Device\HarddiskVolume1\Users\Public\Music\desktop.ini
0x000000003da055f8 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Music\desktop.ini
0x000000003da05eb8 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
0x000000003da06458 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003da06af8 8 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\gobject-2.0.dll
0x000000003da06bb0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da07270 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\es.dll
0x000000003da07508 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da07740 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da077f8 5 0 R--r-d \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
0x000000003da07f80 6 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\intl.dll
0x000000003da08510 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da085c8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da08bb8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da08e60 7 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\iconv.dll
0x000000003da09190 8 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\gmodule-2.0.dll
0x000000003da09368 6 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\glib-2.0.dll
0x000000003da0a558 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da0ab10 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\KernelBase.dll.mui
0x000000003da0ac90 5 0 R--r-- \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\icudt44l.dat
0x000000003da0b038 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\icmp.dll
0x000000003da0b210 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da0b4b0 6 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\vmtools.dll
0x000000003da0ba08 8 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\gthread-2.0.dll
0x000000003da0be20 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003da0da00 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\trkwks.dll
0x000000003da0dab8 2 0 R--rw- \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\messages\zh_CN\vmtoolsd.vmsg
0x000000003da163b0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da169c0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\srvsvc.dll
0x000000003da16ba8 8 1 R--r-d \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui
0x000000003da175b0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\vbscript.dll
0x000000003da17e40 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
0x000000003da18608 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
0x000000003da18808 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\e6f3a527-8b0b-43fa-94eb-584032761924
0x000000003da18c80 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\taskhost.exe
0x000000003da19160 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\001500d3-673b-4e41-bc5b-d3dde4e07a81
0x000000003da196a8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\f3c08771-bbfb-4fc8-981e-10ce0c640cae
0x000000003da19b38 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager
0x000000003da19d58 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1
0x000000003da1ac90 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003da1af00 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
0x000000003da1b488 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\f1369a11-e983-4458-b390-712efa1cba44
0x000000003da1bc18 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\e79b2998-8f63-451a-a56d-26edc0a5098a
0x000000003da1cc70 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
0x000000003da1cf18 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\05ee699f-ab25-42d8-8781-558c5d1d2fad
0x000000003da1d720 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003da1d998 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\071d41b6-8806-4eb0-b661-6cb67be6e86e
0x000000003da1f5e0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5
0x000000003da1f698 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9
0x000000003da1ff00 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003da200f8 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
0x000000003da20b58 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
0x000000003da20dc8 8 0 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000005.clb
0x000000003da216f0 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery
0x000000003da21be8 6 0 R--r-- \Device\HarddiskVolume1\Windows\System32\wuapi.dll
0x000000003da21ca0 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\0775c4c6-7112-45bd-badf-00708d6ad9b9
0x000000003da22038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ddraw.dll
0x000000003da22230 7 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmusr\unity.dll
0x000000003da22410 2 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.manifest
0x000000003da22688 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
0x000000003da23038 9 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\msdtc.exe.mui
0x000000003da23198 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
0x000000003da23440 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da23628 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\085ef902-c087-449b-a49a-fc66f7f141c2
0x000000003da236e0 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\0d9b5d92-3a22-486d-a887-3aa21597cf27
0x000000003da23a38 8 0 R--r-d \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll
0x000000003da23f80 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\mcupdate
0x000000003da24038 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da24128 6 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmusr\vmtray.dll
0x000000003da243a0 5 0 R--r-d \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll
0x000000003da245b8 2 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.manifest
0x000000003da247d8 4 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\glibmm-2.4.dll
0x000000003da248d8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da24b58 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da24d10 7 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmusr\dndcp.dll
0x000000003da24dc8 8 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmusr\desktopEvents.dll
0x000000003da24ec8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da25658 6 0 R--r-d \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90CHS.DLL
0x000000003da25870 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.manifest
0x000000003da25ca0 2 0 R--rw- \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\messages\zh_CN\hgfsUsability.vmsg
0x000000003da26248 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003da263b8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7
0x000000003da26470 2 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.manifest
0x000000003da26670 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003da27038 17 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
0x000000003da27150 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\145be95a-0531-4c95-b0b7-2959b84a53f0
0x000000003da27208 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\18e6d428-d26c-4169-bedf-3b5bddc952f6
0x000000003da27f80 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\winmm.dll
0x000000003da284f0 2 0 R--rw- \Device\HarddiskVolume1\ProgramData\VMware\VMware Tools\Unity Filters\vmwarefilters.txt
0x000000003da28650 7 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\Msdtc\MSDTC.LOG
0x000000003da28c70 2 0 R--rw- \Device\HarddiskVolume1\ProgramData\VMware\VMware Tools\Unity Filters\vistasidebar.txt
0x000000003da29038 2 0 R--rw- \Device\HarddiskVolume1\ProgramData\VMware\VMware Tools\Unity Filters\win7gadgets.txt
0x000000003da293e0 3 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Recent
0x000000003da29ae0 5 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMToolsHook.dll
0x000000003da29d98 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\wbem\Repository\MAPPING2.MAP
0x000000003da2a130 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\tsgqec.dll
0x000000003da2b268 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WMALFXGFXDSP.dll
0x000000003da2be00 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\esscli.dll
0x000000003da2d038 3 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003da2df80 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\gameux.dll
0x000000003da2e330 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
0x000000003da2eac0 8 0 R--rwd \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\intl.dll
0x000000003da2eb78 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\24fa84a0-e087-48ec-bc51-2b9c4c815d78
0x000000003da2eca0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\wbemcore.dll
0x000000003da2f858 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\2bd05ba6-988d-4bd3-a9cd-9a39f80af524
0x000000003da2ff80 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
0x000000003da30460 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\wucltux.dll.mui
0x000000003da30518 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
0x000000003da30880 6 0 R--r-- \Device\HarddiskVolume1\Windows\inf\hdaudio.PNF
0x000000003da30f80 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\BFE.DLL
0x000000003da31f80 7 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf
0x000000003da32720 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot
0x000000003da334b8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\4040e761-8758-4007-b2fe-142b24bf4b16
0x000000003da33738 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003da33be8 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization
0x000000003da33f80 11 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx
0x000000003da34430 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Ras\MobilityManager
0x000000003da34978 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\HotStartUserAgent.dll
0x000000003da34d28 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003da35038 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msdtclog.dll
0x000000003da35f80 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sud.dll
0x000000003da38038 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask
0x000000003da38430 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
0x000000003da387e0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\vsocklib.dll
0x000000003da39070 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\495db94f-c93a-4cbd-8740-e4f7833ccf7f
0x000000003da393b0 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery
0x000000003da39980 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\44a85805-48dd-4633-927f-e66f20ed267a
0x000000003da39cc0 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\50fb5a03-0e1e-48de-b8a1-bee9d7d2cd0f
0x000000003da39d78 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\5b184694-64c3-4633-94c5-945b3fa561d6
0x000000003da3a250 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\PlaySndSrv.dll
0x000000003da3a6b8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\5c03d9e9-014c-45db-a905-70d988803ecb
0x000000003da3aa08 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
0x000000003da3ae30 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate
0x000000003da3b770 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\resutils.dll
0x000000003da3b9e8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
0x000000003da3bf80 8 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmusr\vmtray.dll
0x000000003da3c038 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\hnetcfg.dll
0x000000003da3cdc8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\5c2c622f-70e9-4194-a7da-033e827365ad
0x000000003da3d408 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\xwtpdui.dll
0x000000003da3e038 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask
0x000000003da3e210 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\midimap.dll
0x000000003da3e5c0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msacm32.drv
0x000000003da3ec70 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\5d6ed11b-b10a-481e-81a8-dca4de62182e
0x000000003da3ef80 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003da3f860 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\AppID\PolicyConverter
0x000000003da40448 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
0x000000003da40988 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\netprofm.dll
0x000000003da40d48 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\WDI\ResolutionHost
0x000000003da40e00 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\6375cc1c-d975-48d2-9cd5-63db19b10d4a
0x000000003da40eb8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\60158c7a-6808-42cd-95ee-afd9a57925db
0x000000003da41600 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
0x000000003da41a90 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\6aef0c98-2cb4-4b67-8c70-4c977c7355cc
0x000000003da41f80 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\6b7ac694-8d6d-481b-9dd8-2a3a741ada6d
0x000000003da427a0 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\72c1c292-2a87-474b-86b3-6b92fa270843
0x000000003da42b10 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
0x000000003da42cf8 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
0x000000003da42f80 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\odbcint.dll
0x000000003da43448 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\MsCtfMonitor.dll
0x000000003da43dc8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\731e9c62-95b5-4c8c-ab64-4cc591c9ff5b
0x000000003da440e0 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
0x000000003da44520 11 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
0x000000003da445e0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
0x000000003da44960 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ntmarta.dll
0x000000003da45338 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\73259f86-29d6-42ff-b1e7-634f6e40d4f8
0x000000003da45670 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mtxoci.dll
0x000000003da457f8 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit
0x000000003da45978 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\7bb7f9a5-5bd4-468d-82c8-ad566e07fc2d
0x000000003da4f360 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\7d3c7871-a917-4ef0-82e8-5f0a96423051
0x000000003da4fa50 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
0x000000003da4fd20 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
0x000000003da50270 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\chsbrkr.dll
0x000000003da50698 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003da507e0 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
0x000000003da50a88 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\9efacbe6-a797-4905-a0c6-014cd3000dbb
0x000000003da50c70 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\9062c618-5e76-49dd-8a76-798aa1c4b1f3
0x000000003da51178 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
0x000000003da512f0 1 1 R--rw- \Device\HarddiskVolume1\Users\admin
0x000000003da51588 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\9f54b95f-5096-4803-ae61-e9b3ac5b616d
0x000000003da51858 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\wmiutils.dll
0x000000003da51b78 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
0x000000003da52688 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\unregmp2.exe
0x000000003da52b18 2 1 RWD--- \Device\clfs\SystemRoot\System32\Config\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR
0x000000003da53038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sqlceqp30.dll
0x000000003da531f8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\netdiagfx.dll
0x000000003da533e8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
0x000000003da53d30 8 0 RWDr-- \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
0x000000003da549f0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\AUDIOKSE.dll
0x000000003da54e00 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\AudioEng.dll
0x000000003da55390 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\mpsdrv.sys
0x000000003da556c0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\bowser.sys
0x000000003da563e0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wbem\cimwin32.dll
0x000000003da56528 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003da572e0 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\a1cfa52f-06f2-418d-addb-cd6456d66f43
0x000000003da57718 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003da57910 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mfplat.dll
0x000000003da5d4b8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\mrxsmb.sys
0x000000003da5d900 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Maintenance\WinSAT
0x000000003da5dcf8 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady
0x000000003da5e708 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\a316e645-1c56-45a6-bd6a-7dca79778090
0x000000003da5ec20 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
0x000000003da5ed88 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2
0x000000003da5ee40 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\a6394592-54ce-4e93-8d64-1a068f462632
0x000000003da5fc90 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\mrxsmb10.sys
0x000000003da62408 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\b9bee219-c29e-4310-819c-147a5a0e045e
0x000000003da62970 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
0x000000003da62b58 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
0x000000003da62f80 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\a5376cfc-5b80-40c8-90b5-59888a6488c0
0x000000003da63438 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mfcsubs.dll
0x000000003da634f0 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003da635c8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\User_Feed_Synchronization-{D4E3658B-5B1B-48DD-B77C-09202E610FEC}
0x000000003da639c0 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
0x000000003da63f40 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\aa6e62e8-887f-4529-a094-bb18674348d1
0x000000003da645a0 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\c580959a-b488-4399-8fe4-ccd0e3c9fd03
0x000000003da64b58 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask
0x000000003da64f80 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\be8180bb-a8ec-43f3-8f89-15d5fb781f7d
0x000000003da65278 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wdi.dll
0x000000003da65330 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\cb8340b3-7fb9-4be9-9552-ac7d5fb8c375
0x000000003da65630 8 0 RWD--- \Device\HarddiskVolume1\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7d505514-325c-4a6c-a678-150f359e4cd5}\snapshot.etl
0x000000003da65920 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask
0x000000003da65d60 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\d21f6024-191f-4454-bbbc-09a650da2549
0x000000003da65f48 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\c642c852-9adb-4bf6-a177-681be477458b
0x000000003da66828 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\d6790bea-5f65-43cf-a26e-5bae312a4d0a
0x000000003da66a38 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
0x000000003da66f80 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
0x000000003da67388 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\e788eb44-3eba-4d19-a6ff-39d46fbdd42f
0x000000003da67600 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
0x000000003da67970 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry
0x000000003da67b58 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch
0x000000003da67f80 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\d622195c-d680-4fea-9c56-59660c7c9e94
0x000000003da68390 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch
0x000000003da68c70 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\dce0ad5a-9d01-4b2d-9474-745accb8f0f7
0x000000003da68e58 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\d8bb5b7f-d0ca-4f67-a3d7-73e1d05f63da
0x000000003da693c8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\MPSSVC.dll
0x000000003da697a0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\catsrv.dll
0x000000003da69be8 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
0x000000003da69de0 9 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\msdtcVSp1res.dll.mui
0x000000003da6b3f0 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx
0x000000003da6bd20 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003da6c1a8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wscui.cpl
0x000000003da6c3d8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\Magnify.exe
0x000000003da6d038 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\ffb8486a-9861-4b82-be38-c7f8fb1b6605
0x000000003da6d478 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Location\Notifications
0x000000003da6d910 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\f93c7104-998a-4a38-b935-775a3138b3c3
0x000000003da6da90 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\e8164c0d-216c-4b6b-9eb8-31bf958b8014
0x000000003da6db58 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Task Manager\Interactive
0x000000003da6df80 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\fb0507b8-15c4-4c93-bac5-a819dd6eedb1
0x000000003da702c8 8 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
0x000000003da70468 8 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
0x000000003da72520 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003da72690 1 1 ------ \Device\Afd\Endpoint
0x000000003da73038 15 0 R--rwd \Device\HarddiskVolume1\Windows\System32\authfwcfg.dll
0x000000003da731a0 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Searches\desktop.ini
0x000000003da733c0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\unregmp2.exe
0x000000003da73c60 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003da74490 4 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Defender\MpCommu.dll
0x000000003da745b8 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\DLLHOST.EXE-7D2183B8.pf
0x000000003da74708 7 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\CMD.EXE-89305D47.pf
0x000000003da74aa8 7 0 R--r-d \Device\HarddiskVolume1\Program Files\Internet Explorer\iecompat.dll
0x000000003da74d20 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\wmipcima.dll
0x000000003da75428 8 0 R--rwd \Device\HarddiskVolume1\Windows\Media\Desktop.ini
0x000000003da765a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mycomput.dll
0x000000003da76f58 15 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sqlcese30.dll
0x000000003da79028 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003da79bd8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wkssvc.dll
0x000000003da7a980 1 1 ------ \Device\NamedPipe\wkssvc
0x000000003da7aa88 15 0 R--r-d \Device\HarddiskVolume1\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys
0x000000003da7b8d0 1 1 ------ \Device\NamedPipe\wkssvc
0x000000003da7bc40 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\framedynos.dll
0x000000003da7bcf8 1 1 ------ \Device\NamedPipe\wkssvc
0x000000003da7d1f8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cryptsvc.dll
0x000000003da7d2b0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\vssapi.dll
0x000000003da7f3a0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ncsi.dll
0x000000003da7f4a0 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003da80a10 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\PEAuth.sys
0x000000003da81cc8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\nlasvc.dll
0x000000003da83340 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\secdrv.sys
0x000000003da84140 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\clfs.sys
0x000000003da84278 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\Wdf01000.sys
0x000000003da84470 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\PSHED.DLL
0x000000003da84600 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\halmacpi.dll
0x000000003da847d8 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\ntkrnlpa.exe
0x000000003da84b30 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL
0x000000003da84ca0 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\mcupdate_GenuineIntel.dll
0x000000003da84f80 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\kdcom.dll
0x000000003da863e0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\winhttp.dll
0x000000003da86520 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\webio.dll
0x000000003da87228 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\msisadrv.sys
0x000000003da87790 6 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\acpi.sys
0x000000003da878c8 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\wmilib.sys
0x000000003da87a68 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\WdfLdr.sys
0x000000003da87de0 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\ci.dll
0x000000003da88028 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\vdrvroot.sys
0x000000003da88428 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\battc.sys
0x000000003da88830 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\volmgrx.sys
0x000000003da88a08 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\partmgr.sys
0x000000003da88d18 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\compbatt.sys
0x000000003da88ef0 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\pci.sys
0x000000003da89038 6 0 R--r-d \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\mip.exe
0x000000003da89358 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\ataport.sys
0x000000003da89680 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\atapi.sys
0x000000003da89ab8 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\vsock.sys
0x000000003da89de0 1 0 RW-rwd \Device\HarddiskVolume1\$PrepareToShrinkFileSize
0x000000003da8a3e8 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
0x000000003da8a6e8 4 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys
0x000000003da8a820 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\netio.sys
0x000000003da8ab20 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\fs_rec.sys
0x000000003da8ae48 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\tcpipreg.sys
0x000000003da8b188 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\volsnap.sys
0x000000003da8b8e8 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\FWPKCLNT.SYS
0x000000003da8ba20 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\vmstorfl.sys
0x000000003da8bf80 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\ksecpkg.sys
0x000000003da8c300 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\hwpolicy.sys
0x000000003da8c738 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\fvevol.sys
0x000000003da8ca38 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\rdyboost.sys
0x000000003da8cb70 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\mup.sys
0x000000003da8ce70 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\spldr.sys
0x000000003da8d790 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\Classpnp.sys
0x000000003da8dbc8 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\disk.sys
0x000000003da8df80 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\AGP440.sys
0x000000003da8e148 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wfapigp.dll
0x000000003da8e8f0 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sysmain.dll
0x000000003da95458 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\TPVMMon.dll
0x000000003da969a0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\tprdpw32.dll
0x000000003da978c8 2 1 ------ \Device\Afd\Endpoint
0x000000003da97d48 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ssdpapi.dll
0x000000003da99918 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\accessibilitycpl.dll
0x000000003da9d208 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003da9d578 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\npmproxy.dll
0x000000003daa78b8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\TPVMW32.dll
0x000000003daa8470 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\AltTab.dll
0x000000003daa8528 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mscms.dll
0x000000003daa9c70 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003daa9da0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\netshell.dll
0x000000003daaa8e8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003daaabe8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003daaaf80 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003daab038 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003daaba50 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003daabf80 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\KernelBase.dll.mui
0x000000003daae520 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\provsvc.dll
0x000000003daaf088 1 1 ------ \Device\NamedPipe\trkwks
0x000000003daaf878 16 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003daafab8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\srv2.sys
