************* Preparing the environment for Debugger Extensions Gallery repositories ************** ExtensionRepository : Implicit UseExperimentalFeatureForNugetShare : true AllowNugetExeUpdate : true NonInteractiveNuget : true AllowNugetMSCredentialProviderInstall : true AllowParallelInitializationOfLocalRepositories : true EnableRedirectToV8JsProvider : false -- Configuring repositories ----> Repository : LocalInstalled, Enabled: true ----> Repository : UserExtensions, Enabled: true >>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds ************* Waiting for Debugger Extensions Gallery to Initialize ************** >>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds ----> Repository : UserExtensions, Enabled: true, Packages count: 0 ----> Repository : LocalInstalled, Enabled: true, Packages count: 29 Microsoft (R) Windows Debugger Version 10.0.26100.1 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\SAPDevelop\SAP\B1Cloud\sld\lsass01.dmp] Comment: ' *** "U:\Downloads\procdump64.exe" -accepteula -mp lsass.exe c:\lsa-dumps\lsass01.dmp -e 1 -n 20 *** First chance exception: C0000005.ACCESS_VIOLATION' User Mini Dump File: Only registers, stack and portions of memory are available Symbol search path is: srv* Executable search path is: Windows 10 Version 17763 MP (8 procs) Free x64 Product: Server, suite: TerminalServer SingleUserTS Edition build lab: 17763.1.amd64fre.rs5_release.180914-1434 Debug session time: Thu May 30 11:26:25.000 2024 (UTC + 2:00) System Uptime: not available Process Uptime: 0 days 0:03:04.000 ................................................................ ...................... Loading unloaded module list ..... This dump file has an exception of interest stored in it. The stored exception information can be accessed via .ecxr. (338.374): Access violation - code c0000005 (first/second chance not available) For analysis of this file, run !analyze -v ----- User Mini Dump Analysis MINIDUMP_HEADER: Version A793 (A063) NumberOfStreams 19 Flags 00469925 00000001 MiniDumpWithDataSegs 00000004 MiniDumpWithHandleData 00000020 MiniDumpWithUnloadedModules 00000100 MiniDumpWithProcessThreadData 00000800 MiniDumpWithFullMemoryInfo 00001000 MiniDumpWithThreadInfo 00008000 MiniDumpWithFullAuxiliaryState 00020000 MiniDumpIgnoreInaccessibleMemory 00040000 MiniDumpWithTokenInformation 00400000 MiniDumpWithIptTrace Streams: Stream 0: type ThreadListStream (3), size 000002A4, RVA 00000738 14 threads RVA 0000073C, ID 354, Teb:000000FE6FD48000 RVA 0000076C, ID 368, Teb:000000FE6FD4E000 RVA 0000079C, ID 36C, Teb:000000FE6FD50000 RVA 000007CC, ID 370, Teb:000000FE6FD52000 RVA 000007FC, ID 374, Teb:000000FE6FD54000 RVA 0000082C, ID B1C, Teb:000000FE6FD68000 RVA 0000085C, ID B70, Teb:000000FE6FD6C000 RVA 0000088C, ID C38, Teb:000000FE6FD72000 RVA 000008BC, ID EDC, Teb:000000FE6FD76000 RVA 000008EC, ID 13F4, Teb:000000FE6FD7C000 RVA 0000091C, ID 2080, Teb:000000FE6FD84000 RVA 0000094C, ID 21C8, Teb:000000FE6FD86000 RVA 0000097C, ID F7C, Teb:000000FE6FD88000 RVA 000009AC, ID 6E8, Teb:000000FE6FD8A000 Stream 1: type ThreadInfoListStream (17), size 0000038C, RVA 000009DC RVA 000009E8, ID 354 RVA 00000A28, ID 