0x000000003daafcf0 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\en-US\KernelBase.dll.mui
0x000000003dab09e0 12 1 RWDr-- \Device\HarddiskVolume1\System Volume Information\tracking.log
0x000000003dab0b00 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msimtf.dll
0x000000003dab0ec8 1 1 ------ \Device\NamedPipe\trkwks
0x000000003dab0f80 2 1 ------ \Device\NamedPipe\trkwks
0x000000003dab1738 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dab1aa0 6 0 ------ \Device\HarddiskVolume1\Windows\System32\C_950.NLS
0x000000003dab1f80 8 0 ------ \Device\HarddiskVolume1\Windows\System32\C_1250.NLS
0x000000003dab2508 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
0x000000003dab26b8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\WMIsvc.dll
0x000000003dab3098 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\srv.sys
0x000000003dab3438 8 0 ------ \Device\HarddiskVolume1\Windows\System32\C_1251.NLS
0x000000003dab4038 3 1 R--rwd \Device\HarddiskVolume1\Windows\System32\wbem\MOF
0x000000003dab4610 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dab4780 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dab5548 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\PeerDistSh.dll
0x000000003dab68c0 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Videos\desktop.ini
0x000000003dabd188 2 1 R--rwd \Device\HarddiskVolume1\$Extend\$ObjId
0x000000003dabddf0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sstpsvc.dll
0x000000003dabe1a8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dabe2f8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ipconfig.exe
0x000000003dabe418 3 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\autoLogon.dll
0x000000003dabe920 8 0 ------ \Device\HarddiskVolume1\Windows\System32\C_1255.NLS
0x000000003dabebf8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dabf138 6 0 ------ \Device\HarddiskVolume1\Windows\System32\C_949.NLS
0x000000003dabf510 8 0 ------ \Device\HarddiskVolume1\Windows\System32\C_1256.NLS
0x000000003dabf738 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dabfac0 8 0 ------ \Device\HarddiskVolume1\Windows\System32\C_932.NLS
0x000000003dabfca8 8 0 ------ \Device\HarddiskVolume1\Windows\System32\C_1253.NLS
0x000000003dac0500 8 0 ------ \Device\HarddiskVolume1\Windows\System32\C_1258.NLS
0x000000003dac0c08 8 0 ------ \Device\HarddiskVolume1\Windows\System32\C_1254.NLS
0x000000003dac0df0 8 0 ------ \Device\HarddiskVolume1\Windows\System32\C_1257.NLS
0x000000003dac0f80 8 0 ------ \Device\HarddiskVolume1\Windows\System32\C_874.NLS
0x000000003dac1250 4 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\disableGuestHibernate.dll
0x000000003dac1738 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dac17f0 6 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\hwUpgradeHelper.dll
0x000000003dac1ec8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dac1f80 3 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\bitMapper.dll
0x000000003dac2038 3 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\diskWiper.dll
0x000000003dac22f8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dac2a20 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sqmapi.dll
0x000000003dac2bf0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dac2f80 3 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\deployPkg.dll
0x000000003dac33b0 3 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\resolutionSet.dll
0x000000003dac3520 3 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\timeSync.dll
0x000000003dac39d0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dac3ba0 3 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\guestInfo.dll
0x000000003dac3c58 7 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\vmsvc\grabbitmqProxy.dll
0x000000003dac49d0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dac4b80 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dac4f80 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dac5300 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dac55b0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wdscore.dll
0x000000003dac5ad0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dac5e50 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\2052\StructuredQuerySchema.bin
0x000000003dac5f80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\iphlpsvc.dll
0x000000003dac7cc8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\odbc32.dll
0x000000003dac80b0 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003dac81b8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rascfg.dll
0x000000003dac8980 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ndiscapCfg.dll
0x000000003dac8a88 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\tcpipcfg.dll
0x000000003dac8e58 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\ndisuio.PNF
0x000000003dac92a8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ncobjapi.dll
0x000000003dacb4c0 4 0 R--r-d \Device\HarddiskVolume1\Windows\explorer.exe
0x000000003dacb578 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mprapi.dll
0x000000003dacb8e8 7 0 R--r-- \Device\HarddiskVolume1\Windows\inf\nettcpip.PNF
0x000000003dacbda0 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\netmscli.PNF
0x000000003dacd4e0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\mprmsg.dll.mui
0x000000003dacd9c0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rundll32.exe
0x000000003dace038 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\netnb.PNF
0x000000003daceae0 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\netrass.PNF
0x000000003dacecc8 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\wfplwf.PNF
0x000000003dacef80 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\netrast.PNF
0x000000003dadb360 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSD.dll
0x000000003dadb4e0 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\netvwififlt.PNF
0x000000003dadc038 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SensApi.dll
0x000000003dadc340 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\wbemess.dll
0x000000003dadc9d8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\wlanmm.dll.mui
0x000000003dadcaf8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mprmsg.dll
0x000000003dadda40 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Query.dll
0x000000003dade358 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\xwtpdui.dll.mui
0x000000003dadf2c8 2 1 ------ \Device\NamedPipe\
0x000000003dadf450 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wshnetbs.dll
0x000000003dadf508 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wshbth.dll
0x000000003dadfd00 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msasn1.dll
0x000000003dae00a0 1 1 ------ \Device\NamedPipe\MsFteWds
0x000000003dae0438 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\themeui.dll
0x000000003dae0618 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\icardres.dll
0x000000003dae06d0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\recovery.dll
0x000000003dae0ec8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WsmRes.dll
0x000000003dae1a68 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\pacer.sys
0x000000003dae3b20 3 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx
0x000000003dae3c90 1 1 ------ \Device\NamedPipe\srvsvc
0x000000003dae51a0 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mmsys.cpl
0x000000003dae55b8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\activeds.dll
0x000000003dae6738 2 1 ------ \Device\Afd\Endpoint
0x000000003dae6c98 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
0x000000003dae8148 2 1 ------ \Device\Afd\Endpoint
0x000000003dae8d68 2 1 ------ \Device\Afd\Endpoint
0x000000003dae8f38 2 1 ------ \Device\Afd\Endpoint
0x000000003daec038 8 0 R--rwd \Device\HarddiskVolume1\Users\Public\Music\Sample Music\desktop.ini
0x000000003daec100 2 0 RWD--- \Device\HarddiskVolume1\Windows\inf\WmiApRpl\0804\WmiApRpl.ini
0x000000003daec8d0 5 0 R--r-d \Device\HarddiskVolume1\Windows\ehome\ehres.dll
0x000000003daecb60 6 0 R--r-d \Device\HarddiskVolume1\Program Files\DVD Maker\DVDMaker.exe
0x000000003daf6278 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\iscsicpl.dll
0x000000003daf65e0 8 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Feeds Cache\index.dat
0x000000003daf6758 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\Vault.dll
0x000000003daf69c8 8 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat
0x000000003daf74a8 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
0x000000003daf7be8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\httpapi.dll
0x000000003daf7df0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\pautoenr.dll
0x000000003daf8038 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-1fc-0
0x000000003daf9238 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dui70.dll
0x000000003daf9978 2 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\0929bf4ca3bc8e8b2131f27cdf500c7e\System.Web.Services.ni.dll
0x000000003dafb500 6 0 R--rwd \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
0x000000003dafb5e0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msdtcprx.dll
0x000000003dafb710 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mtxclu.dll
0x000000003dafb8c0 1 0 R--r-- \Device\HarddiskVolume1\Windows\Prefetch\ReadyBoot\Trace5.fx
0x000000003dafb988 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\portcls.sys
0x000000003dafbc58 5 0 R--r-d \Device\HarddiskVolume1\Program Files\Windows Sidebar\sidebar.exe
0x000000003dafbd10 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ie4uinit.exe
0x000000003dafc4d8 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dafc730 8 0 R--r-d \Device\HarddiskVolume1\Program Files\DVD Maker\zh-CN\DVDMaker.exe.mui
0x000000003dafc810 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wdc.dll
0x000000003dafc8c8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\clb.dll
0x000000003dafcb70 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dafce40 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\thumbcache.dll
0x000000003dafd3d8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\FXSRESM.dll.mui
0x000000003dafd590 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\blbres.dll
0x000000003dafd648 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\FXSRESM.dll
0x000000003dafdca8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ExplorerFrame.dll
0x000000003dafe420 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\vmhgfs.dll
0x000000003dafef80 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\xpsrchvw.exe
0x000000003daff158 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\KMSVC.DLL
0x000000003db02460 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\nshwfp.dll
0x000000003db04f80 6 0 R--r-- \Device\HarddiskVolume1\Windows\System32\DriverStore\infpub.dat
0x000000003db05038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\NetProjW.dll.mui
0x000000003db05480 5 0 R--r-d \Device\HarddiskVolume1\Windows\Branding\ShellBrd\shellbrd.dll
0x000000003db05908 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SnippingTool.exe
0x000000003db059c0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SNTSearch.dll
0x000000003db06038 9 0 R--r-- \Device\HarddiskVolume1\Windows\System32\catroot2\edb.log
0x000000003db06e18 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
0x000000003db07038 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db07990 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\npmproxy.dll
0x000000003db07a48 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\WMIADAP.exe
0x000000003db13438 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sfc.dll
0x000000003db13750 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\perftrack.dll
0x000000003db142e8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sfc_os.dll
0x000000003db146f8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Syncreg.dll
0x000000003db147b0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Speech\SpeechUX\sapi.cpl
0x000000003db14b30 6 0 R--r-d \Device\HarddiskVolume1\Program Files\Windows Journal\Journal.exe
0x000000003db14ec8 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db14f80 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\OobeFldr.dll
0x000000003db15a58 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wpdbusenum.dll
0x000000003db16038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\fsquirt.exe.mui
0x000000003db162f0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\DisplaySwitch.exe
0x000000003db164c8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mstsc.exe
0x000000003db16580 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\DisplaySwitch.exe.mui
0x000000003db17448 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db17590 1 1 RW-r-d \Device\HarddiskVolume1\Windows\System32\wfp\wfpdiag.etl
0x000000003db17680 5 0 R--rw- \Device\HarddiskVolume1\Windows\System32\wdi\LogFiles\ShutdownCKCL.etl
0x000000003db17ce0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\aepic.dll
0x000000003db18330 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SyncCenter.dll
0x000000003db184b0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mblctr.exe
0x000000003db185f0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SoundRecorder.exe
0x000000003db187c0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\sntsearch.dll.mui
0x000000003db18eb8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\NetProjW.dll
0x000000003db19650 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\diagperf.dll
0x000000003db19ba8 3 0 RW---- \Device\HarddiskVolume1\Windows\Prefetch\AgGlFaultHistory.db
0x000000003db1af80 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\PortableDeviceApi.dll
0x000000003db1b038 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Saved Games\desktop.ini
0x000000003db1b0f0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\DHCPQEC.DLL
0x000000003db1b1d8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\FirewallControlPanel.dll
0x000000003db1bf80 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\pnpts.dll
0x000000003db1c7e8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dxtrans.dll
0x000000003db1d8b0 7 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
0x000000003db1e780 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rstrui.exe
0x000000003db1ea00 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\iscsicpl.dll.mui
0x000000003db29038 8 0 R--r-d \Device\HarddiskVolume1\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab
0x000000003db2f2a0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\txflog.dll
0x000000003db318b8 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sppcomapi.dll
0x000000003db31a38 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mycomput.dll
0x000000003db31c98 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\DXP.dll
0x000000003db31f80 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\devmgr.dll
0x000000003db325b8 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\KernelBase.dll.mui
0x000000003db32670 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\xolehlp.dll
0x000000003db32a68 5 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
0x000000003db32b20 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\miguiresource.dll
0x000000003db32bd8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wsecedit.dll
0x000000003db32d98 11 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
0x000000003db32f80 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\MdSched.exe
0x000000003db33688 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db337d0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\en-US\cimwin32.dll.mui
0x000000003db33b88 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\AuthFWGP.dll
0x000000003db33f30 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\stdole2.tlb
0x000000003db34038 10 1 RW-r-- \Device\HarddiskVolume1\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9F5E825C-2518-4621-A86F-516BFFD80BFB}.crmlog
0x000000003db341d0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\recdisc.exe
0x000000003db34a70 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sdcpl.dll
0x000000003db35f80 6 1 R--r-d \Device\HarddiskVolume1\Windows\System32\comsvcs.dll
0x000000003db386e0 1 1 ------ \Device\NamedPipe\srvsvc
0x000000003db392a0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk
0x000000003db39560 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rstrui.exe
0x000000003db39618 4 0 R--r-d \Device\HarddiskVolume1\Windows\ehome\ehSSO.dll
0x000000003db396d0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dfrgui.exe
0x000000003db3a198 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db3a9c8 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk
0x000000003db3b178 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mstsc.exe
0x000000003db3b328 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\DisplaySwitch.exe
0x000000003db3b3e0 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db3b6f0 6 0 R--r-d \Device\HarddiskVolume1\Program Files\Internet Explorer\iexplore.exe
0x000000003db3b7a8 7 0 R--r-d \Device\HarddiskVolume1\Program Files\Internet Explorer\iexplore.exe
0x000000003db3b9c0 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db3bc20 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\StikyNot.exe
0x000000003db3c960 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk
0x000000003db3cac0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SyncCenter.dll
0x000000003db3ce38 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk
0x000000003db3cef0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk
0x000000003db3d368 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\calc.exe
0x000000003db3d420 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
0x000000003db3d5d0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SnippingTool.exe
0x000000003db3d790 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WPDShServiceObj.dll
0x000000003db3df80 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\NETSH.EXE-3DD790C5.pf
0x000000003db47038 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\batmeter.dll
0x000000003db474d8 7 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat
0x000000003db481c0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
0x000000003db48278 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\xpsrchvw.exe
0x000000003db48480 17 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
0x000000003db48678 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WFSR.dll
0x000000003db487b0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mmres.dll
0x000000003db48ba8 1 1 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
0x000000003db48c60 5 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
0x000000003db48d18 1 1 R--r-d \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat
0x000000003db48dd0 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dxtmsft.dll
0x000000003db48f80 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mspaint.exe
0x000000003db4a6d8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\tquery.dll
0x000000003db4ac80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\fundisc.dll
0x000000003db4eaf0 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003db4ec38 2 0 RWD--- \Device\HarddiskVolume1\Windows\inf\WmiApRpl\WmiApRpl.h
0x000000003db51c10 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mssrch.dll
0x000000003db51f80 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe
0x000000003db52c18 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\esent.dll
0x000000003db54c08 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msidle.dll
0x000000003db556e8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ksuser.dll
0x000000003db56ca8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\onexui.dll
0x000000003db5ddf8 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003db60e88 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db626d0 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db62988 17 1 -W-r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.4.Crwl
0x000000003db66450 8 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
0x000000003db6b9c0 7 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\VMWARERESOLUTIONSET.EXE-BAE6FDC8.pf
0x000000003db6bc90 11 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mfc42u.dll
0x000000003db6bf80 17 1 -W-r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.4.gthr
0x000000003db6c748 6 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
0x000000003db6c800 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\pnidui.dll
0x000000003db6cbd0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\QUTIL.DLL
0x000000003db6d228 8 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
0x000000003db6daa0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mssprxy.dll
0x000000003db6e228 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ieframe.dll
0x000000003db6e978 9 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
0x000000003db6f278 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\KernelBase.dll.mui
0x000000003db6f640 6 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
0x000000003db6ff80 2 0 R--r-- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-632115932-2214978728-2420482550-1000\Preferred
0x000000003db71238 1 1 RW---- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
0x000000003db82180 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
0x000000003db824d0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\bthport.sys
0x000000003db82f80 9 1 R--r-d \Device\HarddiskVolume1\Windows\System32\en-US\MsCtfMonitor.dll.mui
0x000000003db8c2a8 8 0 -W-r-- \Device\HarddiskVolume1\Windows\System32\wbem\Performance\WmiApRpl.hew.h
0x000000003db8d278 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\setupapi.dll.mui
0x000000003db8d360 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wsecedit.dll
0x000000003db8d598 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\termsrv.dll
0x000000003db8d970 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
0x000000003db8da70 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\vss_ps.dll
0x000000003db8ea20 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\MdSched.exe
0x000000003db91190 11 1 RWD--- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
0x000000003db91650 13 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db917e0 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ieapfltr.dll
0x000000003db91898 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mshtml.dll
0x000000003db91df0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msshooks.dll
0x000000003db95118 8 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0002.002
0x000000003db95238 9 1 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci
0x000000003db95ca0 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\KernelBase.dll.mui
0x000000003db96170 9 1 RW-rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid
0x000000003db96228 2 1 ------ \Device\NamedPipe\MsFteWds
0x000000003db96348 5 1 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci
0x000000003db96920 9 1 RW-rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wsb
0x000000003db96b80 9 1 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
0x000000003db96c38 9 1 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir
0x000000003db96d58 9 1 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
0x000000003db97038 9 1 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir
0x000000003db97670 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\BTHUSB.SYS
0x000000003db97920 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mobsync.exe
0x000000003db97b60 2 0 RW-rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0002.000
0x000000003db98038 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db99698 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003db99c98 1 1 ------ \Device\NamedPipe\lsass
0x000000003db9a518 2 1 R--rwd \Device\HarddiskVolume1\
0x000000003db9ab10 2 0 -W---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P2DFGMSC\errorPageStrings[1]
0x000000003db9acb0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\MFC42u.dll.mui
0x000000003db9af80 1 1 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
0x000000003db9e768 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\rfcomm.sys
0x000000003dba0308 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dbb1698 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\bthenum.sys
0x000000003dbb3318 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\bthpan.sys
0x000000003dbb3d40 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\bthpan.sys
0x000000003dbb40e0 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msshooks.dll
0x000000003dbb8508 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dbbd990 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003dbc02d0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ActionCenter.dll
0x000000003dbc14c8 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\Microsoft\Protect\S-1-5-18\User\91a4e49b-9c65-489c-bdaf-2c7f72047b40
0x000000003dbc17c8 17 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
0x000000003dbc1d08 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
0x000000003dbc3750 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\profapi.dll
0x000000003dbc3a88 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\odbc32.dll
0x000000003dbc5038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wups.dll
0x000000003dbc5800 8 0 R--r-d \Device\HarddiskVolume1\Program Files\Internet Explorer\IEShims.dll
0x000000003dbc5ce8 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dbc6f30 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rundll32.exe
0x000000003dbc7318 17 1 RW-r-- \Device\HarddiskVolume1\Windows\SoftwareDistribution\ReportingEvents.log
0x000000003dbc7630 5 0 R--rwd \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\CbsCore.dll
0x000000003dbc80f8 8 0 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk
0x000000003dbc88f8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\xwizards.dll
0x000000003dbc8f80 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mlang.dll
0x000000003dbc9388 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\kernel32.dll
0x000000003dbca2a0 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msoert2.dll
0x000000003dbca6b0 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\Microsoft\Protect\S-1-5-18\User\Preferred
0x000000003dbca908 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003dbcb038 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dbcb6d0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\UIAnimation.dll
0x000000003dbcb998 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
0x000000003dbcbbf0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
0x000000003dbcbe80 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\whhelper.dll
0x000000003dbcc178 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\SVCHOST.EXE-258FF938.pf
0x000000003dbcd218 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\lsm.exe
0x000000003dbcda88 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dbce530 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003dbcef80 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\SensorsCpl.dll
0x000000003dbcfaf0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wbem\wmiprov.dll
0x000000003dbd0188 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dbd0770 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\QAGENT.DLL
0x000000003dbd0b90 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wsqmcons.exe
0x000000003dbd0cd0 7 0 R--rwd \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
0x000000003dbd1398 2 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\config\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.blf
0x000000003dbd1b40 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WcnEapPeerProxy.dll
0x000000003dbd1e00 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\conhost.exe
0x000000003dbd20b8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\drivers\zh-CN\intelppm.sys.mui
0x000000003dbd2a38 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rdpcorekmts.dll
0x000000003dbd2d18 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\TSWorkspace.dll
0x000000003dbd3038 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ntprint.dll
0x000000003dbd3290 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\hidserv.dll
0x000000003dbd46e8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\srchadmin.dll
0x000000003dbd4ae8 8 0 R--r-- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms
0x000000003dbd4df0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Display.dll
0x000000003dbd56c8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WMASF.DLL
0x000000003dbd6038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
0x000000003dbd6200 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wlanapi.dll
0x000000003dbd69d8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\main.cpl
0x000000003dbd7c30 8 0 R--rwd \Device\HarddiskVolume1\Windows\Resources\Ease of Access Themes\hcwhite.theme
0x000000003dbd7f80 8 0 R--rwd \Device\HarddiskVolume1\Windows\Resources\Ease of Access Themes\hcblack.theme
0x000000003dbd8038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\version.dll
0x000000003dbd8190 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
0x000000003dbd9038 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\wlanmm.dll.mui
0x000000003dbda268 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\icmp.dll
0x000000003dbda538 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\webcheck.dll
0x000000003dbdaa08 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mobsync.exe
0x000000003dbdaf80 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\DriverStore\infstrng.dat
0x000000003dbdc830 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\C_20127.NLS
0x000000003dbdc9b0 7 0 R--rwd \Device\HarddiskVolume1\Windows\AppPatch\AcLayers.dll
0x000000003dbdcbc0 12 0 R--rwd \Device\HarddiskVolume1\Windows\System32\netiohlp.dll
0x000000003dbdd2b8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sxs.dll
0x000000003dbde838 13 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dbdf258 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\CertEnroll.dll
0x000000003dbdf310 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\iepeers.dll
0x000000003dbdf548 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003dbdfae8 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf
0x000000003dbdfd68 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\netsh.exe
0x000000003dbdff80 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\themecpl.dll
0x000000003dbe00e8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL
0x000000003dbe0320 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wship6.dll
0x000000003dbe0490 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\netman.dll
0x000000003dbe08c8 3 0 R--r-d \Device\HarddiskVolume1\Program Files\Windows Sidebar\sbdrop.dll
0x000000003dbe0e60 2 1 R--rwd \Device\CdRom0\
0x000000003dbe1248 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
0x000000003dbe1600 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003dbe20f0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003dbe2728 8 0 -W-rw- \Device\HarddiskVolume1\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\MpCmdRun.log
0x000000003dbe4038 8 0 RWD--- \Device\HarddiskVolume1\Windows\System32\PerfStringBackup.INI
0x000000003dbe45f0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\imapi2.dll
0x000000003dbe6148 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mswsock.dll
0x000000003dbe6390 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
0x000000003dbe7038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\winnsi.dll
0x000000003dbe71f8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\onex.dll
0x000000003dbe7cd0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe
0x000000003dbe8320 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\fdProxy.dll
0x000000003dbe8830 6 0 R--r-d \Device\HarddiskVolume1\Windows\ehome\ehshell.exe
0x000000003dbe9388 4 0 R--r-d \Device\HarddiskVolume1\Program Files\Windows Defender\MpRTP.dll
0x000000003dbe9b50 6 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe
0x000000003dbea388 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\PeerDistSvc.dll
0x000000003dbeaf80 1 1 ------ \Device\Afd\Endpoint
0x000000003dbeb128 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wlanhlp.dll
0x000000003dbeb388 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wlanutil.dll
0x000000003dbeb8e0 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\miguiresource.dll
0x000000003dbebb88 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msconfig.exe
0x000000003dbec848 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\seclogon.dll
0x000000003dbec9f8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\AuthFWGP.dll
0x000000003dbed388 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\en-US\httpapi.dll.mui
0x000000003dbed488 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rasdlg.dll
0x000000003dbeda98 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\IKEEXT.DLL
0x000000003dbee958 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\winsta.dll
0x000000003dbf0038 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drprov.dll
0x000000003dbf0528 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\shfolder.dll
0x000000003dbf0b48 2 0 R--r-d \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@baidu[1].txt
0x000000003dbf1d20 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf
0x000000003dbf2138 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WcnApi.dll
0x000000003dbf21f8 1 0 R--r-- \Device\HarddiskVolume1\Windows\Prefetch\ReadyBoot\Trace4.fx
0x000000003dbf3588 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
0x000000003dbf3a40 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\adsldp.dll
0x000000003dbf3f80 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sud.dll
0x000000003dbf4ed8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mpr.dll
0x000000003dbf5770 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\bthserv.dll
0x000000003dbf6e48 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wshelper.dll
0x000000003dbf7c30 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\verdanab.ttf
0x000000003dbf8638 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ieframe.dll
0x000000003dbf9388 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mprapi.dll
0x000000003dbf96b8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\hgcpl.dll
0x000000003dbf9928 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
0x000000003dbf9b88 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\actxprxy.dll
0x000000003dbf9f80 8 0 R--rwd \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
0x000000003dbfa388 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\perfproc.dll
0x000000003dbfb2c0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wmp.dll
0x000000003dbfb520 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe
0x000000003dbfbb68 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsModels0011.dll
0x000000003dbfc770 2 1 ------ \Device\Afd\Endpoint
0x000000003dbfd218 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dbfd2d0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\pnrpsvc.dll
0x000000003dbfd388 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\iphlpsvc.dll
0x000000003dbfdaa8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\shell32.dll
0x000000003dbfe230 16 0 R--rwd \Device\HarddiskVolume1\Windows\System32\regidle.dll
0x000000003dbfe5a0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003dbfea90 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Downloads\desktop.ini
0x000000003dc1d558 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\RDPCDD.sys
0x000000003dc1d728 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\watchdog.sys
0x000000003dc1dc80 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\videoprt.sys
0x000000003dce1c98 13 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Application.evtx
0x000000003dce3d30 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Windows PowerShell.evtx
0x000000003dce4a90 6 0 R--r-d \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe
0x000000003dce5bd8 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\sppobjs.dll
0x000000003dce5e28 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\en-US\imageres.dll.mui
0x000000003dce6e38 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dce6f80 17 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\System.evtx
0x000000003dce7d50 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dce8978 16 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Security.evtx
0x000000003dce8b48 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\ThinPrint Diagnostics.evtx
0x000000003dceb970 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Key Management Service.evtx
0x000000003dcebcc8 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Media Center.evtx
0x000000003dcec980 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\HardwareEvents.evtx
0x000000003dcedec8 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Internet Explorer.evtx
0x000000003dceecf0 1 0 RW-rwd \Device\HarddiskVolume1\$PrepareToShrinkFileSize
0x000000003dcef998 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msimg32.dll
0x000000003dcefd58 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
0x000000003dcf2a10 4 0 R--r-d \Device\HarddiskVolume1\Program Files\Windows Defender\MpEvMsg.dll
0x000000003dcf2e10 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dcf2f80 17 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
0x000000003dcf3bd8 1 0 RW-rwd \Device\HarddiskVolume1\$PrepareToShrinkFileSize
0x000000003dcf3f80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\WmiApRes.dll
0x000000003dcf4970 11 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
0x000000003dcf4c08 1 0 RW-rwd \Device\HarddiskVolume1\$PrepareToShrinkFileSize
0x000000003dcf5da0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\profsvc.dll
0x000000003dcf7988 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msacm32.dll
0x000000003dcf7ec8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003dcf8f80 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\adtschema.dll
0x000000003dcfbec8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\audiosrv.dll
0x000000003dcfcec8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\avrt.dll
0x000000003dcfde98 16 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx
0x000000003dd009a8 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003dd03e20 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003dd04e78 8 0 RW-rw- \Device\HarddiskVolume1\Windows\setupact.log
0x000000003dd04f30 11 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
0x000000003dd059d8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wlansvc.dll
0x000000003dd05a90 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\microsoft-windows-kernel-power-events.dll
0x000000003dd05ec0 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
0x000000003dd05f80 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
0x000000003dd06c98 9 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\wlandlg.dll.mui
0x000000003dd079f0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\fltMgr.sys
0x000000003dd07aa8 1 1 ------ \Device\000000a6\elineouttopo
0x000000003dd07c90 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\PSHED.DLL
0x000000003dd07f80 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll
0x000000003dd08b90 3 1 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu
0x000000003dd09c70 3 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu
0x000000003dd0cd60 1 1 ------ \Device\000000a6\emicintopo
0x000000003dd0dba8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dfrgui.exe
0x000000003dd0dc78 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mscories.dll
0x000000003dd0df80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\netlogon.dll
0x000000003dd10c28 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
0x000000003dd10ce0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mmcss.dll
0x000000003dd11d08 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\pmcsnap.dll
0x000000003dd11e48 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\oleaccrc.dll
0x000000003dd12bd0 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ActionCenterCPL.dll
0x000000003dd13f80 1 1 ------ \Device\000000a6\elineoutwave
0x000000003dd15a78 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003dd16b58 6 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\DLLHOST.EXE-71214090.pf
0x000000003dd17ce8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\audiodg.exe
0x000000003dd17e10 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\VMware\VMware Tools\manifest.txt
0x000000003dd17f80 8 0 R--rwd \Device\HarddiskVolume1\Users\Public\Videos\Sample Videos\desktop.ini
0x000000003dd18a80 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\apss.dll
0x000000003dd18e88 1 1 ------ \Device\000000a6\emicintopo
0x000000003dd19038 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf
0x000000003dd190f0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dllhost.exe
0x000000003dd19c98 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msdtc.exe
0x000000003dd1aeb8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\PeerDistSvc.dll
0x000000003dd1db90 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dd1dd48 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\pstorec.dll
0x000000003dd1dec8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\audiodg.exe.mui
0x000000003dd1ead0 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
0x000000003dd1fec8 7 0 R--rwd \Device\HarddiskVolume1\Windows\Media\Windows Hardware Remove.wav
0x000000003dd20d80 1 1 ------ \Device\000000a6\elineouttopo
0x000000003dd22cd8 1 1 ------ \Device\000000a6\emicinwave
0x000000003dd23e68 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ntmarta.dll
0x000000003dd24998 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ulib.dll
0x000000003dd26f80 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cscsvc.dll
0x000000003dd27d20 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rasadhlp.dll
0x000000003dd27f40 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wucltux.dll
0x000000003dd29bd0 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003dd2aa60 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\atl.dll
0x000000003dd52038 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\7e1af6c1-5f1f-40fe-a53a-53677434dc95
0x000000003dd521c8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\taskschd.dll
0x000000003dd526d8 1 1 R--rwd \Device\HarddiskVolume1窂
0x000000003dd528c0 1 1 R--rw- \Device\HarddiskVolume1\Windows\CSC\v2.0.6\namespace
0x000000003dd52d80 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
0x000000003dd52f80 1 1 R--rw- \Device\HarddiskVolume1\Windows\CSC\v2.0.6
0x000000003dd561b0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003dd56a08 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mstask.dll
0x000000003dd56cf0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\parport.sys
0x000000003dd57038 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\nlaapi.dll
0x000000003dd585b0 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
0x000000003dd58d40 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\gpsvc.dll
0x000000003dd59d98 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dsrole.dll
0x000000003dd63038 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003dd63c48 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dd64f80 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\themeservice.dll
0x000000003dd65038 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\slc.dll
0x000000003dd656f8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
0x000000003dd677f8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\netr28u.sys
0x000000003dd67f80 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003dd6c410 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\es.dll
0x000000003dd6d1d0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\comres.dll
0x000000003dd6d710 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\winnsi.dll
0x000000003dd6f038 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Sens.dll
0x000000003dd6f238 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\lltdio.sys
0x000000003dd6fe70 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\2bdfcb25-2620-45b5-b76e-743b503fbae4
0x000000003dd70bf0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
0x000000003dd70f80 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\uxsms.dll
0x000000003dd711f8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\keyiso.dll
0x000000003dd72cc0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\nwifi.sys
0x000000003dd73310 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\ndisuio.sys
0x000000003dd74850 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\rspndr.sys
0x000000003dd752e0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\lmhsvc.dll
0x000000003dd78a30 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\nrpsrv.dll
0x000000003dd79220 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sc.exe
0x000000003dd797e0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\UXInit.dll
0x000000003dd7a038 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dd7a1c8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sscore.dll
0x000000003dd7a698 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dd7af00 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dssenh.dll
0x000000003dd7b100 8 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\User Account Pictures\user.bmp
0x000000003dd7b370 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
0x000000003dd7b660 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wbem\wmiutils.dll
0x000000003dd7be60 8 0 R--r-d \Device\HarddiskVolume1\Windows\Resources\Themes\Aero\aero.msstyles
0x000000003dd7c5c8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\nsisvc.dll
0x000000003dd7c9c0 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003dd7d330 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\eapphost.dll
0x000000003dd7e4c0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\clusapi.dll
0x000000003dd7e838 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\imageres.dll
0x000000003dd7f838 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\eapsvc.dll
0x000000003dd7f8f0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dhcpcore.dll
0x000000003dd7fc48 2 1 RW-r-- \Device\HarddiskVolume1\Users\admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
0x000000003dd7fd48 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dd80e78 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll
0x000000003dd82ca0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dnsrslvr.dll
0x000000003dd831d8 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003dd92038 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SearchProtocolHost.exe
0x000000003dd923b0 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Favorites\Links\desktop.ini
0x000000003dd92888 1 1 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
0x000000003dd92cc0 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\spool\prtprocs\w32x86\TPWinPrn.dll
0x000000003dd92df0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\eappcfg.dll
0x000000003dd92ea8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dnsext.dll
0x000000003dd93138 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\onex.dll
0x000000003dd93ad8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wlansec.dll
0x000000003dd94038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\eappprxy.dll
0x000000003dd94648 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\l2gpstore.dll
0x000000003dd94948 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wlgpclnt.dll
0x000000003dd94d90 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
0x000000003dd95bf0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WinSCard.dll
0x000000003dd95ec8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wlanutil.dll
0x000000003dd97420 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\KernelBase.dll.mui
0x000000003dd98140 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dd98438 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\Links\Desktop.lnk
0x000000003dd98568 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dssenh.dll
0x000000003dd98620 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\en-US\mlang.dll.mui
0x000000003dd989d8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msxml6r.dll
0x000000003dd98b88 3 1 R--rwd \Device\HarddiskVolume1\Windows\System32\drivers\etc
0x000000003dd99148 8 0 R--r-- \Device\HarddiskVolume1\Windows\L2Schemas\WLAN_policy_v1.xsd
0x000000003dd99918 8 0 R--r-- \Device\HarddiskVolume1\Windows\L2Schemas\WLAN_profile_v1.xsd
0x000000003dd99d50 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msxml6.dll
0x000000003dd9a2c0 1 1 RW---- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
0x000000003dd9a688 8 0 R--r-- \Device\HarddiskVolume1\Windows\L2Schemas\OneX_v1.xsd
0x000000003dd9a9f0 8 0 R--r-- \Device\HarddiskVolume1\Windows\L2Schemas\WLANAP_profile_v1.xsd
0x000000003dd9aec8 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\SideShow\AutoWake
0x000000003dd9c170 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\winspool.drv
0x000000003dd9d850 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\prnfldr.dll
0x000000003dda04b8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\9ed1e666-a5dd-423f-933f-237ae8c3c878
0x000000003dda1038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\miguiresource.dll.mui
0x000000003dda12e0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\iscsicpl.dll
0x000000003dda1458 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\racengn.dll.mui
0x000000003dda1510 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wdc.dll
0x000000003dda1818 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msconfig.exe
0x000000003dda1d80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\odbcint.dll
0x000000003dda1f80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\comres.dll
0x000000003dda3b40 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\IDStore.dll
0x000000003dda3f80 4 0 RW-rwd \Device\HarddiskVolume1\Windows\rescache\rc0002\Segment2.cmf
0x000000003dda5738 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msxml3.dll
0x000000003dda5cb8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\netprofm.dll
0x000000003dda6230 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\MPCMDRUN.EXE-BB72ED6F.pf
0x000000003dda7418 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wiarpc.dll
0x000000003dda8b58 1 1 ------ \Device\NamedPipe\keysvc
0x000000003dda8f80 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
0x000000003dda9278 4 0 R--r-d \Device\HarddiskVolume1\Program Files\Windows Media Player\wmplayer.exe
0x000000003dda9a90 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Sens.dll
0x000000003dda9f80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\shsvcs.dll
0x000000003ddaa038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe
0x000000003ddaa7e0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mpr.dll
0x000000003ddaacf8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\stdole2.tlb
0x000000003ddaae20 2 1 ------ \Device\NamedPipe\keysvc
0x000000003ddab7a0 2 0 R--rwd \Device\CdRom0\Autorun.inf
0x000000003ddac0e0 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\MobilePC\HotStart
0x000000003ddac278 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\fvecerts.dll
0x000000003ddac3c0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\VAN.dll
0x000000003ddac828 1 1 ------ \Device\NamedPipe\keysvc
0x000000003ddacbc8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\fveapi.dll
0x000000003ddace00 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\tbs.dll
0x000000003ddad568 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\userinit.exe
0x000000003ddadcf8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\schedsvc.dll
0x000000003ddaeb70 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ktmw32.dll
0x000000003ddaf3f0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dps.dll
0x000000003ddb8f80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wwanmm.dll
0x000000003ddb9660 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\fdWCN.dll
0x000000003ddbb840 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\d3d10_1.dll
0x000000003ddbb8f8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dxgi.dll
0x000000003ddbbae0 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\d3d10_1core.dll
0x000000003ddbbcc8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dwm.exe
0x000000003ddbc1e8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dwmcore.dll
0x000000003ddbccc0 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003ddbcdb0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dwmredir.dll
0x000000003ddbe3c8 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddbeda0 8 0 R--r-d \Device\HarddiskVolume1\Windows\explorer.exe
0x000000003ddbee90 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\srvnet.sys
0x000000003ddbf188 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003ddbf240 4 0 R--r-- \Device\HarddiskVolume1\Users\admin\AppData\Local\IconCache.db
0x000000003ddbff30 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca
0x000000003ddc0428 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003ddc0ec8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ExplorerFrame.dll
0x000000003ddc3578 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\vm3dum.dll
0x000000003ddc3920 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\xwreg.dll
0x000000003ddc4598 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddc4650 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\oem9.PNF
0x000000003ddc5228 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ie4uinit.exe
0x000000003ddc52f0 12 0 R--rwd \Device\HarddiskVolume1\Windows\System32\loadperf.dll
0x000000003ddc5778 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cscdll.dll
0x000000003ddc5d08 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\EhStorShell.dll
0x000000003ddc5f80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\d3d10level9.dll
0x000000003ddc6370 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003ddc6890 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003ddc7920 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\migwiz\wet.dll
0x000000003ddc7f30 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cscui.dll
0x000000003ddc8288 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\taskcomp.dll
0x000000003ddc9ec8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003ddca1b8 9 1 R--r-d \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_b7a33d2d3f47b7fb\comctl32.dll.mui
0x000000003ddca2d0 1 1 R--r-d \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat
0x000000003ddca9c8 1 1 ------ \Device\NamedPipe\atsvc
0x000000003ddcaa80 2 1 ------ \Device\NamedPipe\atsvc
0x000000003ddcab38 2 0 RW-rw- \Device\HarddiskVolume1\Windows\Tasks\SA.DAT
0x000000003ddcabf0 1 1 ------ \Device\NamedPipe\atsvc
0x000000003ddcaca8 2 1 R--rw- \Device\HarddiskVolume1\Windows\Tasks
0x000000003ddcb788 2 1 ------ \Device\Afd\Endpoint
0x000000003ddcbcf8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003ddcc038 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003ddcc2c8 2 1 ------ \Device\Afd\Endpoint
0x000000003ddcc7a8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\http.sys
0x000000003ddcdd10 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-390-0
0x000000003ddcf310 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\spoolsv.exe
0x000000003ddcf480 6 0 R--r-- \Device\HarddiskVolume1\Windows\AppPatch\sysmain.sdb
0x000000003ddcf7f0 7 0 R--r-- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
0x000000003ddcfd28 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\timedate.cpl
0x000000003ddcfde0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_b7a33d2d3f47b7fb
0x000000003ddcff80 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\spoolsv.exe
0x000000003ddd5290 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddd5348 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Autochk\Proxy
0x000000003ddde638 2 1 ------ \Device\Afd\Endpoint
0x000000003dddecd8 2 1 ------ \Device\Afd\Endpoint
0x000000003dddef00 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\netip6.PNF
0x000000003dddf038 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003dddff80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\actxprxy.dll
0x000000003dde0d78 7 0 R--rwd \Device\HarddiskVolume1\Users\desktop.ini
0x000000003dde1270 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
0x000000003dde1388 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dde15e8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\fastfat.sys
0x000000003dde1898 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove
0x000000003dde1c50 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
0x000000003dde1f80 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\1ec9510d-a439-4950-9399-b6399edf9ea7
0x000000003dde2810 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dde2ca8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003dde2d60 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\Links
0x000000003dde3130 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\9334c323-f100-4656-9ba0-e4aa69c0f9c2
0x000000003dde3360 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\SystemRestore\SR
0x000000003dde3698 3 0 R--r-d \Device\HarddiskVolume1\Program Files\Windows Sidebar\sidebar.exe
0x000000003dde3a80 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\de8699d2-8a05-42f7-8a85-5162af47d26a
0x000000003dde3c90 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\2d468484-f015-4814-b345-91442962646f