368 RVA 00000A68, ID 36C RVA 00000AA8, ID 370 RVA 00000AE8, ID 374 RVA 00000B28, ID B1C RVA 00000B68, ID B70 RVA 00000BA8, ID C38 RVA 00000BE8, ID EDC RVA 00000C28, ID 13F4 RVA 00000C68, ID 2080 RVA 00000CA8, ID 21C8 RVA 00000CE8, ID F7C RVA 00000D28, ID 6E8 Stream 2: type ModuleListStream (4), size 0000244C, RVA 00000D68 86 modules RVA 00000D6C, 00007ff6`53740000 - 00007ff6`53751000: 'C:\Windows\System32\lsass.exe', DllCharacteristics: c160, Timestamp: cda34c13, CheckSum: 13bbd RVA 00000DD8, 00007ffb`09760000 - 00007ffb`0994e000: 'C:\Windows\System32\ntdll.dll', DllCharacteristics: 4160, Timestamp: fb111856, CheckSum: 1f3955 RVA 00000E44, 00007ffb`08db0000 - 00007ffb`08e63000: 'C:\Windows\System32\kernel32.dll', DllCharacteristics: 4160, Timestamp: 6794ffe1, CheckSum: bdf4f RVA 00000EB0, 00007ffb`05ac0000 - 00007ffb`05d5d000: 'C:\Windows\System32\KERNELBASE.dll', DllCharacteristics: 4160, Timestamp: af5c8902, CheckSum: 2a775b RVA 00000F1C, 00007ffb`093b0000 - 00007ffb`094c8000: 'C:\Windows\System32\rpcrt4.dll', DllCharacteristics: 4160, Timestamp: e9d9ddeb, CheckSum: 124468 RVA 00000F88, 00007ffb`05300000 - 00007ffb`054a9000: 'C:\Windows\System32\lsasrv.dll', DllCharacteristics: 4160, Timestamp: 8e1e4461, CheckSum: 1a5e07 RVA 00000FF4, 00007ffb`08b70000 - 00007ffb`08c0e000: 'C:\Windows\System32\msvcrt.dll', DllCharacteristics: 4160, Timestamp: f362c2f9, CheckSum: 9ebcc RVA 00001060, 00007ffb`094d0000 - 00007ffb`0953d000: 'C:\Windows\System32\ws2_32.dll', DllCharacteristics: 4160, Timestamp: 62949a01, CheckSum: 6f7f6 RVA 000010CC, 00007ffb`05610000 - 00007ffb`0563f000: 'C:\Windows\System32\sspicli.dll', DllCharacteristics: 4160, Timestamp: 7aa10efe, CheckSum: 381e4 RVA 00001138, 00007ffb`08210000 - 00007ffb`082b2000: 'C:\Windows\System32\sechost.dll', DllCharacteristics: 4160, Timestamp: 1587400f, CheckSum: b004d RVA 000011A4, 00007ffb`06860000 - 00007ffb`06886000: 'C:\Windows\System32\bcrypt.dll', DllCharacteristics: 41e0, Timestamp: b9ef855b, CheckSum: 28d99 RVA 00001210, 00007ffb`085f0000 - 00007ffb`08650000: 'C:\Windows\System32\Wldap32.dll', DllCharacteristics: 4160, Timestamp: 3a7a5fce, CheckSum: 5c732 RVA 0000127C, 00007ffb`05960000 - 00007ffb`05a5a000: 'C:\Windows\System32\ucrtbase.dll', DllCharacteristics: 4160, Timestamp: 48ac8393, CheckSum: 10252d RVA 000012E8, 00007ffb`05730000 - 00007ffb`05742000: 'C:\Windows\System32\msasn1.dll', DllCharacteristics: 4160, Timestamp: df1ac373, CheckSum: 12d1c RVA 00001354, 00007ffb`05200000 - 00007ffb`052f7000: 'C:\Windows\System32\samsrv.dll', DllCharacteristics: 4160, Timestamp: b88d5882, CheckSum: fcf5c RVA 000013C0, 00007ffb`05d60000 - 00007ffb`05f5e000: 'C:\Windows\System32\crypt32.dll', DllCharacteristics: 4160, Timestamp: 55f0c90e, CheckSum: 208ca2 RVA 0000142C, 00007ffb`051d0000 - 00007ffb`051fc000: 'C:\Windows\System32\ncrypt.dll', DllCharacteristics: 4160, Timestamp: 3e6e2fc9, CheckSum: 2a8c1 RVA 00001498, 00007ffb`05190000 - 00007ffb`051cc000: 'C:\Windows\System32\ntasn1.dll', DllCharacteristics: 4160, Timestamp: 6f58dff3, CheckSum: 4318b RVA 00001504, 00007ffb`05160000 - 00007ffb`05189000: 'C:\Windows\System32\wldp.dll', DllCharacteristics: 