0x000000003dde42d8 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dde4578 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\9b75c702-ea13-406a-badb-6c588ee4375b
0x000000003dde4ac8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\285b5af2-0d2e-44fa-9173-ee743f948f54
0x000000003dde4c10 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
0x000000003dde5270 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\DiagCpl.dll
0x000000003dde5b88 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
0x000000003dde5e38 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
0x000000003dde60f8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\c90440a0-6d8f-423f-8f42-83eef05ce708
0x000000003dde6410 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders
0x000000003dde67d8 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dde7f80 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a.manifest
0x000000003dde8428 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
0x000000003dde84e0 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dde8a18 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent
0x000000003dde8e38 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
0x000000003dde9960 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003dde9d30 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Desktop\desktop.ini
0x000000003ddeaa88 7 0 R--rwd \Device\HarddiskVolume1\Program Files\desktop.ini
0x000000003ddeab40 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003ddeaf80 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\shdocvw.dll
0x000000003ddeb038 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk
0x000000003ddeb278 7 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000003.db
0x000000003ddeb428 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\linkinfo.dll
0x000000003ddeb5b8 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\wbem\Repository\MAPPING1.MAP
0x000000003ddebbc8 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddebef8 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
0x000000003ddec2d0 6 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db
0x000000003ddec8f8 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player (2).lnk
0x000000003ddece10 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddecec8 8 0 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Caches\cversions.2.db
0x000000003ddedaa0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msutb.dll
0x000000003ddedc88 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer (2).lnk
0x000000003ddee3f0 7 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
0x000000003ddef180 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddef428 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddef4e0 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
0x000000003ddef788 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddef840 7 0 R--rwd \Device\HarddiskVolume1\Users\Public\desktop.ini
0x000000003ddf0170 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
0x000000003ddf0a98 7 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
0x000000003ddf0c88 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\6fe39a43-212a-4ba9-b1f3-32c7d4c048a1
0x000000003ddf0f38 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
0x000000003ddf1038 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
0x000000003ddf1660 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddf1d48 7 0 R--rwd \Device\HarddiskVolume1\Users\Public\Desktop\desktop.ini
0x000000003ddf1e00 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
0x000000003ddf20c0 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
0x000000003ddf2178 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
0x000000003ddf2448 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
0x000000003ddf2bb0 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
0x000000003ddf2f80 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
0x000000003ddf3458 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddf38c0 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddf3f80 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddf40d0 7 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini
0x000000003ddf4770 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddf4b98 7 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
0x000000003ddf4cc8 7 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
0x000000003ddf5108 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\ab771a9f-fb0f-4fa1-8b5f-48186615901e
0x000000003ddf5228 7 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
0x000000003ddf5440 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\de8bae53-2809-4f75-85ef-427d364b9b2c
0x000000003ddf59c8 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddf5b10 7 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
0x000000003ddf6170 7 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
0x000000003ddf6608 7 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
0x000000003ddf6f80 7 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini
0x000000003ddf71f8 7 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
0x000000003ddf7410 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\bba67ad0-4ba0-4b44-827b-ff419b70c057
0x000000003ddf7b48 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddf7f80 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddf8038 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ddf8498 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\gameux.dll
0x000000003ddf8748 4 0 R--r-d \Device\HarddiskVolume1\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll
0x000000003ddf8800 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
0x000000003ddf8bd0 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_f47c47b2f658b4a8.manifest
0x000000003ddfa378 7 0 R--rwd \Device\HarddiskVolume1\Users\Public\Documents\desktop.ini
0x000000003ddfa968 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wer.dll
0x000000003ddfaec8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003ddfb490 7 0 R--r-d \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0x000000003ddfb5a0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization
0x000000003ddfb968 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msls31.dll
0x000000003ddfbc40 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msftedit.dll
0x000000003ddfd100 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\pmcsnap.dll
0x000000003ddfd808 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
0x000000003ddfdb30 8 0 R--r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Caches\{67D69890-D853-4011-A87E-AA64FA83CE5A}.2.ver0x0000000000000001.db
0x000000003ddfdec8 7 0 R--r-- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
0x000000003ddfe988 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mydocs.dll
0x000000003ddfeec8 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003df1a158 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\RDPENCDD.sys
0x000000003df23038 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003df232b8 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\netsstpt.PNF
0x000000003df23ce8 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\netavpnt.PNF
0x000000003df23f80 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\lltdio.PNF
0x000000003e000038 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\roman.fon
0x000000003e0018d0 2 1 ------ \Device\Afd\Endpoint
0x000000003e0022e0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\RASMM.dll
0x000000003e005038 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\KernelBase.dll.mui
0x000000003e005440 6 0 RW-rwd \Device\HarddiskVolume1\Windows\rescache\rc0002\Segment1.cmf
0x000000003e006038 7 0 R--r-d \Device\HarddiskVolume1\Windows\IME\SPTIP.DLL
0x000000003e006598 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003e006908 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
0x000000003e0071e8 2 1 ------ \Device\Afd\Endpoint
0x000000003e007780 2 1 ------ \Device\Afd\Endpoint
0x000000003e007eb8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mssha.dll
0x000000003e008e58 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\UIAutomationCore.dll
0x000000003e0096f8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\slc.dll
0x000000003e009eb8 6 0 RW---- \Device\HarddiskVolume1\Windows\AppCompat\Programs\RecentFileCache.bcf
0x000000003e00aeb8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
0x000000003e00b200 7 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\sserife.fon
0x000000003e00b3e0 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\coure.fon
0x000000003e00b508 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\WcnEapPeerProxy.dll
0x000000003e00b868 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\winmm.dll
0x000000003e00c578 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\raschap.dll
0x000000003e00c630 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\smallf.fon
0x000000003e00c758 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dhcpcore6.dll
0x000000003e00c810 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\smalle.fon
0x000000003e00ceb8 7 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\serife.fon
0x000000003e00da28 1 1 ------ \Device\NamedPipe\ntsvcs
0x000000003e0177f8 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\iedkcs32.dll
0x000000003e0178a0 17 1 RWDr-d \Device\HarddiskVolume1\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
0x000000003e017a70 17 1 RWDr-d \Device\HarddiskVolume1\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
0x000000003e017b18 17 1 RWDr-d \Device\HarddiskVolume1\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
0x000000003e017c40 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ntshrui.dll
0x000000003e0192c0 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
0x000000003e0194b0 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\wuaueng.dll
0x000000003e0197a0 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wshext.dll
0x000000003e0198d8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\synceng.dll
0x000000003e0231f0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\svchost.exe
0x000000003e024038 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003e0249d8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SPInf.dll
0x000000003e026038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\pcwum.dll
0x000000003e026338 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\umpnpmgr.dll
0x000000003e0267b8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\usbd.sys
0x000000003e027780 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\devrtl.dll
0x000000003e028c70 2 1 ------ \Device\NamedPipe\plugplay
0x000000003e02a150 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\userenv.dll
0x000000003e02a2d0 1 1 ------ \Device\NamedPipe\plugplay
0x000000003e02a9c8 1 1 ------ \Device\NamedPipe\plugplay
0x000000003e02b038 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003e02b760 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\gpapi.dll
0x000000003e02c170 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\umpo.dll
0x000000003e02c7c8 1 0 RW-rwd \Device\HarddiskVolume1\$ConvertToNonresident
0x000000003e02c968 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\usbccgp.sys
0x000000003e02cba0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rasadhlp.dll
0x000000003e02cc58 7 0 R--rw- \Device\HarddiskVolume1\Windows\System32\drivers\etc\hosts
0x000000003e037028 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\luafv.sys
0x000000003e037cc0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cscapi.dll
0x000000003e037d90 1 1 RW---- \Device\HarddiskVolume1\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
0x000000003e037eb8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\IconCodecService.dll
0x000000003e038988 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003e038a40 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rpcss.dll
0x000000003e03aa88 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e03b2d8 1 1 RW---- \Device\HarddiskVolume1\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1
0x000000003e03ba68 2 1 RW-r-- \Device\HarddiskVolume1\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
0x000000003e03c808 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume1\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM
0x000000003e03ce98 2 1 RW-r-- \Device\HarddiskVolume1\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
0x000000003e03d5a8 10 1 RW-r-- \Device\HarddiskVolume1\Windows\Tasks\SCHEDLGU.TXT
0x000000003e03ebb8 1 1 RW---- \Device\HarddiskVolume1\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2
0x000000003e03ec70 2 1 RW-r-- \Device\HarddiskVolume1\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
0x000000003e040818 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ncobjapi.dll
0x000000003e040b50 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\RpcEpMap.dll
0x000000003e045290 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\hidclass.sys
0x000000003e045600 1 1 ------ \Device\Afd\Endpoint
0x000000003e046be0 2 1 ------ \Device\Afd\Endpoint
0x000000003e047038 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL
0x000000003e047348 2 1 ------ \Device\Afd\Endpoint
0x000000003e049648 2 1 ------ \Device\Afd\Endpoint
0x000000003e049700 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wshqos.dll
0x000000003e049bc8 2 1 ------ \Device\Afd\Endpoint
0x000000003e049db8 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-2b8-0
0x000000003e04a038 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e04a998 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\hidusb.sys
0x000000003e04acd0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\FirewallAPI.dll
0x000000003e04db60 2 1 ------ \Device\Afd\Endpoint
0x000000003e04e3e8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\version.dll
0x000000003e04f038 2 1 ------ \Device\Afd\Endpoint
0x000000003e04faa0 2 1 ------ \Device\Afd\Endpoint
0x000000003e050cc0 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003e052c28 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\twext.dll
0x000000003e053380 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\devobj.dll
0x000000003e053f80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\hidparse.sys
0x000000003e0569d0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rpcss.dll
0x000000003e057e78 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wuapp.exe
0x000000003e0595c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
0x000000003e05aab0 1 1 ------ \Device\NamedPipe\LSM_API_service
0x000000003e05ac58 1 1 ------ \Device\NamedPipe\LSM_API_service
0x000000003e05ad10 2 1 ------ \Device\NamedPipe\LSM_API_service
0x000000003e05c6a8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wevtsvc.dll
0x000000003e05cc98 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\psapi.dll
0x000000003e05dae0 1 1 ------ \Device\NamedPipe\eventlog
0x000000003e05db98 2 1 ------ \Device\NamedPipe\eventlog
0x000000003e05dea0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\tzres.dll
0x000000003e05df80 1 1 ------ \Device\NamedPipe\eventlog
0x000000003e05f8f8 1 1 -W---- \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
0x000000003e068038 1 1 ------ \Device\Afd\Endpoint
0x000000003e0688c8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\LogonUI.exe
0x000000003e068c18 7 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_b7a33d2d3f47b7fb.manifest
0x000000003e069e58 1 1 -W---- \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
0x000000003e06a4d8 7 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest
0x000000003e06aa40 2 1 ------ \Device\Afd\Endpoint
0x000000003e06b2d0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\null.sys
0x000000003e06b6a8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\beep.sys
0x000000003e06ccc0 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-2ec-0
0x000000003e06e160 8 0 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003e06e308 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\authui.dll
0x000000003e06e540 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
0x000000003e06f190 6 0 R--r-d \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
0x000000003e06f458 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\WinMgmtR.dll
0x000000003e06f560 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\WmiDcPrv.dll
0x000000003e06f858 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\shacct.dll
0x000000003e0705e0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cryptui.dll
0x000000003e070818 8 0 R--r-d \Device\HarddiskVolume1\Windows\WindowsShell.Manifest
0x000000003e070a88 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\Links\Downloads.lnk
0x000000003e070f58 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e071260 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
0x000000003e071ed8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\mouhid.sys
0x000000003e071f80 2 1 ------ \Device\NamedPipe\
0x000000003e072498 15 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\vmusbmouse.sys
0x000000003e073378 8 0 RW---- \Device\HarddiskVolume1\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
0x000000003e0759f0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\samlib.dll
0x000000003e075f80 3 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e076360 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wbem\WMIADAP.exe
0x000000003e0765b8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\propsys.dll
0x000000003e076f80 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
0x000000003e077660 7 0 R--r-d \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
0x000000003e077df0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\certcli.dll
0x000000003e078a38 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\duser.dll
0x000000003e078c18 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dui70.dll
0x000000003e0823f0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
0x000000003e0824a8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\xmllite.dll
0x000000003e082cf8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\SndVolSSO.dll
0x000000003e082e28 2 1 ------ \Device\NamedPipe\W32TIME_ALT
0x000000003e083188 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e083898 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
0x000000003e083af0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\netmsg.dll
0x000000003e083f80 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003e0841c0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\hid.dll
0x000000003e084e40 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e085330 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\repdrvfs.dll
0x000000003e0853e8 9 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\wbem\Repository\OBJECTS.DATA
0x000000003e085980 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\wbem\Repository\MAPPING3.MAP
0x000000003e085af8 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\wbem\Repository\INDEX.BTR
0x000000003e0861d8 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Documents\desktop.ini
0x000000003e086290 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WindowsCodecs.dll
0x000000003e0864d0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\browser.dll
0x000000003e086588 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\imageres.dll
0x000000003e0868b8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll
0x000000003e086ab0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
0x000000003e087d08 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
0x000000003e087dc0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\winbrand.dll
0x000000003e089600 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\credui.dll
0x000000003e089d20 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\samcli.dll
0x000000003e08ad20 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\vaultcli.dll
0x000000003e08af80 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\netapi32.dll
0x000000003e08b630 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003e08b6e8 1 1 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
0x000000003e08b7a0 1 1 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
0x000000003e08b9c0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\winbio.dll
0x000000003e08bd68 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk
0x000000003e08bf80 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk
0x000000003e08c398 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\netutils.dll
0x000000003e08d870 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rasapi32.dll
0x000000003e08eb70 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wkscli.dll
0x000000003e08ec28 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rasplap.dll
0x000000003e08f7d0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rasman.dll
0x000000003e08fa08 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rtutils.dll
0x000000003e08ff80 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\certCredProvider.dll
0x000000003e090f80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\netr28u.sys
0x000000003e091038 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\snmptrap.exe
0x000000003e0914e0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003e091c70 1 0 R--r-d \Device\HarddiskVolume1\Windows\System32\stdole2.tlb
0x000000003e094f80 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e0952d8 5 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\hgfs.dll
0x000000003e095c38 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003e095ed0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msdtcVSp1res.dll
0x000000003e096180 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\input.dll
0x000000003e0962a0 8 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\common\hgfsServer.dll
0x000000003e096548 8 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\common\hgfsUsability.dll
0x000000003e0967a0 4 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\common\thinprint.dll
0x000000003e096b68 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e096ed0 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e097200 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\0e12083c-0335-49db-9542-ba1ec6d83ecc
0x000000003e097a10 8 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\sigc-2.0.dll
0x000000003e097ce8 6 0 R--r-d \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\plugins\common\vix.dll
0x000000003e0981a8 5 0 R--r-d \Device\HarddiskVolume1\Program Files\Windows NT\TableTextService\TableTextService.dll
0x000000003e0982d0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a
0x000000003e098618 7 0 R--rw- \Device\HarddiskVolume1\Windows\Media\Windows Hardware Insert.wav
0x000000003e099920 7 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e099c98 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sdcpl.dll
0x000000003e09a350 6 0 R--r-d \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0x000000003e09c158 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e09df80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\wmiprov.dll
0x000000003e176478 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\oleaccrc.dll
0x000000003e176648 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\oleacc.dll
0x000000003e1c8320 2 0 R--rw- \Device\HarddiskVolume1\ProgramData\VMware\VMware Tools\Unity Filters\microsoftoffice2003.txt
0x000000003e1c88a8 2 0 R--rw- \Device\HarddiskVolume1\ProgramData\VMware\VMware Tools\Unity Filters\visualstudio2005.txt
0x000000003e1c8a90 2 0 R--rw- \Device\HarddiskVolume1\ProgramData\VMware\VMware Tools\Unity Filters\adobephotoshopcs3.txt
0x000000003e1c8d90 2 0 R--rw- \Device\HarddiskVolume1\ProgramData\VMware\VMware Tools\Unity Filters\adobeflashcs3.txt
0x000000003e222148 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e26b028 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e26bf80 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e272028 1 1 RW-r-d \Device\HarddiskVolume1\Windows\System32\wdi\LogFiles\WdiContextLog.etl.002
0x000000003e2727b8 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e272ae0 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e272cd0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\ndproxy.sys
0x000000003e27a538 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\HdAudio.sys
0x000000003e27af80 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\portcls.sys
0x000000003e27ec78 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\drmk.sys
0x000000003e2803e8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\filemgmt.dll
0x000000003e285720 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\nsiproxy.sys
0x000000003e2917c8 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e294a00 8 0 RW-rwd \Device\HarddiskVolume1\Windows\rescache\rc0002\ResCache.dir
0x000000003e295e48 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2989a8 1 1 RWD--- \Device\HarddiskVolume1\Windows\System32\config\RegBack\DEFAULT
0x000000003e2a2680 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2a3bb0 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2a3eb0 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2a51a0 12 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2a54a0 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2a8a68 1 1 ------ \Device\HarddiskVolume1\Windows\bootstat.dat
0x000000003e2a8bc0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\mrxsmb20.sys
0x000000003e2a8d40 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\a2cfb6f3-b3ae-4971-8e29-c415be22d2e5
0x000000003e2aac88 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2ab6f8 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2ad768 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2adb10 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\winsrv.dll
0x000000003e2adc90 7 0 ------ \Device\HarddiskVolume1\Windows\System32\locale.nls
0x000000003e2addb0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\basesrv.dll
0x000000003e2ae8b8 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2b04c8 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2b0f80 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2b18f0 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2b22d0 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2b2c70 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\DEFAULT.LOG2
0x000000003e2d8118 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2db178 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2dd970 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2df3b8 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003e2df9b8 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2e10d8 15 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2e1588 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\DEFAULT
0x000000003e2e1f80 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\DEFAULT.LOG1
0x000000003e2e2d30 4 0 RW-rwd \Device\HarddiskVolume1\Windows\rescache\rc0002\Segment0.cmf
0x000000003e2e3558 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\csrsrv.dll
0x000000003e2e3610 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\csrss.exe
0x000000003e2e36b8 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e2e3f80 4 1 RW-rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
0x000000003e2e5bb8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\udfs.sys
0x000000003e2e6e58 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e328038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\tsddd.dll
0x000000003e3280f0 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\svgafix.fon
0x000000003e328518 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\C_1252.NLS
0x000000003e328778 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\vga936.fon
0x000000003e328b28 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\svgasys.fon
0x000000003e332870 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\ega40woa.fon
0x000000003e332a50 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\cga80woa.fon
0x000000003e33c488 2 1 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu
0x000000003e398978 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e398af0 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume1\Users\admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM
0x000000003e398f80 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume1\Users\admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM
0x000000003e399038 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\negoexts.dll
0x000000003e399738 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\imm32.dll
0x000000003e39a228 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
0x000000003e39bd48 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003e39e120 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk
0x000000003e39e408 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk
0x000000003e39e6f0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk
0x000000003e39e9d8 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk
0x000000003e39ecc0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk
0x000000003e3a2490 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003e3a3a38 1 1 R--r-d \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat
0x000000003e3a4c80 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cdd.dll
0x000000003e3a5158 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\winlogon.exe
0x000000003e3a5370 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk
0x000000003e3a5658 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk
0x000000003e3a5940 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk
0x000000003e3a5c28 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk
0x000000003e3a5f10 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk
0x000000003e3a63c8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\taskbarcpl.dll
0x000000003e3a6738 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\migwiz\wet.dll
0x000000003e3a68b8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\netcenter.dll
0x000000003e3a7038 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\prncache.dll
0x000000003e3a72b8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Resources\Ease of Access Themes\hc1.theme
0x000000003e3a7a80 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wlaninst.dll
0x000000003e3a93d0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk
0x000000003e3a96b8 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
0x000000003e3ad9f0 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume1\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM
0x000000003e3ae930 1 1 ------ \Device\NamedPipe\InitShutdown
0x000000003e3aeb48 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\services.exe
0x000000003e3aec90 2 1 ------ \Device\NamedPipe\InitShutdown
0x000000003e3b1118 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk
0x000000003e3b1400 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk
0x000000003e3b16e8 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk
0x000000003e3b19d0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk
0x000000003e3b1de0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk
0x000000003e3b2750 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\KBDUS.DLL
0x000000003e3b3780 3 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\batang.ttc
0x000000003e3b44c8 2 1 RW-r-- \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
0x000000003e3b4710 2 1 RW-r-- \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
0x000000003e3b47c8 2 1 RW-r-- \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
0x000000003e3b6500 1 1 ------ \Device\NamedPipe\epmapper
0x000000003e3b6678 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM
0x000000003e3b6c18 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM
0x000000003e3b7278 1 1 ------ \Device\Afd\Endpoint
0x000000003e3b77d0 4 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\malgun.ttf
0x000000003e3b79b0 4 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\gulim.ttc
0x000000003e3c01e0 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003e3c0c38 2 1 ------ \Device\Afd\Endpoint
0x000000003e3c0e88 1 1 RW---- \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\NTUSER.DAT
0x000000003e3c0f40 1 1 ------ \Device\NamedPipe\epmapper
0x000000003e3c10a8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mswsock.dll
0x000000003e3c1708 3 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\malgunbd.ttf
0x000000003e3c1888 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\meiryob.ttc
0x000000003e3c25f8 6 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\msjh.ttf
0x000000003e3c2c78 6 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\msjhbd.ttf
0x000000003e3c2e58 7 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\meiryo.ttc
0x000000003e3c3038 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cryptdll.dll
0x000000003e3c3360 4 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\mingliub.ttc
0x000000003e3c3880 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\msgothic.ttc
0x000000003e3c3ac8 6 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\msyhbd.ttf
0x000000003e3c3cd8 6 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\mingliu.ttc
0x000000003e3c3eb8 4 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\msyh.ttf
0x000000003e3c46f8 5 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\tahoma.ttf
0x000000003e3c4940 2 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\msmincho.ttc
0x000000003e3c4b50 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf
0x000000003e3c4c20 7 0 R--rwd \Device\HarddiskVolume1\Windows\win.ini
0x000000003e3c55f0 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SECURITY.LOG1
0x000000003e3c5828 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wmsgapi.dll
0x000000003e3c5a70 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sysntfy.dll
0x000000003e3c65f0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
0x000000003e3c6a20 4 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\simsunb.ttf
0x000000003e3c6c68 3 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\segoeuib.ttf
0x000000003e3c7038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wevtapi.dll
0x000000003e3c7108 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\marlett.ttf
0x000000003e3c72c8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\authz.dll
0x000000003e3c7380 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cngaudit.dll
0x000000003e3c8378 9 1 R--r-d \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat
0x000000003e3c9160 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\micross.ttf
0x000000003e3c9288 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\rastls.dll
0x000000003e3c96f8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\samsrv.dll
0x000000003e3c98d8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
0x000000003e3c9e70 2 1 ------ \Device\Afd\Endpoint
0x000000003e3cd110 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk
0x000000003e3cd3f8 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk
0x000000003e3cd6e0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk
0x000000003e3cd9c8 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk
0x000000003e3cdcb0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk
0x000000003e3d02b8 16 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
0x000000003e3d0a60 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\RAC\RacTask
0x000000003e3d1528 1 1 R--r-d \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat
0x000000003e3d26f8 8 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_arrow.cur
0x000000003e3d3b20 6 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_busy.ani
0x000000003e3d3bd8 8 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_up.cur
0x000000003e3d48c0 8 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_nesw.cur
0x000000003e3d4978 8 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_ew.cur
0x000000003e3d4b08 1 1 -W-rw- \Device\HarddiskVolume1\Windows\debug\PASSWD.LOG
0x000000003e3d4bc0 8 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_nwse.cur
0x000000003e3d4e18 8 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e3d5038 8 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_ns.cur
0x000000003e3d5818 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\netlogon.dll
0x000000003e3d58d0 8 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_unavail.cur
0x000000003e3d5b60 6 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_working.ani
0x000000003e3d6038 8 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_helpsel.cur
0x000000003e3d6660 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WlS0WndH.dll
0x000000003e3d6930 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wdigest.dll
0x000000003e3d6c58 8 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_link.cur
0x000000003e3d6f80 8 0 R--r-- \Device\HarddiskVolume1\Windows\Cursors\aero_pen.cur
0x000000003e3d71e8 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_microsoft.windows.systemcompatible_6595b64144ccf1df_6.0.7600.16385_none_49adccbde8169a03.manifest
0x000000003e3d7410 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sxs.dll
0x000000003e3d7d90 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wship6.dll
0x000000003e3da240 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk
0x000000003e3da528 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk
0x000000003e3da810 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk
0x000000003e3daaf8 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
0x000000003e3dade0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk
0x000000003e3db368 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_1.0.7600.16385_none_9d148a8db8d32238.manifest
0x000000003e3db648 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_microsoft.windows.isolationautomation_6595b64144ccf1df_1.0.0.0_none_35d357a66c38ade4.manifest
0x000000003e3dbb40 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
0x000000003e3e0138 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003e3e01f0 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5.manifest
0x000000003e3e09a0 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e3e1208 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\secur32.dll
0x000000003e3e13e8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sspicli.dll
0x000000003e3e1758 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\lsass.exe
0x000000003e3e1af8 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e3e1bb0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\scext.dll
0x000000003e3e2380 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\lsm.exe
0x000000003e3e26c8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\powrprof.dll
0x000000003e3e28f8 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e3e2c08 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca.manifest
0x000000003e3e2e70 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\Manifests\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_zh-cn_6189e316803d96d4.manifest
0x000000003e3e4038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\logoncli.dll
0x000000003e3e56e0 1 1 RW---- \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2
0x000000003e3e6518 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dnsapi.dll
0x000000003e3e6658 8 0 ------ \Device\HarddiskVolume1\Windows\System32\C_28591.NLS
0x000000003e3e7a80 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\apphelp.dll
0x000000003e3e8d38 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\srvcli.dll
0x000000003e3e8ec8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msv1_0.dll
0x000000003e3e8f80 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\scesrv.dll
0x000000003e3ea5a8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\scecli.dll
0x000000003e3eac18 17 1 RWDr-d \Device\HarddiskVolume1\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
0x000000003e3ebf80 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\TSpkg.dll
0x000000003e3ec330 1 1 ------ \Device\NamedPipe\scerpc
0x000000003e3ec3e8 2 1 ------ \Device\NamedPipe\scerpc
0x000000003e3ec558 1 1 ------ \Device\NamedPipe\scerpc
0x000000003e3ecbf0 1 1 ------ \Device\NamedPipe\ntsvcs
0x000000003e3ecca8 2 1 ------ \Device\NamedPipe\ntsvcs
0x000000003e3ed1f0 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SAM.LOG2
0x000000003e3ed470 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SAM.LOG1
0x000000003e3ed6f0 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SAM
0x000000003e3ee698 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e3eec68 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e3ef1e0 1 1 RWD--- \Device\HarddiskVolume1\Windows\System32\config\RegBack\SAM
0x000000003e3ef5b0 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e3efaa8 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\Microsoft\Protect\S-1-5-18\User\04ece708-132d-4bf0-a647-e3329269a012
0x000000003e3f06e0 1 1 ------ \Device\NamedPipe\protected_storage
0x000000003e3f0798 2 1 ------ \Device\NamedPipe\protected_storage
0x000000003e3f0908 1 1 ------ \Device\NamedPipe\protected_storage
0x000000003e3f0e48 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\vsstrace.dll
0x000000003e3f1f80 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ubpm.dll
0x000000003e3f2038 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
0x000000003e3f24b0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\TSpkg.dll
0x000000003e3f2c98 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
0x000000003e3f2eb8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
0x000000003e3f3da0 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\credssp.dll
0x000000003e3f3f80 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\efslsaext.dll
0x000000003e3f41f8 1 1 ------ \Device\NamedPipe\lsass
0x000000003e3f49f8 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\CONSENT.EXE-65F6206D.pf
0x000000003e3f4e10 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
0x000000003e3f5728 1 0 R--r-- \Device\HarddiskVolume1\Windows\Prefetch\ReadyBoot\Trace6.fx
0x000000003e3f57e0 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\pku2u.dll
0x000000003e3f5d90 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
0x000000003e3f6720 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\schannel.dll
0x000000003e3f7b38 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\lsasrv.dll
0x000000003e3f7d80 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sspisrv.dll
0x000000003e3f85e0 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003e3f9800 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\DeviceCenter.dll.mui
0x000000003e3f99f0 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
0x000000003e3fc9e0 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\pnrpnsp.dll
0x000000003e3fcb50 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msimsg.dll
0x000000003e3fe338 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\DeviceCenter.dll
0x000000003e3fe870 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\Favorites\Links\建议网站.url
0x000000003e3fec88 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e3fee60 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e3ff338 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\vwifibus.sys
0x000000003e3ff3f0 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\script.fon
0x000000003e3ff698 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\modern.fon
0x000000003e626038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\rasmm.dll.mui
0x000000003e626400 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\netpacer.PNF
0x000000003e626698 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\netserv.PNF
0x000000003e626ec8 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\ndiscap.PNF
0x000000003e7b0410 16 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\lsi_sas.sys
0x000000003e7b07f8 16 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\Diskdump.sys
0x000000003e7b0f80 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\duser.dll
0x000000003e8002e0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\ndistapi.sys
0x000000003e828c90 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\profapi.dll
0x000000003e82a358 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\ndiswan.sys
0x000000003e83ac28 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\raspptp.sys
0x000000003e83bba8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\rdpbus.sys
0x000000003e83e710 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\rassstp.sys
0x000000003e8421a0 15 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\swenum.sys
0x000000003e842268 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\umbus.sys
0x000000003e844550 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Contacts\desktop.ini
0x000000003e844cd8 17 1 RWDr-d \Device\HarddiskVolume1\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
0x000000003e845f00 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\ks.sys
0x000000003e84bc48 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\fsquirt.exe
0x000000003e84ccb0 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsData0000.dll
0x000000003e84d778 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\framedynos.dll
0x000000003e84de70 8 0 R--rw- \Device\HarddiskVolume1\Windows\System32\wdi\LogFiles\WdiContextLog.etl.001
0x000000003e84df80 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\wuauclt.exe
0x000000003e84e5d0 1 1 ------ \Device\NamedPipe\ProtectedPrefix\Administrators
0x000000003e84e688 1 1 ------ \Device\Mailslot\ProtectedPrefix
0x000000003e84eb30 7 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
0x000000003e84ebe8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\cimwin32.dll
0x000000003e84f038 7 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf
0x000000003e850340 1 1 ------ \Device\Mailslot\ProtectedPrefix\NetWorkService
0x000000003e8503f8 1 1 ------ \Device\NamedPipe\ProtectedPrefix\NetWorkService
0x000000003e8504b0 1 1 ------ \Device\Mailslot\ProtectedPrefix\LocalService
0x000000003e850ec8 1 1 ------ \Device\NamedPipe\ProtectedPrefix\LocalService
0x000000003e850f80 1 1 ------ \Device\Mailslot\ProtectedPrefix\Administrators
0x000000003e851620 1 1 RW---- \Device\HarddiskVolume1\Boot\BCD
0x000000003e851ec8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\autochk.exe
0x000000003e852100 1 1 RW-rwd \Device\clfs\SystemRoot\System32\Config\TxR\{6cced301-6e01-11de-8bed-001e0bcd1824}.TM
0x000000003e853648 2 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\config\TxR\{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
0x000000003e853ae0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\usbhub.sys
0x000000003e854be0 1 1 RW---- \Device\HarddiskVolume1\Boot\BCD.LOG
0x000000003e859330 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\rspndr.PNF
0x000000003e859ad0 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\netnwifi.PNF
0x000000003e859eb8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Resources\Ease of Access Themes\basic.theme
0x000000003e85a250 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\lpk.dll
0x000000003e85a558 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msctf.dll
0x000000003e85a610 16 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e85b038 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
0x000000003e85b208 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\urlmon.dll
0x000000003e85b3b8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\normaliz.dll
0x000000003e85b9b0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\imm32.dll
0x000000003e85bb70 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\setupapi.dll
0x000000003e85bd58 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
0x000000003e85c468 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
0x000000003e85c850 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
0x000000003e85cb30 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\kernel32.dll
0x000000003e85ce50 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\gdi32.dll
0x000000003e85d388 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\psapi.dll
0x000000003e85d600 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\advapi32.dll
0x000000003e85d918 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ole32.dll
0x000000003e85dbe0 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
0x000000003e85e208 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\difxapi.dll
0x000000003e85e388 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wininet.dll
0x000000003e85e6b8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\usp10.dll
0x000000003e85eaf0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sechost.dll
0x000000003e85ee20 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\shell32.dll
0x000000003e85f108 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e85f2b0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\nsi.dll
0x000000003e85f648 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
0x000000003e85fc08 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
0x000000003e860530 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
0x000000003e860780 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
0x000000003e860ba0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\iertutil.dll
0x000000003e860ee0 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
0x000000003e861038 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\user32.dll
0x000000003e861100 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\devobj.dll
0x000000003e861358 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\comctl32.dll
0x000000003e861540 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
0x000000003e8618d8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\crypt32.dll
0x000000003e862420 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SOFTWARE.LOG1
0x000000003e862608 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msasn1.dll
0x000000003e8626c0 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SOFTWARE
0x000000003e8629e0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wintrust.dll
0x000000003e863da8 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SYSTEM
0x000000003e863f80 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SOFTWARE.LOG2
0x000000003e8681b0 2 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\config\TxR\{6cced301-6e01-11de-8bed-001e0bcd1824}.TM.blf
0x000000003e868788 1 1 RWD--- \Device\HarddiskVolume1\Windows\System32\config\RegBack\SOFTWARE
0x000000003e86a358 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e86a400 1 1 RWD--- \Device\HarddiskVolume1\Windows\System32\config\RegBack\SYSTEM
0x000000003e86a618 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SYSTEM.LOG2
0x000000003e86a6c0 2 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\config\TxR\{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
0x000000003e8704f0 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SYSTEM.LOG1
0x000000003e879960 2 1 RW-rw- \Device\clfs\SystemRoot\System32\Config\TxR\{6cced301-6e01-11de-8bed-001e0bcd1824}.TM
0x000000003e879f80 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e888038 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NaturalLanguage6.dll
0x000000003e888320 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wbem\en-US\WmiApRes.dll.mui
0x000000003e8888e8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
0x000000003e888ca8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\pcasvc.dll
0x000000003e8d1408 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003e9cb5e8 15 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\mssmbios.sys
0x000000003ea0e038 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\desktop.ini
0x000000003ea0e120 1 1 ------ \Device\NamedPipe\srvsvc
0x000000003ea0e618 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\DHCPQEC.DLL
0x000000003ea1faa0 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ea1fc50 6 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf
0x000000003ea2a490 2 1 RW-r-- \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
0x000000003ea2a908 3 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ea2a9b0 2 1 RW-r-- \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
0x000000003ea33038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msxml3r.dll
0x000000003ea33198 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
0x000000003ea33570 7 0 R--rw- \Device\HarddiskVolume1\Windows\System32\wdi\LogFiles\BootCKCL.etl
0x000000003ea33660 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
0x000000003ea33718 2 0 R--r-- \Device\HarddiskVolume1\Windows\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
0x000000003ea447a0 2 1 RW-r-- \Device\HarddiskVolume1\Users\admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
0x000000003ea449f0 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\umb.dll
0x000000003ea44aa8 1 1 RW---- \Device\HarddiskVolume1\Users\admin\NTUSER.DAT
0x000000003ea44b60 1 1 RW---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
0x000000003ea45358 2 1 RW-r-- \Device\HarddiskVolume1\Users\admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
0x000000003ea45420 2 1 RW-r-- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat{93b3bf0a-e32d-11eb-94e6-94e70bb14e54}.TM.blf
0x000000003ea45648 2 1 RW-r-- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat{93b3bf0a-e32d-11eb-94e6-94e70bb14e54}.TMContainer00000000000000000001.regtrans-ms
0x000000003ea45d58 1 1 RW---- \Device\HarddiskVolume1\Users\admin\ntuser.dat.LOG2
0x000000003ea45ec8 1 1 RW---- \Device\HarddiskVolume1\Users\admin\ntuser.dat.LOG1
0x000000003ea48388 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\raspppoe.sys
0x000000003ea4ae60 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
0x000000003ea4af80 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ntlanman.dll
0x000000003ea4b5a0 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ea4bb90 2 1 RW-r-- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat{93b3bf0a-e32d-11eb-94e6-94e70bb14e54}.TMContainer00000000000000000002.regtrans-ms
0x000000003ea4bc90 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat{93b3bf0a-e32d-11eb-94e6-94e70bb14e54}.TM
0x000000003ea4c7a8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\dllhost.exe
0x000000003ea4ca28 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Credentials
0x000000003ea4cb70 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Credentials
0x000000003ea4d148 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003ea4eaa0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\kerberos.dll
0x000000003ea4eb58 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sxssrv.dll
0x000000003ea4eeb8 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\ega80woa.fon
0x000000003ea4f300 1 1 RW-rwd \Device\HarddiskVolume1\Windows\CSC\v2.0.6\temp
0x000000003ea4f4e8 1 1 R--rw- \Device\HarddiskVolume1\Windows\CSC
0x000000003ea4faf0 2 0 R--r-- \Device\HarddiskVolume1sm
0x000000003ea51098 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\FWPUCLNT.DLL
0x000000003ea51550 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003ea83d08 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\367f930a-a3db-4112-b1f1-50e92a171c88
0x000000003ea83f80 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
0x000000003ea88440 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WlanMM.dll
0x000000003ea88740 8 0 R--rwd \Device\HarddiskVolume1\autoexec.bat
0x000000003ea887f8 4 0 R--r-d \Device\HarddiskVolume1\Program Files\Common Files\VMware\Drivers\vss\VCBSnapshotProvider.dll
0x000000003ea8da90 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\SNTSearch.dll
0x000000003ea8dcc8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sqlceoledb30.dll
0x000000003ea8de48 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\nshhttp.dll
0x000000003eaa7280 1 1 RW---- \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1
0x000000003eaa7480 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003eaa75a0 1 1 ------ \Device\Afd\Endpoint
0x000000003eaa7750 1 1 RWD--- \Device\HarddiskVolume1\Windows\System32\config\RegBack\SECURITY
0x000000003eaa78c0 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SECURITY.LOG2
0x000000003eaa7b70 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\config\SECURITY
0x000000003eaad1b0 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\mountmgr.sys
0x000000003eaad408 10 0 -W---- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_80072efe_eed54846deb8b3ece27f3b18d37b7066c8c31be_0e0d29be\Report.wer
0x000000003eaad4b0 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\pciidex.sys
0x000000003eaad5e8 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\vmci.sys
0x000000003eaad8e8 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\intelide.sys
0x000000003eaadf80 7 0 R--r-- \Device\HarddiskVolume1\Windows\System32\drivers\volmgr.sys
0x000000003eab0a30 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\VaultCredProvider.dll
0x000000003eab0b20 4 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003eab0d38 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\BioCredProv.dll
0x000000003eab0ec8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\6b2f3ac7-5e0c-45f6-88d2-1c97fe937122
0x000000003eab0f80 7 0 R--r-d \Device\HarddiskVolume1\Windows\Branding\Basebrd\basebrd.dll
0x000000003ead7348 2 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wininit.exe
0x000000003eb16ad8 11 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\vmhgfs.sys
0x000000003eb16d58 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\hdaudbus.sys
0x000000003eb16e00 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\netbt.sys
0x000000003eb526b0 3 1 RW--w- \Device\HarddiskVolume1\pagefile.sys
0x000000003eb52a60 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\dxapi.sys
0x000000003eb56260 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\i8042prt.sys
0x000000003eb57bd0 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003eb5b468 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\nci.dll
0x000000003eb5b558 3 1 R--rwd \Device\Mup\.\.