4160, Timestamp: 6297d356, CheckSum: 2fb47 RVA 00001570, 00007ffb`082c0000 - 00007ffb`085eb000: 'C:\Windows\System32\combase.dll', DllCharacteristics: 4160, Timestamp: e64b4fc6, CheckSum: 33836a RVA 000015DC, 00007ffb`058d0000 - 00007ffb`05952000: 'C:\Windows\System32\bcryptPrimitives.dll', DllCharacteristics: 41e0, Timestamp: c310ed30, CheckSum: 8e350 RVA 00001648, 00007ffb`05a60000 - 00007ffb`05ac0000: 'C:\Windows\System32\wintrust.dll', DllCharacteristics: 4160, Timestamp: 96b900ee, CheckSum: 64b54 RVA 000016B4, 00007ffb`06a50000 - 00007ffb`06b14000: 'C:\Windows\System32\oleaut32.dll', DllCharacteristics: 4160, Timestamp: 4c3f3958, CheckSum: d1040 RVA 00001720, 00007ffb`068e0000 - 00007ffb`06980000: 'C:\Windows\System32\msvcp_win.dll', DllCharacteristics: 4160, Timestamp: 448f33c2, CheckSum: a22bb RVA 0000178C, 000001fe`890f0000 - 000001fe`890f3000: 'C:\Windows\System32\msprivs.dll', DllCharacteristics: 160, Timestamp: 72d1a356, CheckSum: b901 RVA 000017F8, 00007ffb`05140000 - 00007ffb`05155000: 'C:\Windows\System32\netprovfw.dll', DllCharacteristics: 4160, Timestamp: 70dd05fe, CheckSum: 16e8e RVA 00001864, 00007ffb`05110000 - 00007ffb`0513b000: 'C:\Windows\System32\joinutil.dll', DllCharacteristics: 4160, Timestamp: b8f305b2, CheckSum: 2eb88 RVA 000018D0, 00007ffb`050e0000 - 00007ffb`05105000: 'C:\Windows\System32\negoexts.dll', DllCharacteristics: 4160, Timestamp: 77510857, CheckSum: 1fe11 RVA 0000193C, 00007ffb`058b0000 - 00007ffb`058cb000: 'C:\Windows\System32\cryptsp.dll', DllCharacteristics: 4160, Timestamp: c4976510, CheckSum: 23c11 RVA 000019A8, 00007ffb`050d0000 - 00007ffb`050dc000: 'C:\Windows\System32\CRYPTBASE.dll', DllCharacteristics: 4160, Timestamp: 210d2d73, CheckSum: d582 RVA 00001A14, 00007ffb`04fc0000 - 00007ffb`050ca000: 'C:\Windows\System32\kerberos.dll', DllCharacteristics: 4160, Timestamp: 916a6f0e, CheckSum: 108b66 RVA 00001A80, 00007ffb`04f90000 - 00007ffb`04fb9000: 'C:\Windows\System32\KerbClientShared.dll', DllCharacteristics: 4160, Timestamp: df9e7c35, CheckSum: 2c0f3 RVA 00001AEC, 00007ffb`04f70000 - 00007ffb`04f85000: 'C:\Windows\System32\cryptdll.dll', DllCharacteristics: 4160, Timestamp: aa991933, CheckSum: 195a3 RVA 00001B58, 00007ffb`04f00000 - 00007ffb`04f67000: 'C:\Windows\System32\mswsock.dll', DllCharacteristics: 4160, Timestamp: 72315049, CheckSum: 6d5d7 RVA 00001BC4, 00007ffb`04e80000 - 00007ffb`04efb000: 'C:\Windows\System32\msv1_0.dll', DllCharacteristics: 4160, Timestamp: 4653da7, CheckSum: 81838 RVA 00001C30, 00007ffb`04e70000 - 00007ffb`04e7d000: 'C:\Windows\System32\NtlmShared.dll', DllCharacteristics: 4160, Timestamp: f5e8db6c, CheckSum: 10575 RVA 00001C9C, 00007ffb`08e80000 - 00007ffb`08f28000: 'C:\Windows\System32\advapi32.dll', DllCharacteristics: 4160, Timestamp: 1e5a630d, CheckSum: a8225 RVA 00001D08, 00007ffb`04d80000 - 00007ffb`04e64000: 'C:\Windows\System32\netlogon.dll', DllCharacteristics: 4160, Timestamp: cae8ffd1, CheckSum: ecbd1 RVA 00001D74, 00007ffb`05780000 - 00007ffb`057dd000: 'C:\Windows\System32\powrprof.dll', DllCharacteristics: 4160, Timestamp: 8941f3e3, CheckSum: 6167d RVA 00001DE0, 00007ffb`05640000 - 00007ffb`05669000: 