0x000000003eb6b038 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\Favorites\desktop.ini
0x000000003eb6bab8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\ieui.dll
0x000000003eb6bd28 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003eb6bf80 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\aelupsvc.dll
0x000000003eb781e8 15 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\mouclass.sys
0x000000003eb784e0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\dfsc.sys
0x000000003eb78c50 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\csc.sys
0x000000003eb790e8 2 0 R--r-- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\8905ecd8-016f-4dc2-90e6-a5f1fa6a841a
0x000000003eb7a460 6 0 R--r-- \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
0x000000003eba69f0 6 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\app936.fon
0x000000003ebb4e60 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\blbdrive.sys
0x000000003ebb53d8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\smss.exe
0x000000003ebb58c0 8 0 RW---- \Device\HarddiskVolume1\Windows\bootstat.dat
0x000000003ebb6120 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\msinfo32.exe
0x000000003ebb6290 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ebb6bb8 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\comsvcs.dll
0x000000003ebe77c8 8 0 R--rwd \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\VMwareResolutionSet.exe
0x000000003ebf0a88 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ebf68a0 15 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\kbdclass.sys
0x000000003ebf6948 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\discache.sys
0x000000003ebfe280 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\rasl2tp.sys
0x000000003edf5cc0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ipconfig.exe
0x000000003edf5e20 7 0 R--rwd \Device\HarddiskVolume1\Windows\Temp\MpCmdRun.log
0x000000003ee39920 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\Apphlpdm.dll
0x000000003ee3cd98 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wdiasqmmodule.dll
0x000000003f1e79b8 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003f1e8ad8 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\PortableDeviceConnectApi.dll
0x000000003f1e98e0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\drivers\vwifibus.sys
0x000000003f1ea738 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\radardt.dll
0x000000003f1ead90 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf
0x000000003f211db8 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf
0x000000003f212038 5 0 R--r-d \Device\HarddiskVolume1\Program Files\7-Zip\7zG.exe
0x000000003f212110 5 0 RW-rw- \Device\HarddiskVolume1\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
0x000000003f212698 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\idndl.dll
0x000000003f2128f8 11 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
0x000000003f4e0288 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\flpydisk.sys
0x000000003f5d9d48 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\iesetup.dll
0x000000003f5db3e0 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\EAPQEC.DLL
0x000000003f5dba28 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wpdshext.dll
0x000000003f5dbb60 8 1 RW-rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
0x000000003f5dbc58 7 0 R--rw- \Device\HarddiskVolume1\Windows\Media\Windows Navigation Start.wav
0x000000003f5dbd50 3 0 RW-rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
0x000000003f5dbe48 8 0 RW-r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
0x000000003f5dbf40 1 1 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
0x000000003f5dc340 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
0x000000003f5dc4f0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\VSSVC.exe
0x000000003f5dc908 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\KernelBase.dll.mui
0x000000003f5dc9c0 7 0 R--r-d \Device\HarddiskVolume1\Program Files\Common Files\VMware\Drivers\vss\VCBSnapshotProvider.dll
0x000000003f5dcc98 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\powrprof.dll
0x000000003f5dcf38 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003f5dd038 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\virtdisk.dll
0x000000003f5dd3b8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\AudioEng.dll
0x000000003f5dd6d8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\fltLib.dll
0x000000003fa0ae58 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\PeerDist.dll
0x000000003fa0af10 8 0 R--rwd \Device\HarddiskVolume1\Windows\AppPatch\AcLayers.dll
0x000000003fa29288 3 1 R--rwd \Device\HarddiskVolume1\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My
0x000000003fa73308 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fa73b20 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wer.dll
0x000000003fa73d10 6 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat
0x000000003fa73e48 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fa74df0 8 0 RW---- \Device\HarddiskVolume1\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
0x000000003fa82248 8 0 R--rw- \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\suspend-vm-default.bat
0x000000003fa85638 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\WinSATAPI.dll.mui
0x000000003fa8e810 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts
0x000000003fa8f948 1 0 RW-rwd \Device\HarddiskVolume1\$NonCachedIo
0x000000003fa8ff18 2 0 R--r-- \Device\HarddiskVolume1\Windows\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
0x000000003fa92038 2 0 RWD--- \Device\HarddiskVolume1\Windows\inf\WmiApRpl\0009\WmiApRpl.ini
0x000000003fa921c8 2 1 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\{529B7D2A-05D1-4F21-A001-8F4FF817FC3A}
0x000000003fab9660 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fab9748 1 1 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
0x000000003fab9d48 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\authz.dll
0x000000003fc3f4d8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\usercpl.dll
0x000000003fc3f8e8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\drivers\zh-CN\hdaudbus.sys.mui
0x000000003fc4bc88 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\inetcpl.cpl
0x000000003fc4e3a8 14 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fc4e4d0 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\Desktop
0x000000003fc51678 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Burn
0x000000003fc51c60 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msxml6.dll
0x000000003fc55658 8 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
0x000000003fc55e98 8 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
0x000000003fc55f50 7 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
0x000000003fc583e0 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fc59930 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
0x000000003fc5a280 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ReAgent.dll
0x000000003fc5a770 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-632115932-2214978728-2420482550-1000_UserData.bin
0x000000003fc5a9a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mscoree.dll
0x000000003fc5b038 3 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c299b012a3fe92ae56d60fe415f63fff\System.EnterpriseServices.ni.dll
0x000000003fc5b340 2 1 ------ \Device\NamedPipe\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER
0x000000003fc5bc98 1 1 RW---- \Device\HarddiskVolume1\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
0x000000003fc5d998 1 1 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
0x000000003fc5e2a0 16 0 R--rwd \Device\HarddiskVolume1\Windows\System32\nettrace.dll
0x000000003fc5e4c0 12 0 R--rwd \Device\HarddiskVolume1\Windows\System32\polstore.dll
0x000000003fc5e7a0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\adsldpc.dll
0x000000003fc5ea68 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\activeds.dll
0x000000003fc5ec90 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\tapi32.dll
0x000000003fc5ee80 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ELSCore.dll
0x000000003fc60038 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-215552.log
0x000000003fc60400 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\C_869.NLS
0x000000003fc60790 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-VirtualPC-Licensing-Package~31bf3856ad364e35~x86~~6.1.7600.16385.cat
0x000000003fc60ab8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-UltimateEdition~31bf3856ad364e35~x86~~6.1.7600.16385.cat
0x000000003fc60e50 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TFTP-Client-Package~31bf3856ad364e35~x86~~6.1.7600.16385.cat
0x000000003fc61110 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~x86~~6.1.7600.16385.cat
0x000000003fc61208 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wscsvc.dll
0x000000003fc61520 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cabinet.dll
0x000000003fc61650 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003fc61708 4 0 R--r-- \Device\HarddiskVolume1\Windows\SoftwareDistribution\DataStore\Logs\edb.log
0x000000003fc61800 17 1 RW-rw- \Device\HarddiskVolume1\Windows\WindowsUpdate.log
0x000000003fc61ac8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\mspatcha.dll
0x000000003fc61bc0 1 1 RW-rw- \Device\HarddiskVolume1\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log
0x000000003fc61cb8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wups.dll
0x000000003fc67538 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\drivers\zh-CN\acpi.sys.mui
0x000000003fc67778 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fc67910 8 0 R--rwd \Device\HarddiskVolume1\Users\Public\Recorded TV\desktop.ini
0x000000003fc67d08 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\fveui.dll
0x000000003fc67ed0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat
0x000000003fc6b038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\C_20924.NLS
0x000000003fc6b180 1 1 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
0x000000003fc6b9d0 17 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fc6bd50 8 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Defender\zh-CN\MsMpRes.dll.mui
0x000000003fc6f3b0 9 1 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012021071820210719\index.dat
0x000000003fc6f5f0 2 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\Program Files.lnk
0x000000003fc6fe80 8 0 R--rw- \Device\HarddiskVolume1\Windows\Media\Windows Recycle.wav
0x000000003fc72228 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fc724b8 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\7ZG.EXE-2A7D43BC.pf
0x000000003fc726f0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ntshrui.dll
0x000000003fc72960 8 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Defender\MpCommu.dll
0x000000003fc72bd8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat
0x000000003fc72dc0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
0x000000003fc72f80 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003fc8c670 10 0 -W---- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_0beffd80\Report.wer
0x000000003fc8c728 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Burn
0x000000003fc8cf38 5 0 R--r-- \Device\HarddiskVolume1\Windows\System32\DriverStore\infstor.dat
0x000000003fc8d530 1 1 RW---- \Device\HarddiskVolume1\System Volume Information\Syscache.hve.LOG2
0x000000003fc8e3d8 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fc94240 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
0x000000003fc94528 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk
0x000000003fc94810 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
0x000000003fc94af8 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk
0x000000003fc94de0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk
0x000000003fc95458 12 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wscproxystub.dll
0x000000003fc95510 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\intl.cpl
0x000000003fc955c8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msra.exe
0x000000003fc95680 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\KernelBase.dll.mui
0x000000003fc95948 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\spfileq.dll
0x000000003fc95b78 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003fc96880 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsLexicons0416.dll
0x000000003fc96940 4 0 R--rwd \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x000000003fc97708 8 0 R--r-- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-632115932-2214978728-2420482550-1000\7ca8b20e-d772-48fd-ba05-345de096afff
0x000000003fc983d8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wmsgapi.dll
0x000000003fc98aa8 8 0 RW-r-- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms
0x000000003fc98ce0 4 0 RW-r-- \Device\HarddiskVolume1\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
0x000000003fc98f10 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\History\desktop.ini
0x000000003fc9b700 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fc9d5b8 8 0 RW---- \Device\HarddiskVolume1\Windows\SoftwareDistribution\DataStore\DataStore.edb
0x000000003fc9dbf8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dfscli.dll
0x000000003fc9ec30 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dciman32.dll
0x000000003fc9f290 1 0 RW-rwd \Device\HarddiskVolume1\$NonCachedIo
0x000000003fc9f948 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003fc9fb20 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\SearchFolder.dll
0x000000003fc9fbd8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\SessEnv.dll
0x000000003fca0740 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fca0c28 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ifmon.dll
0x000000003fca15f0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msi.dll
0x000000003fca1770 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wsock32.dll
0x000000003fca2668 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\cmd.exe.mui
0x000000003fca2728 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf
0x000000003fca3370 8 0 R--r-- \Device\HarddiskVolume1\Windows\inf\faxcn002.inf
0x000000003fca4240 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk
0x000000003fca4528 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
0x000000003fca4810 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
0x000000003fca4af8 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
0x000000003fca4de0 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk
0x000000003fca6828 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NapiNSP.dll
0x000000003fca7788 2 1 ------ \Device\NamedPipe\lsass
0x000000003fca7bb8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sppsvc.exe
0x000000003fca8378 2 0 -W---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RR5DTU7V\favcenter[1]
0x000000003fca8a88 8 0 RW---- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST
0x000000003fca9a80 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\catroot2\edb.chk
0x000000003fcab568 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\srclient.dll
0x000000003fcabc28 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\slwga.dll
0x000000003fcabf10 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
0x000000003fcac1f0 5 0 R--rwd \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\wcp.dll
0x000000003fcad038 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\sc.exe.mui
0x000000003fcad0f8 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wercplsupport.dll
0x000000003fcad2a8 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fcad4f0 16 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
0x000000003fcb1240 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\sppcomapi.dll
0x000000003fcb2128 6 0 R--r-d \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpLics.dll
0x000000003fcb2280 2 1 ------ \Device\Afd\Endpoint
0x000000003fcb23d0 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\sppwinob.dll
0x000000003fcb2740 2 1 ------ \Device\Afd\Endpoint
0x000000003fcb2928 7 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpRes.dll
0x000000003fcb2a88 9 1 RW-r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-215552.log
0x000000003fcb2bc0 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fcb2ec8 4 0 R--r-d \Device\HarddiskVolume1\Program Files\Windows Defender\MpRTP.dll
0x000000003fcb4648 2 1 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\WER\ReportArchive
0x000000003fcb4a20 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\regsvr32.exe
0x000000003fcb4ba0 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\QAGENTRT.DLL
0x000000003fcb5038 8 0 R--rwd \Device\HarddiskVolume1\Program Files\VMware\VMware Tools\poweroff-vm-default.bat
0x000000003fcb54a8 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\inetpp.dll
0x000000003fcb5690 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\win32spl.dll
0x000000003fcb5f80 1 1 ------ \Device\NamedPipe\lsass
0x000000003fcb61d0 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003fcb6288 8 0 RW-r-- \Device\HarddiskVolume1\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001
0x000000003fcb6d50 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\syncui.dll
0x000000003fcb6f80 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msisip.dll
0x000000003fcb76b8 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fcb7770 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wscisvif.dll
0x000000003fcb7ae0 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\aclui.dll
0x000000003fcb7c18 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\adsldpc.dll
0x000000003fcb8038 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\reg.exe
0x000000003fcb8248 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsLexicons0007.dll
0x000000003fcb8a58 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\d3dim700.dll
0x000000003fcb8c00 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sdiageng.dll
0x000000003fcb9160 8 0 R--r-- \Device\HarddiskVolume1\Windows\winsxs\FileMaps\$$.cdf-ms
0x000000003fcb9280 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WMALFXGFXDSP.dll
0x000000003fcb9f80 8 0 RW-rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\index.dat
0x000000003fcba1a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
0x000000003fcbbb78 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\MsCtfMonitor.dll
0x000000003fcbc4d0 4 0 R--r-- \Device\HarddiskVolume1\Windows\System32\sppwinob.dll
0x000000003fcbc600 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\SVCHOST.EXE-18D06B2E.pf
0x000000003fcbc6b8 1 1 R--rw- \Device\HarddiskVolume1\Windows\System32
0x000000003fcbc8e8 13 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Defender\MpClient.dll
0x000000003fcbe308 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\appwiz.cpl
0x000000003fcbe5e8 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\security.dll
0x000000003fcbed00 2 0 -W---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9431IYM4\tools[1]
0x000000003fcc0038 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\imgutil.dll
0x000000003fcc03d0 2 0 -W---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9431IYM4\noConnect[1]
0x000000003fcc05a0 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wmi.dll
0x000000003fcc0958 5 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\arial.ttf
0x000000003fcc1038 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk
0x000000003fcc1310 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk
0x000000003fcc15f8 8 0 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
0x000000003fcc2448 13 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Defender\MpSvc.dll
0x000000003fcc2560 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fcc34a0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sppsvc.exe
0x000000003fcc3558 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wuaueng.dll
0x000000003fcc3770 12 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wscapi.dll
0x000000003fcc51c8 3 1 R--rwd \Device\HarddiskVolume1\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My
0x000000003fcc57f0 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\tdh.dll
0x000000003fcc5908 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\RacRules.xml
0x000000003fcc5c90 7 0 R--r-- \Device\HarddiskVolume1\Windows\SoftwareDistribution\DataStore\Logs\edb.chk
0x000000003fcc6038 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\spp\plugin-manifests-signed\sppobjs-spp-plugin-manifest-signed.xrm-ms
0x000000003fcc6210 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wups2.dll
0x000000003fcc6438 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\sppsvc.exe.mui
0x000000003fcc6620 11 0 R--rwd \Device\HarddiskVolume1\Windows\System32\drivers\spsys.sys
0x000000003fcc6cd8 1 1 R--rwd \Device\HarddiskVolume1\Windows\System32
0x000000003fcc6ec8 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\spp\plugin-manifests-signed\sppwinob-spp-plugin-manifest-signed.xrm-ms
0x000000003fcc7778 2 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\config\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms
0x000000003fcc7c98 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sppc.dll
0x000000003fcc9700 10 1 RW---- \Device\HarddiskVolume1\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
0x000000003fccb948 4 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wuapi.dll
0x000000003fccd9e0 8 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
0x000000003fccdac0 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fccdbc0 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\pla.dll
0x000000003fcce160 6 0 R--rwd \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
0x000000003fcce3a8 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsData0416.dll
0x000000003fcce5f0 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mfpmp.exe
0x000000003fcce950 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fccebb8 4 0 R--rwd \Device\HarddiskVolume1\Program Files\DVD Maker\DVDMaker.exe
0x000000003fcd0310 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fcd07f0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\psbase.dll
0x000000003fcd08a8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sti.dll
0x000000003fcd0aa8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wusa.exe
0x000000003fcd0e88 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dfdts.dll
0x000000003fcd2038 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\trebuc.ttf
0x000000003fcd28a0 6 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Journal\Journal.exe
0x000000003fcd2d08 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsLexicons0011.dll
0x000000003fcd2e88 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsLexicons000a.dll
0x000000003fcd3108 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sxsstore.dll
0x000000003fcd3590 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\netshell.dll
0x000000003fcd3718 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsLexicons0013.dll
0x000000003fcd3b80 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dot3cfg.dll
0x000000003fcd3d70 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rpcnsh.dll
0x000000003fcd3f10 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fcd4348 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\PeerDistSh.dll
0x000000003fcd48e8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wwapi.dll
0x000000003fcd4b08 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wwancfg.dll
0x000000003fcd7038 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\korwbrkr.dll
0x000000003fcd71b8 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\hnetmon.dll
0x000000003fcd72e0 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\elsTrans.dll
0x000000003fcd7640 12 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NAPMONTR.DLL
0x000000003fcd78c0 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zipfldr.dll
0x000000003fcd79e8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\RacEngn.dll
0x000000003fcd7b10 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\OobeFldr.dll
0x000000003fcd7cc8 8 0 R--rwd \Device\HarddiskVolume1\Program Files\7-Zip\7-zip.dll
0x000000003fcd7f10 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dot3api.dll
0x000000003fcd8038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\certcli.dll
0x000000003fcd8110 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\logoncli.dll
0x000000003fcd82c8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wkscli.dll
0x000000003fcd8480 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\srvcli.dll
0x000000003fcd86c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\netutils.dll
0x000000003fcd8908 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\netapi32.dll
0x000000003fcd8af8 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\nshipsec.dll
0x000000003fcd8cb0 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sppcext.dll
0x000000003fcd9198 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Libraries
0x000000003fce29e0 10 1 RW---- \Device\HarddiskVolume1\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
0x000000003fce8260 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WcnNetsh.dll
0x000000003fce8518 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\tdh.dll
0x000000003fce86e0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\fveui.dll
0x000000003fce88a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wermgr.exe
0x000000003fce8bd0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wdi.dll
0x000000003fce8f80 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ndfapi.dll
0x000000003fcea6c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\authui.dll
0x000000003fcea848 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cryptui.dll
0x000000003fceac20 8 0 R--rwd \Device\HarddiskVolume1\Program Files\7-Zip\7zG.exe
0x000000003fceb730 1 1 -WD--- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock
0x000000003fcec120 2 0 -W---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P2DFGMSC\down[1]
0x000000003fced428 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\WMVCORE.DLL
0x000000003fcef4e8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\crypt32.dll.mui
0x000000003fcefa88 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\wlancfg.dll.mui
0x000000003fcefca8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\fwcfg.dll.mui
0x000000003fcf0390 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wscinterop.dll
0x000000003fcf0ab0 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportArchive
0x000000003fcf2450 7 0 R--r-d \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpLics.dll
0x000000003fcf3c68 8 0 R--r-d \Device\HarddiskVolume1\Windows\System32\wscui.cpl
0x000000003fcf4948 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\cmd.exe
0x000000003fcf4b10 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003fcf4bc8 3 1 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates
0x000000003fcf4c80 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003fcf5488 8 0 R--r-- \Device\HarddiskVolume1\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
0x000000003fcf7428 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\gpapi.dll
0x000000003fcf7648 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\p2pnetsh.dll.mui
0x000000003fcf7868 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fcf7f10 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\QAGENT.DLL
0x000000003fcf8218 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
0x000000003fcf9728 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dhcpcmonitor.dll
0x000000003fcf9920 10 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
0x000000003fcf99d8 9 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\ActionCenter.dll.mui
0x000000003fcf9ba8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\autoplay.dll
0x000000003fcf9c60 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\feclient.dll
0x000000003fcf9d30 8 0 R--rwd \Device\HarddiskVolume1\Windows\Resources\Ease of Access Themes\hc2.theme
0x000000003fcfa240 3 0 R--r-d \Device\HarddiskVolume1\Windows\System32\w32time.dll
0x000000003fcfa480 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\sppobjs.dll
0x000000003fcfaeb8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\bitsperf.dll
0x000000003fcfb8e0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mctres.dll
0x000000003fcfb998 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003fcfbb78 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\WER\ERC
0x000000003fcfd1f8 5 0 R--r-d \Device\HarddiskVolume1\Windows\System32\hcproviders.dll
0x000000003fcff1c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\napipsec.dll.mui
0x000000003fcff5b0 15 0 R--rwd \Device\HarddiskVolume1\Windows\System32\napipsec.dll
0x000000003fcffb00 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\DHCPQEC.DLL.MUI
0x000000003fcffd20 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\nshhttp.dll.mui
0x000000003fcfff10 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\courbd.ttf
0x000000003fd04388 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\fsquirt.exe
0x000000003fd045a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\EAPQEC.DLL.MUI
0x000000003fd04900 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\EAPQEC.DLL
0x000000003fd04b20 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\tsgqec.dll.mui
0x000000003fd04e48 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\tsgqec.dll
0x000000003fd07be0 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cryptdlg.dll
0x000000003fd09f80 7 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\Desktop.ini
0x000000003fd0af80 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\AUDIOKSE.dll
0x000000003fd0b178 3 0 R--rwd \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
0x000000003fd0b478 3 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fd0b6f0 6 0 R--rwd \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
0x000000003fd0b908 4 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows NT\Accessories\wordpad.exe
0x000000003fd0bab8 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
0x000000003fd0bcc0 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mmc.exe
0x000000003fd0bf80 7 0 R--rwd \Device\HarddiskVolume1\Program Files\Common Files\System\wab32res.dll
0x000000003fd0c038 2 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll
0x000000003fd0c2c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ci.dll
0x000000003fd0c650 5 0 R--rwd \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\DrUpdate.dll
0x000000003fd0c7d8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\oobe\oobeldr.exe
0x000000003fd0cc90 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\scrobj.dll
0x000000003fd0ce40 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\evr.dll
0x000000003fd0cf80 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mfds.dll
0x000000003fd0d390 2 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
0x000000003fd0d6c0 2 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
0x000000003fd0d840 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
0x000000003fd0df80 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wsepno.dll
0x000000003fd0e178 8 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll
0x000000003fd0e7b0 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msdmo.dll
0x000000003fd0ee88 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\l_intl.nls
0x000000003fd0f2a0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\drt.dll
0x000000003fd0f3c0 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\d3d9.dll
0x000000003fd0f480 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\pdhui.dll
0x000000003fd0f5e8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\qwave.dll
0x000000003fd0fab8 4 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\97adf9fccd70327b839a92c3d038b101\System.Transactions.ni.dll
0x000000003fd0ff80 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fd11390 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mfps.dll
0x000000003fd11778 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dxva2.dll
0x000000003fd11880 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wecapi.dll
0x000000003fd11a30 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\PING.EXE
0x000000003fd13c60 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
0x000000003fd14508 2 0 R--rwd \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
0x000000003fd14bf0 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsData0013.dll
0x000000003fd14e10 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\ariali.ttf
0x000000003fd14ec8 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\times.ttf
0x000000003fd157f8 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsData000a.dll
0x000000003fd15978 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sppuinotify.dll
0x000000003fd15a30 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsData0011.dll
0x000000003fd1d6a8 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\notepad.exe
0x000000003fd1d760 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sendmail.dll
0x000000003fd1d8b0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\korwbrkr.lex
0x000000003fd1d970 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsData0007.dll
0x000000003fd21208 15 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wlancfg.dll
0x000000003fd214f8 16 0 R--rwd \Device\HarddiskVolume1\Windows\System32\p2pcollab.dll
0x000000003fd216e8 11 0 R--rwd \Device\HarddiskVolume1\Windows\System32\P2P.dll
0x000000003fd21b20 13 0 R--rwd \Device\HarddiskVolume1\Windows\System32\p2pnetsh.dll
0x000000003fd21c48 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wucltux.dll
0x000000003fd22b88 4 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
0x000000003fd24110 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\simpo.ttf
0x000000003fd24538 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\xcopy.exe
0x000000003fd24778 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\attrib.exe
0x000000003fd24ba0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WABSyncProvider.dll
0x000000003fd24c88 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\net.exe
0x000000003fd24e40 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sdclt.exe
0x000000003fd281b8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ksproxy.ax
0x000000003fd28338 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\pcaui.exe
0x000000003fd28400 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msjet40.dll
0x000000003fd288b8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\fvecpl.dll
0x000000003fd28eb8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\scksp.dll
0x000000003fd29038 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\perfnet.dll
0x000000003fd29330 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rtm.dll
0x000000003fd29608 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\pots.dll
0x000000003fd29770 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\netmsg.dll
0x000000003fd29a78 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\swprv.dll
0x000000003fd29ca0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\tbssvc.dll
0x000000003fd29f18 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mshta.exe
0x000000003fd2a6c8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dsound.dll
0x000000003fd2a950 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\p2phost.exe
0x000000003fd2ab00 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\glu32.dll
0x000000003fd2ad78 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\runas.exe
0x000000003fd2af80 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\adsnt.dll
0x000000003fd2b218 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\nlhtml.dll
0x000000003fd2b858 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dccw.exe
0x000000003fd2be88 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WinSAT.exe
0x000000003fd2c108 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\l2nacp.dll
0x000000003fd2c1c0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\tzutil.exe
0x000000003fd2c4b8 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mshtml.tlb
0x000000003fd2c570 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\scrrun.dll
0x000000003fd2ca70 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\wingding.ttf
0x000000003fd2cf10 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wshom.ocx
0x000000003fd2d1b0 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\puiapi.dll
0x000000003fd2d890 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\setupcl.exe
0x000000003fd2dab8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\prntvpt.dll
0x000000003fd2df10 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\Tabbtn.dll
0x000000003fd2e318 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\DFDWiz.exe
0x000000003fd2e968 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\pnrpsvc.dll
0x000000003fd2eb18 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\quartz.dll
0x000000003fd2ef80 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\usbperf.dll
0x000000003fd2f238 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wecsvc.dll
0x000000003fd2f428 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msobjs.dll
0x000000003fd2f7e0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WsmRes.dll
0x000000003fd2fa68 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rdpendp.dll
0x000000003fd2ff80 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\vdmdbg.dll
0x000000003fd30038 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\TabSvc.dll
0x000000003fd30370 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wersvc.dll
0x000000003fd30550 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\charmap.exe
0x000000003fd30bf0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\gpprefcl.dll
0x000000003fd30de0 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rasctrs.dll
0x000000003fd31038 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wpd_ci.dll
0x000000003fd31370 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\taskmgr.exe
0x000000003fd316e0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\efssvc.dll
0x000000003fd318a8 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mmcbase.dll
0x000000003fd31dc0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ocsetup.exe
0x000000003fd32360 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\fthsvc.dll
0x000000003fd32650 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\MFPlay.dll
0x000000003fd32bc0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\oleres.dll
0x000000003fd32f10 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\newdev.dll
0x000000003fd33178 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msvcp60.dll
0x000000003fd334d8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\AxInstSv.dll
0x000000003fd338b8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msvcr71.dll
0x000000003fd339d8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\IPSECSVC.DLL
0x000000003fd33be0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\energy.dll
0x000000003fd33dd0 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msdart.dll
0x000000003fd33f80 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dmutil.dll
0x000000003fd3c140 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\taskkill.exe
0x000000003fd3c618 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\fdeploy.dll
0x000000003fd3cd68 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cttune.exe
0x000000003fd3d348 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\efscore.dll
0x000000003fd3d6f8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\basecsp.dll
0x000000003fd3dac8 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\printui.dll
0x000000003fd3dea8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rtffilt.dll
0x000000003fd3e4b0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\duser.dll.mui
0x000000003fd3f1e8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\jsproxy.dll
0x000000003fd3f5a0 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dinput8.dll
0x000000003fd3f950 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mpg2splt.ax
0x000000003fd3fbc8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\McxDriv.dll
0x000000003fd3ff10 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\fdPHost.dll
0x000000003fd40038 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msiexec.exe
0x000000003fd40568 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\isoburn.exe
0x000000003fd40788 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\notepad.exe
0x000000003fd40938 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mstscax.dll
0x000000003fd40a50 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cabview.dll
0x000000003fd40d10 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\d3d8thk.dll
0x000000003fd413d8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\fontsub.dll
0x000000003fd41680 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msscntrs.dll
0x000000003fd41a30 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\whealogr.dll
0x000000003fd41de0 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mswstr10.dll
0x000000003fd42788 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wwansvc.dll
0x000000003fd42b38 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\connect.dll
0x000000003fd42eb8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\utildll.dll
0x000000003fd43038 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\acppage.dll
0x000000003fd43570 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\control.exe
0x000000003fd43850 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dot3svc.dll
0x000000003fd43ae8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\SCardSvr.dll
0x000000003fd43d38 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\Wwanadvui.dll
0x000000003fd44038 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\devenum.dll
0x000000003fd44330 8 0 R--rwd \Device\HarddiskVolume1\Users\wifi\Desktop\desktop.ini
0x000000003fd44650 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WUDFPlatform.dll
0x000000003fd44938 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\IMJP10K.DLL
0x000000003fd44ce8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\findstr.exe
0x000000003fd45218 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ListSvc.dll
0x000000003fd452e0 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msjter40.dll
0x000000003fd45638 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ifsutil.dll
0x000000003fd459e8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cscript.exe
0x000000003fd45ca0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\pcaevts.dll
0x000000003fd45f80 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\isoburn.exe
0x000000003fd46288 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\radarrs.dll
0x000000003fd468f0 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mssphtb.dll
0x000000003fd46b20 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\FntCache.dll
0x000000003fd46dd0 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\drvinst.exe
0x000000003fd47038 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msmpeg2adec.dll
0x000000003fd475f0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\RelPost.exe
0x000000003fd479a0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wevtfwd.dll
0x000000003fd47c30 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\IdListen.dll
0x000000003fd47f80 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mmcndmgr.dll
0x000000003fd481a8 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\CertPolEng.dll
0x000000003fd48568 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\MP3DMOD.DLL
0x000000003fd488b8 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\offfilt.dll
0x000000003fd48e20 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wiatrace.dll
0x000000003fd49198 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\perfctrs.dll
0x000000003fd49650 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rgb9rast.dll
0x000000003fd49908 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wlanpref.dll
0x000000003fd49cb8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\prflbmsg.dll
0x000000003fd4a038 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\TabbtnEx.dll
0x000000003fd4a0f0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\telephon.cpl
0x000000003fd4a438 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\RstrtMgr.dll
0x000000003fd4a718 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WMNetMgr.dll
0x000000003fd4b930 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dmdskres.dll
0x000000003fd4bce0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\osbaseln.dll
0x000000003fd4c0e0 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sysclass.dll
0x000000003fd4c5f0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\apilogen.dll
0x000000003fd4c768 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msjint40.dll
0x000000003fd4cb18 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dimsroam.dll
0x000000003fd4cea8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\setupugc.exe
0x000000003fd4d290 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\upnphost.dll
0x000000003fd4d7b0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wbiosrvc.dll
0x000000003fd4db60 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WerFault.exe
0x000000003fd4df10 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sdiagprv.dll
0x000000003fd512f0 1 1 R--r-d \Device\HarddiskVolume1\Windows\System32\en-US\imageres.dll.mui
0x000000003fd51888 1 0 RW-rwd \Device\HarddiskVolume1\$NonCachedIo
0x000000003fd519e0 8 0 R--rwd \Device\HarddiskVolume1\Users\Public\Downloads\desktop.ini
0x000000003fd51ba8 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fd51f80 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts
0x000000003fd52278 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\COLORCNV.DLL
0x000000003fd524e0 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wiaservc.dll
0x000000003fd52838 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\shwebsvc.dll
0x000000003fd52c38 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\riched20.dll
0x000000003fd52ea8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\opengl32.dll
0x000000003fd53158 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\auditcse.dll
0x000000003fd53508 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\tapiperf.dll
0x000000003fd538b8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\appidapi.dll
0x000000003fd53ea8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mciavi32.dll
0x000000003fd54288 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\MP4SDECD.DLL
0x000000003fd545a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\netevent.dll
0x000000003fd54908 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\BdeHdCfgLib.dll
0x000000003fd54be8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\DeviceUxRes.dll
0x000000003fd55250 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\colorcpl.exe
0x000000003fd557c0 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dmdskmgr.dll
0x000000003fd55a28 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\consent.exe
0x000000003fd55de0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\lpksetup.exe
0x000000003fd56290 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\eqossnap.dll
0x000000003fd56640 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\powercfg.cpl
0x000000003fd569c0 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\eventvwr.exe
0x000000003fd57390 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\DocumentPerformanceEvents.dll
0x000000003fd57508 3 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
0x000000003fd57a20 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003fd57ad8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\UIRibbon.dll
0x000000003fd58458 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\MSVidCtl.dll
0x000000003fd58808 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\pstorsvc.dll
0x000000003fd58ba8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cofiredm.dll
0x000000003fd59888 6 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
0x000000003fd59b38 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\PeerDistWSDDiscoProv.dll
0x000000003fd59f10 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\FDResPub.dll
0x000000003fd5a270 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sharemediacpl.dll
0x000000003fd5a3b0 3 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fd5a698 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dot3gpclnt.dll
0x000000003fd5a8c8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rdrleakdiag.exe
0x000000003fd5ac88 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msmpeg2vdec.dll
0x000000003fd5b038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\setupetw.dll
0x000000003fd5b210 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sdiagschd.dll
0x000000003fd5b4f8 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\localsec.dll
0x000000003fd5b818 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msjtes40.dll
0x000000003fd5bc58 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cour.ttf
0x000000003fd5c1d8 2 1 R--rwd \Device\HarddiskVolume1\Program Files
0x000000003fd5c498 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\Dxpserver.exe
0x000000003fd5c820 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\RESAMPLEDMO.DLL
0x000000003fd5ca78 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsData0009.dll
0x000000003fd5cb30 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\BlbEvents.dll
0x000000003fd5ce30 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\oobe\cmisetup.dll
0x000000003fd5d208 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\MSMPEG2ENC.DLL
0x000000003fd5d360 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\systemcpl.dll
0x000000003fd5d740 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dmdskres2.dll
0x000000003fd5ddb0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\IPBusEnum.dll
0x000000003fd5e500 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\oobe\winsetup.dll
0x000000003fd5ec30 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\oobe\audit.exe
0x000000003fd5ed48 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wbem\mofd.dll
0x000000003fd5f230 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\PerfCenterCPL.dll
0x000000003fd5f630 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\XInput9_1_0.dll
0x000000003fd60038 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\LocationNotifications.exe
0x000000003fd60278 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsData0021.dll
0x000000003fd604e8 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\oobe\msoobeui.dll
0x000000003fd60768 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\ActionQueue.dll
0x000000003fd60a78 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\EhStorAuthn.exe
0x000000003fd60e88 8 0 R--rwd \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
0x000000003fd610c8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mfreadwrite.dll
0x000000003fd61448 7 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Defender\MpOAV.dll
0x000000003fd61570 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\Magnification.dll
0x000000003fd61cb8 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\DxpTaskSync.dll
0x000000003fd626c8 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\oobe\windeploy.exe
0x000000003fd62a50 8 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Sidebar\settings.ini
0x000000003fd62d98 6 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\b60abb4d55eca3653eabdf59755edb47\Microsoft.ManagementConsole.ni.dll
0x000000003fd62f18 7 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low\index.dat
0x000000003fd631b0 7 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe
0x000000003fd63780 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\sysprep\sysprep.exe
0x000000003fd63b00 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\DShowRdpFilter.dll
0x000000003fd63f18 8 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
0x000000003fd641a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\PhotoMetadataHandler.dll
0x000000003fd645a0 3 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsLexicons0009.dll
0x000000003fd64a18 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\DXPTaskRingtone.dll
0x000000003fd64d78 5 0 R--rwd \Device\HarddiskVolume1\Program Files\Common Files\System\wab32.dll
0x000000003fd650e0 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WindowsCodecsExt.dll
0x000000003fd65558 4 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Photo Viewer\PhotoViewer.dll
0x000000003fd65758 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\browab.ttf
0x000000003fd659b0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\vgaoem.fon
0x000000003fd65f10 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\NlsLexicons0021.dll
0x000000003fd661b0 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\PortableDeviceSyncProvider.dll
0x000000003fd66428 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\PortableDeviceStatus.dll
0x000000003fd66740 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fd66a08 2 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\0d915f7bf4222a80a82947f9403a135d\MMCFxCommon.ni.dll
0x000000003fd66b78 3 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fd66ce8 5 0 R--rwd \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
0x000000003fd67230 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fd67380 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\microsoft-windows-hal-events.dll
0x000000003fd67690 2 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
0x000000003fd67bb0 4 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
0x000000003fd685f8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\PSEvents.dll
0x000000003fd68888 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012021071320210714\index.dat
0x000000003fd68b78 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\AuxiliaryDisplayServices.dll
0x000000003fd68f80 3 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fd69438 8 0 RW---- \Device\HarddiskVolume1\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
0x000000003fd69b10 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
0x000000003fd69dc0 8 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
0x000000003fd6b278 4 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
0x000000003fd6b748 6 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
0x000000003fd6bb20 7 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll
0x000000003fd6bf80 2 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\18e9b5737d21adaa24f1afce06f9aa29\MMCEx.ni.dll
0x000000003fd6c1a0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\rod.ttf
0x000000003fd6c7a8 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\kaiu.ttf
0x000000003fd6ccb0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cabinet.dll
0x000000003fd6d158 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\lvnm.ttf
0x000000003fd6d278 8 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\b2f5acd3061ea8f4e43272508954f2e1\TaskScheduler.ni.dll
0x000000003fd6d520 8 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\3dbe3053809fca6fa6cd7aff1c9f95e2\Microsoft.JScript.ni.dll
0x000000003fd6d7c8 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\trado.ttf
0x000000003fd6d980 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\latha.ttf
0x000000003fd6e038 3 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c299b012a3fe92ae56d60fe415f63fff\System.EnterpriseServices.Wrapper.dll
0x000000003fd6eac8 3 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fd6ed70 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fd6eeb8 8 0 R--rwd \Device\HarddiskVolume1\Users\wifi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
0x000000003fd6f178 2 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\9ca9f5185c776b36662d4dbc7226a812\MIGUIControls.ni.dll
0x000000003fd6f940 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\msyi.ttf
0x000000003fd6fd10 3 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
0x000000003fd70298 4 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\1b2eb08e8cf01e93ec0586dd2f61cd35\EventViewer.ni.dll
0x000000003fd70958 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\browa.ttf
0x000000003fd70f80 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\Shonar.ttf
0x000000003fd71720 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\framd.ttf