'C:\Windows\System32\userenv.dll', DllCharacteristics: 4160, Timestamp: 5ed587f2, CheckSum: 2b867 RVA 00001E4C, 00007ffb`05750000 - 00007ffb`05773000: 'C:\Windows\System32\profapi.dll', DllCharacteristics: 4160, Timestamp: a5322be2, CheckSum: 26188 RVA 00001EB8, 00007ffb`04d70000 - 00007ffb`04d7e000: 'C:\Windows\System32\gmsaclient.dll', DllCharacteristics: 4160, Timestamp: 4caec546, CheckSum: b8e0 RVA 00001F24, 00007ffb`04d20000 - 00007ffb`04d61000: 'C:\Windows\System32\logoncli.dll', DllCharacteristics: 4160, Timestamp: b78a438b, CheckSum: 44505 RVA 00001F90, 00007ffb`04d10000 - 00007ffb`04d1e000: 'C:\Windows\System32\netutils.dll', DllCharacteristics: 4160, Timestamp: a7c61208, CheckSum: 150b8 RVA 00001FFC, 00007ffb`04c40000 - 00007ffb`04d06000: 'C:\Windows\System32\dnsapi.dll', DllCharacteristics: 4160, Timestamp: 1d050018, CheckSum: d1947 RVA 00002068, 00007ffb`08200000 - 00007ffb`08208000: 'C:\Windows\System32\nsi.dll', DllCharacteristics: 4160, Timestamp: d1d5626a, CheckSum: 132ef RVA 000020D4, 00007ffb`04c00000 - 00007ffb`04c3d000: 'C:\Windows\System32\IPHLPAPI.DLL', DllCharacteristics: 4160, Timestamp: a82bcfd6, CheckSum: 3ff79 RVA 00002140, 00007ffb`04bd0000 - 00007ffb`04bfa000: 'C:\Windows\System32\TSpkg.dll', DllCharacteristics: 4160, Timestamp: 7ae99d5d, CheckSum: 2c89a RVA 000021AC, 00007ffb`04b80000 - 00007ffb`04bc4000: 'C:\Windows\System32\pku2u.dll', DllCharacteristics: 4160, Timestamp: c59d7209, CheckSum: 45adc RVA 00002218, 00007ffb`04b00000 - 00007ffb`04b7e000: 'C:\Windows\System32\cloudAP.dll', DllCharacteristics: 4160, Timestamp: 26d7a762, CheckSum: 87137 RVA 00002284, 00007ffb`04ab0000 - 00007ffb`04af8000: 'C:\Windows\System32\MicrosoftAccountCloudAP.dll', DllCharacteristics: 41e0, Timestamp: a05fb911, CheckSum: 4a52e RVA 000022F0, 00007ffb`05500000 - 00007ffb`0550a000: 'C:\Windows\System32\dpapi.dll', DllCharacteristics: 4160, Timestamp: 8735b5a3, CheckSum: 10aa1 RVA 0000235C, 00007ffb`04a70000 - 00007ffb`04aa3000: 'C:\Windows\System32\rsaenh.dll', DllCharacteristics: 41e0, Timestamp: 4c770ac1, CheckSum: 3a22c RVA 000023C8, 00007ffb`04a20000 - 00007ffb`04a68000: 'C:\Windows\System32\wdigest.dll', DllCharacteristics: 4160, Timestamp: cf0d8ff6, CheckSum: 4cfca RVA 00002434, 00007ffb`04990000 - 00007ffb`04a1c000: 'C:\Windows\System32\schannel.dll', DllCharacteristics: 4160, Timestamp: 60ca7d33, CheckSum: 8aa40 RVA 000024A0, 00007ffb`04970000 - 00007ffb`0498e000: 'C:\Windows\System32\efslsaext.dll', DllCharacteristics: 4160, Timestamp: 132a31c9, CheckSum: 2695e RVA 0000250C, 00007ffb`06980000 - 00007ffb`06a27000: 'C:\Windows\System32\SHCore.dll', DllCharacteristics: 4160, Timestamp: 6d28fbf1, CheckSum: b5b74 RVA 00002578, 00007ffb`04930000 - 00007ffb`04970000: 'C:\Windows\System32\dpapisrv.dll', DllCharacteristics: 4160, Timestamp: 5c735aa9, CheckSum: 48eef RVA 000025E4, 00007ffb`04920000 - 00007ffb`0492c000: 'C:\Windows\System32\sspisrv.dll', DllCharacteristics: 4160, Timestamp: c9a01a51, CheckSum: 13a74 RVA 00002650, 00007ffb`04880000 - 00007ffb`0488c000: 'C:\Windows\System32\kdcpw.dll', DllCharacteristics: 4160, Timestamp: b4dc8f44, CheckSum: c8ea RVA 000026BC, 00007ffb`04820000 - 00007ffb`0482c000: 