0x000000003fd719a0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcil.ttf
0x000000003fd71cb8 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\palab.ttf
0x000000003fd71f80 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\estre.ttf
0x000000003fd720d0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\gisha.ttf
0x000000003fd72418 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\angsa.ttf
0x000000003fd72700 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\mriam.ttf
0x000000003fd72c88 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upckb.ttf
0x000000003fd73148 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcli.ttf
0x000000003fd733d0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upckl.ttf
0x000000003fd73718 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcib.ttf
0x000000003fd73ad0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcji.ttf
0x000000003fd73ce0 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\raavi.ttf
0x000000003fd75038 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\aparaj.ttf
0x000000003fd75308 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\david.ttf
0x000000003fd75510 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\vrinda.ttf
0x000000003fd75980 8 0 R--rwd \Device\HarddiskVolume1\Windows\addins\FXSEXT.ecf
0x000000003fd75e50 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\frank.ttf
0x000000003fd76108 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcii.ttf
0x000000003fd76450 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcdi.ttf
0x000000003fd767a0 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\ebrima.ttf
0x000000003fd769b8 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\nyala.ttf
0x000000003fd76dd0 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\lucon.ttf
0x000000003fd76f80 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\comic.ttf
0x000000003fd77278 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\compmgmt.msc
0x000000003fd77420 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upclb.ttf
0x000000003fd77a58 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcjl.ttf
0x000000003fd77f80 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\palai.ttf
0x000000003fd78518 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcfb.ttf
0x000000003fd78808 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\vgasys.fon
0x000000003fd78c80 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcfl.ttf
0x000000003fd791b0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcjb.ttf
0x000000003fd795f8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\angsaz.ttf
0x000000003fd798f0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\impact.ttf
0x000000003fd79c68 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\pala.ttf
0x000000003fd79dd8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cordia.ttf
0x000000003fd7a288 7 0 R--rwd \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
0x000000003fd7a518 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wpdshext.dll
0x000000003fd7ac68 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcfi.ttf
0x000000003fd7af80 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcdb.ttf
0x000000003fd7b110 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\kokilai.ttf
0x000000003fd7b980 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\taile.ttf
0x000000003fd7bc98 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcel.ttf
0x000000003fd7bf80 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcki.ttf
0x000000003fd7c2f0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcdl.ttf
0x000000003fd7c6c8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\lvnmbd.ttf
0x000000003fd7c810 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upceb.ttf
0x000000003fd7c928 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\LaoUI.ttf
0x000000003fd7cc70 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\couri.ttf
0x000000003fd7cf18 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\Vanib.ttf
0x000000003fd7d190 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcei.ttf
0x000000003fd7d308 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\calibri.ttf
0x000000003fd7d560 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mshta.exe
0x000000003fd7d7a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\nrkis.ttf
0x000000003fd7dd38 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcll.ttf
0x000000003fd7df80 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\tunga.ttf
0x000000003fd7e268 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcjbi.ttf
0x000000003fd7e570 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\ntailu.ttf
0x000000003fd7e888 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\angsai.ttf
0x000000003fd7eb10 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upckbi.ttf
0x000000003fd7ed70 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\esrb.rs
0x000000003fd7ef18 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\LaoUIb.ttf
0x000000003fd7f4f0 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\simhei.ttf
0x000000003fd7f838 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\lathab.ttf
0x000000003fd7fa98 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcebi.ttf
0x000000003fd7fc10 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upclbi.ttf
0x000000003fd80138 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\l_10646.ttf
0x000000003fd80448 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\raavib.ttf
0x000000003fd80790 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\angsab.ttf
0x000000003fd80a50 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\kalingab.ttf
0x000000003fd80c38 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\kokila.ttf
0x000000003fd80f80 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\shruti.ttf
0x000000003fd812e0 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\utsaah.ttf
0x000000003fd81798 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\palabi.ttf
0x000000003fd81ae0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\browau.ttf
0x000000003fd81f18 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\vgafix.fon
0x000000003fd823b8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcdbi.ttf
0x000000003fd82700 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\courbi.ttf
0x000000003fd82c38 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\dosapp.fon
0x000000003fd82f80 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\ariblk.ttf
0x000000003fd83038 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\angsau.ttf
0x000000003fd83220 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\symbol.ttf
0x000000003fd834a0 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\simkai.ttf
0x000000003fd83758 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\browai.ttf
0x000000003fd83980 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\corbel.ttf
0x000000003fd83c80 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcfbi.ttf
0x000000003fd84358 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\plantc.ttf
0x000000003fd84920 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\mriamc.ttf
0x000000003fd84c68 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\andlso.ttf
0x000000003fd84f80 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\mangal.ttf
0x000000003fd85138 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\kokilabi.ttf
0x000000003fd85350 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wshom.ocx
0x000000003fd85598 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\tungab.ttf
0x000000003fd857d0 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\moolbor.ttf
0x000000003fd85a50 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\vijaya.ttf
0x000000003fd85d70 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\normnfd.nls
0x000000003fd85f18 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\browaz.ttf
0x000000003fd86280 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mmc.exe
0x000000003fd865c8 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\timesi.ttf
0x000000003fd86910 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\taileb.ttf
0x000000003fd86d00 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\Shonarb.ttf
0x000000003fd86f18 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\mvboli.ttf
0x000000003fd872a8 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cambria.ttc
0x000000003fd87510 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\kokilab.ttf
0x000000003fd87750 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\tradbdo.ttf
0x000000003fd879b0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\C_936.NLS
0x000000003fd87c38 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cordiai.ttf
0x000000003fd87ec0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\upcibi.ttf
0x000000003fd88178 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cordiab.ttf
0x000000003fd88530 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\browaui.ttf
0x000000003fd88878 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\georgia.ttf
0x000000003fd88bc0 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\Candara.ttf
0x000000003fd891c8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\timesbd.ttf
0x000000003fd89750 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\vijayab.ttf
0x000000003fd89a98 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\angsaub.ttf
0x000000003fd89f80 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\seguisb.ttf
0x000000003fd8a178 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\consola.ttf
0x000000003fd8a3b0 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\corbeli.ttf
0x000000003fd8a730 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\corbelz.ttf
0x000000003fd8aa30 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\ntailub.ttf
0x000000003fd8ac48 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\framdit.ttf
0x000000003fd8aeb8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\ahronbd.ttf
0x000000003fd8b2a8 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\majalla.ttf
0x000000003fd8b7c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\gishabd.ttf
0x000000003fd8bb08 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\shrutib.ttf
0x000000003fd8be50 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\gautami.ttf
0x000000003fd8c038 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\segoesc.ttf
0x000000003fd8c278 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\gautamib.ttf
0x000000003fd8c490 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\browauz.ttf
0x000000003fd8c7a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\angsauz.ttf
0x000000003fd8ca28 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\aparajb.ttf
0x000000003fd8ce50 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\arialbi.ttf
0x000000003fd8d390 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\runas.exe
0x000000003fd8d748 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\browaub.ttf
0x000000003fd8da90 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\KhmerUI.ttf
0x000000003fd8df18 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\simfang.ttf
0x000000003fd8e038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\IDStore.dll
0x000000003fd8e338 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dmdskmgr.dll
0x000000003fd8e628 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\consolaz.ttf
0x000000003fd8e8b8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\devmgr.dll
0x000000003fd8ead0 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\Candarai.ttf
0x000000003fd8ec60 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\phagspab.ttf
0x000000003fd8eda8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\localsec.dll
0x000000003fd8f3e0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cordiaz.ttf
0x000000003fd8fb08 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\segoepr.ttf
0x000000003fd8fe50 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\mangalb.ttf
0x000000003fd90358 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\sylfaen.ttf
0x000000003fd906a0 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\simpbdo.ttf
0x000000003fd90b08 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\constan.ttf
0x000000003fd90f80 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\phagspa.ttf
0x000000003fd915b0 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\vrindab.ttf
0x000000003fd918f8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cordiau.ttf
0x000000003fd91c10 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\davidbd.ttf
0x000000003fd91e48 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\segoescb.ttf
0x000000003fd92038 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\aparaji.ttf
0x000000003fd922d0 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\kartika.ttf
0x000000003fd92510 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\segoeprb.ttf
0x000000003fd92758 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mssvp.dll
0x000000003fd92a38 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\utsaahb.ttf
0x000000003fd92d80 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\iskpota.ttf
0x000000003fd933f8 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\corbelb.ttf
0x000000003fd936b0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\comicbd.ttf
0x000000003fd93990 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\segoeuil.ttf
0x000000003fd93c38 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\utsaahi.ttf
0x000000003fd93f80 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\simpfxo.ttf
0x000000003fd94328 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\apds.dll
0x000000003fd947c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\angsaui.ttf
0x000000003fd94a80 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\Candaraz.ttf
0x000000003fd94c98 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\kalinga.ttf
0x000000003fd94f80 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\timesbi.ttf
0x000000003fd950d8 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\constanb.ttf
0x000000003fd955b0 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\consolai.ttf
0x000000003fd95798 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\utsaahbi.ttf
0x000000003fd95ab8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\leelawdb.ttf
0x000000003fd95d40 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\himalaya.ttf
0x000000003fd95e28 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\seguisym.ttf
0x000000003fd96168 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\constanz.ttf
0x000000003fd964b0 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\consolab.ttf
0x000000003fd967f8 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\euphemia.ttf
0x000000003fd96ad0 3 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cambriai.ttf
0x000000003fd96d50 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\constani.ttf
0x000000003fd97380 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\pcaui.exe
0x000000003fd977c0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mfpmp.exe
0x000000003fd97b08 3 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\monbaiti.ttf
0x000000003fd97e50 3 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\arabtype.ttf
0x000000003fd982e8 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\calibrib.ttf
0x000000003fd98650 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\webdings.ttf
0x000000003fd98c68 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\segoeuiz.ttf
0x000000003fd98f80 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\daunpenh.ttf
0x000000003fd99038 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\xmllite.dll
0x000000003fd99b80 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\calibrii.ttf
0x000000003fd99ef0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mapisvc.inf
0x000000003fd9a730 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\iskpotab.ttf
0x000000003fd9aa48 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\kartikab.ttf
0x000000003fd9ae50 7 0 R--rwd \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
0x000000003fd9b4c0 7 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
0x000000003fd9bc98 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\dokchamp.ttf
0x000000003fd9bf80 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\calibriz.ttf
0x000000003fd9c610 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\trebucbi.ttf
0x000000003fd9c990 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\C_10000.NLS
0x000000003fd9cb78 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\aparajbi.ttf
0x000000003fd9ccf0 7 0 R--rwd \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
0x000000003fd9d440 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\trebucbd.ttf
0x000000003fd9d5e8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\activeds.tlb
0x000000003fd9da18 4 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cambriaz.ttf
0x000000003fd9dd68 2 0 -W---- \Device\HarddiskVolume1\Windows\System32\LogFiles\Scm\d1e8c2a7-1920-45d2-bde4-2363e217976a
0x000000003fd9df80 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\georgiai.ttf
0x000000003fd9e038 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\KhmerUIb.ttf
0x000000003fd9e248 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\georgiab.ttf
0x000000003fd9e4f0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wuapp.exe
0x000000003fd9e838 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\verdanaz.ttf
0x000000003fd9eb50 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\msuighur.ttf
0x000000003fd9ee10 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\normnfc.nls
0x000000003fd9f188 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\twext.dll
0x000000003fd9f380 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\control.exe
0x000000003fd9f660 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cordiaui.ttf
0x000000003fd9f9a8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\leelawad.ttf
0x000000003fd9fc50 2 0 R--rwd \Device\HarddiskVolume1\Windows\System32\mspaint.exe
0x000000003fd9ff10 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\segoeuii.ttf
0x000000003fda0278 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\Gabriola.ttf
0x000000003fda0750 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cordiauz.ttf
0x000000003fda0ac8 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cordiaub.ttf
0x000000003fda0d50 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\ebrimabd.ttf
0x000000003fda0f10 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\cscript.exe
0x000000003fda14a8 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\georgiaz.ttf
0x000000003fda17f0 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\Candarab.ttf
0x000000003fda1b38 5 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\cambriab.ttf
0x000000003fda1e50 7 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\verdanai.ttf
0x000000003fda2038 6 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\majallab.ttf
0x000000003fda2200 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\eventvwr.exe
0x000000003fda2a90 8 0 R--rwd \Device\HarddiskVolume1\Windows\Fonts\trebucit.ttf
0x000000003fda2c38 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\audiodev.dll
0x000000003fda32c0 2 1 R--rwd \Device\CdRom0\
0x000000003fda3418 8 0 R--r-- \Device\HarddiskVolume1\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
0x000000003fda34d0 11 0 R--rwd \Device\HarddiskVolume1\Program Files\7-Zip\7z.dll
0x000000003fda3950 6 0 R--rwd \Device\HarddiskVolume1\Windows\System32\eventvwr.msc
0x000000003fda3c68 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msacm32.dll
0x000000003fda4480 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\midimap.dll
0x000000003fda4708 8 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows NT\Accessories\wordpad.exe
0x000000003fda49e0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\rdrleakdiag.exe
0x000000003fda4c68 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msshavmsg.dll
0x000000003fda4e80 7 0 R--rwd \Device\HarddiskVolume1\Windows\System32\verclsid.exe
0x000000003fda54b8 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fda5d20 8 0 R--rwd \Device\HarddiskVolume1\Program Files\Windows Photo Viewer\PhotoViewer.dll
0x000000003fda68f8 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntexe.cat
0x000000003fda6ed0 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fda7038 2 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\config\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms
0x000000003fda7478 3 0 R--r-d \Device\HarddiskVolume1\Windows\ehome\ehres.dll
0x000000003fda7600 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msimg32.dll
0x000000003fda77e0 8 0 R--rwd \Device\HarddiskVolume1\Program Files\Internet Explorer\IEShims.dll
0x000000003fda7b08 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msutb.dll
0x000000003fda7c60 3 0 RW---- \Device\HarddiskVolume1\Windows\Prefetch\AgGlGlobalHistory.db
0x000000003fda8520 16 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRNSFZZV\7z1900[1].exe
0x000000003fda8618 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\SensApi.dll
0x000000003fda8710 2 1 RW-r-- \Device\HarddiskVolume1\Windows\System32\config\TxR\{6cced300-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms
0x000000003fda8be8 2 1 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces
0x000000003fda99b8 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fda9b80 2 1 R--rwd \Device\HarddiskVolume1\Users\Public\Desktop
0x000000003fda9d48 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\QAGENTRT.DLL
0x000000003fda9f10 8 0 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk
0x000000003fdae298 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003fdae4d0 8 0 R--r-- \Device\HarddiskVolume1\Program Files\7-Zip\Lang\zh-cn.txt
0x000000003fdae698 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fdae8b8 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth 文件传送.LNK
0x000000003fdaebb0 1 1 R--r-- \Device\HarddiskVolume1\Windows\Registration\R000000000006.clb
0x000000003fdaecb0 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk
0x000000003fdaeed0 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\acppage.dll
0x000000003fdaf380 2 0 R--r-d \Device\HarddiskVolume1\Users\admin\Searches\Indexed Locations.search-ms
0x000000003fdafc28 8 0 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
0x000000003fdafe58 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fdb08e8 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Libraries
0x000000003fdb0b60 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\msacm32.drv
0x000000003fdb1038 2 0 R--rwd \Device\HarddiskVolume1\Users\Public\Libraries\desktop.ini
0x000000003fdb1250 8 0 RW---- \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{8C673759-E730-11EB-85F1-94E70BB14E54}.dat
0x000000003fdb1470 1 1 ------ \Device\NamedPipe\MsFteWds
0x000000003fdb1898 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
0x000000003fdb1a60 1 1 R--rw- \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
0x000000003fdb1b20 1 1 RW-rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
0x000000003fdb1e70 9 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fdb2380 8 0 R--rwd \Device\HarddiskVolume1\Users\Public\Pictures\Sample Pictures\desktop.ini
0x000000003fdb2578 8 0 R--rw- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
0x000000003fdb2858 1 1 R--r-d \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat
0x000000003fdb29a0 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
0x000000003fdb2b08 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\wermgr.exe
0x000000003fdb2bc0 8 0 R--r-- \Device\HarddiskVolume1\Windows\ehome\ehshell.exe
0x000000003fdb2e18 8 0 R--r-d \Device\HarddiskVolume1\Windows\ehome\ehshell.exe.config
0x000000003fdb2f80 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf
0x000000003fdb3170 2 1 R--rwd \Device\HarddiskVolume1\
0x000000003fdb4638 7 0 RW-r-- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\28c8b86deab549a1.automaticDestinations-ms
0x000000003fdb4858 8 0 R--rwd \Device\HarddiskVolume1\Windows\Media\Windows User Account Control.wav
0x000000003fdbd930 2 1 R--rwd \Device\HarddiskVolume1\Users\admin\AppData\Local\Microsoft\Windows\Burn\Burn
0x000000003fdc0930 2 1 R--rwd \Device\HarddiskVolume1\Users\Public\Desktop
0x000000003fdc0a10 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\zh-CN\ipconfig.exe.mui
0x000000003fdc0b68 2 1 ------ \Device\NamedPipe\wkssvc
0x000000003fdc0dc0 15 0 R--rwd \Device\HarddiskVolume1\Windows\System32\shpafact.dll
0x000000003fdc3330 8 0 R----- \Device\HarddiskVolume1\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf
0x000000003fdc3688 8 0 R--rwd \Device\HarddiskVolume1\Users\Public\Recorded TV\Sample Media\desktop.ini
0x000000003fdc38c8 2 0 -W-rwd \Device\HarddiskVolume1\Program Files\My_Wifi.zip\Temp\vmware-admin\VMwareDnD\2a1221c7\My_Wifi.zip
0x000000003fdc3be8 8 0 R--rw- \Device\HarddiskVolume1\Windows\Media\Windows Information Bar.wav
0x000000003fdc3e40 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
0x000000003fdc6248 3 0 RW---- \Device\HarddiskVolume1\Windows\Prefetch\AgGlFgAppHistory.db
0x000000003fdc8f10 2 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003fde53a0 1 1 R--rw- \Device\HarddiskVolume1\Windows
0x000000003ff07038 9 1 R--r-d \Device\HarddiskVolume1\Windows\System32\zh-CN\win32k.sys.mui
0x000000003ff072d0 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\cga40woa.fon
0x000000003ff0b038 5 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ff0f910 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\netjoin.dll
0x000000003ff10118 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\CodeIntegrity\driver.stl
0x000000003ff13038 8 0 R--r-- \Device\HarddiskVolume1\Windows\Fonts\simsun.ttc
0x000000003ff132c8 6 0 RW-rwd \Device\HarddiskVolume1\$Directory
0x000000003ff13a28 7 0 R--r-d \Device\HarddiskVolume1\Windows\System32\drivers\monitor.sys
0x000000003ff221d8 8 0 R--r-- \Device\HarddiskVolume1\Windows\System32\DriverStore\en-US\faxcn002.inf_loc
0x000000003ff228a0 8 0 R--rw- \Device\HarddiskVolume1\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
0x000000003ff23988 2 1 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\Start Menu
0x000000003ff25390 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dxtrans.dll
0x000000003ff25dc0 8 0 R--rwd \Device\HarddiskVolume1\Windows\System32\dnsapi.dll
0x000000003ff25f80 4 0 R--rwd \Device\HarddiskVolume1\Windows\System32\spp.dll
0x000000003ff26448 8 0 R--r-- \Device\HarddiskVolume1\Windows\Prefetch\PfSvPerfStats.bin
0x000000003ff26f18 10 0 -W---- \Device\HarddiskVolume1\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_80072efe_eed54846deb8b3ece27f3b18d37b7066c8c31be_0baff46c\Report.wer
0x000000003ff28488 6 0 R--r-d \Device\HarddiskVolume1\Windows\System32\netsh.exe
0x000000003ff28e20 5 0 R--rwd \Device\HarddiskVolume1\Windows\System32\qmgr.dll
0x000000003ff79f80 1 1 RW-r-d \Device\HarddiskVolume1\Windows\System32\Msdtc\Trace\dtctrace.log
0x000000003ff7ff80 6 0 R--r-- \Device\HarddiskVolume1\Windows\System32\FNTCACHE.DAT
0x000000003ff89c30 10 0 RW-rwd \Device\HarddiskVolume1\$Directory
根据题目提示查找zip,找到一条数据
0x000000003fdc38c8 2 0 -W-rwd \Device\HarddiskVolume1\Program Files\My_Wifi.zip\Temp\vmware-admin\VMwareDnD\2a1221c7\My_Wifi.zip
提取文件 volatility -f 'Windows 7-dde00fa9.vmem' --profile=Win7SP1x86_23418 dumpfiles -Q 0x000000003fdc38c8 --dump-dir=./
重命名为My_Wifi.zip,打开压缩包发现又密码,注意到zip备注提示密码是网卡的GUID值,因此我们在上面的文件夹搜索interface,找到
0x000000003fa921c8 2 1 R--rwd \Device\HarddiskVolume1\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\{529B7D2A-05D1-4F21-A001-8F4FF817FC3A},因此密码就是{529B7D2A-05D1-4F21-A001-8F4FF817FC3A},解密后发现wifi密码和ssid是 233@114514_qwe
解密文件 客户端.cap,
配置好密码和wifi,此时wifi流量已经解密,我们导出http对象,保存全部文件
打开最后一个加密流量文件,要想解密要分析另外一个数据包 服务器.pcapng
打开服务器.pcapng导出http对象
将pass的值解密,先url解码在反转在base64解码就是明文,
我们可以知道这是哥斯拉流量,他的加密方式是xor_base64,流量密码是
$pass='pass';
$key='3c6e0b8a9c15224a';
因此编写流量解密php脚本
<?php
function encode($D,$K){
for($i=0;$i<strlen($D);$i++){
$c = $K[$i+1&15];
$D[$i] = $D[$i]^$c;
}
return $D;
}
$pass='pass';
$payloadName='payload';
$key='3c6e0b8a9c15224a';
echo gzdecode(encode(base64_decode('填写加密流量,注意去除前后16个字符字符字符'),$key));
?>
可以使用phpstudy一键web环境搭建,写好php脚本,在用浏览器访问执行一下,
flag:
flag{5db5b7b0bb74babb66e1522f3a6b1b12}