'C:\Windows\System32\rassfm.dll', DllCharacteristics: 4160, Timestamp: d700e80, CheckSum: d008 RVA 00002728, 00007ffb`047c0000 - 00007ffb`04814000: 'C:\Windows\System32\scecli.dll', DllCharacteristics: 4160, Timestamp: 7d047e4c, CheckSum: 5201d RVA 00002794, 00007ffb`04740000 - 00007ffb`0478d000: 'C:\Windows\System32\laps.dll', DllCharacteristics: 4160, Timestamp: edaf1d16, CheckSum: 50d48 RVA 00002800, 00007ffb`04710000 - 00007ffb`04736000: 'C:\Windows\System32\srvcli.dll', DllCharacteristics: 4160, Timestamp: 2342cf79, CheckSum: 26a3e RVA 0000286C, 00007ffb`055b0000 - 00007ffb`05608000: 'C:\Windows\System32\winsta.dll', DllCharacteristics: 4160, Timestamp: d1e21847, CheckSum: 5a148 RVA 000028D8, 00007ffb`04650000 - 00007ffb`04710000: 'C:\Windows\System32\dsreg.dll', DllCharacteristics: 4160, Timestamp: 159dfcb4, CheckSum: c7afd RVA 00002944, 00007ffb`045c0000 - 00007ffb`0464a000: 'C:\Windows\System32\msvcp110_win.dll', DllCharacteristics: 4160, Timestamp: d4b73854, CheckSum: 9627b RVA 000029B0, 00007ffb`04590000 - 00007ffb`045b2000: 'C:\Windows\System32\gpapi.dll', DllCharacteristics: 4160, Timestamp: eb528359, CheckSum: 2fa6f RVA 00002A1C, 00007ffa`fba90000 - 00007ffa`fba9c000: 'C:\Windows\System32\secur32.dll', DllCharacteristics: 4160, Timestamp: 33ea9baa, CheckSum: 6f30 RVA 00002A88, 00007ffb`04830000 - 00007ffb`0487d000: 'C:\Windows\System32\authz.dll', DllCharacteristics: 4160, Timestamp: 85dbf71, CheckSum: 4cdce RVA 00002AF4, 00007ffa`ff8e0000 - 00007ffa`ff8ea000: 'C:\Windows\System32\rasadhlp.dll', DllCharacteristics: 4160, Timestamp: 389781ac, CheckSum: ec91 RVA 00002B60, 00007ffb`02590000 - 00007ffb`02609000: 'C:\Windows\System32\FWPUCLNT.DLL', DllCharacteristics: 4160, Timestamp: 7899ac3a, CheckSum: 7a89d RVA 00002BCC, 00007ffa`feb50000 - 00007ffa`feb5d000: 'C:\Windows\System32\dsparse.dll', DllCharacteristics: 4160, Timestamp: bf63185f, CheckSum: c21e RVA 00002C38, 00007ffa`f6740000 - 00007ffa`f6770000: 'C:\Windows\System32\winbrand.dll', DllCharacteristics: 4160, Timestamp: 3e00fc58, CheckSum: 2fb1e RVA 00002CA4, 00007ffa`fbaa0000 - 00007ffa`fbac8000: 'C:\Windows\System32\ntdsapi.dll', DllCharacteristics: 4160, Timestamp: 40893de8, CheckSum: 29042 RVA 00002D10, 00007ffa`f3ee0000 - 00007ffa`f3f04000: 'C:\Windows\System32\ncryptsslp.dll', DllCharacteristics: 41e0, Timestamp: de0cb437, CheckSum: 2d1ce RVA 00002D7C, 00007ffa`f3e60000 - 00007ffa`f3eba000: 'C:\Windows\System32\ncryptprov.dll', DllCharacteristics: 4160, Timestamp: b999fef9, CheckSum: 5c8d4 RVA 00002DE8, 00007ffa`f2f00000 - 00007ffa`f2f27000: 'C:\Windows\System32\dssenh.dll', DllCharacteristics: 41e0, Timestamp: 2b549223, CheckSum: 27ccc RVA 00002E54, 00007ffa`f3a90000 - 00007ffa`f3aa5000: 'C:\Windows\System32\mskeyprotect.dll', DllCharacteristics: 4160, Timestamp: c6201f7d, CheckSum: 19314 RVA 00002EC0, 00007ffa`f24c0000 - 00007ffa`f24fd000: 'C:\Windows\System32\SecureTimeAggregator.dll', DllCharacteristics: 4160, Timestamp: 22809471, CheckSum: 35f2d RVA 00002F2C, 00007ffb`036d0000 - 00007ffb`036da000: 'C:\Windows\System32\dsrole.dll', DllCharacteristics: 4160, Timestamp: 5b81fd8a, CheckSum: 15212 RVA 00002F98, 00007ffa`f5ae0000 - 00007ffa`f5b0f000: 'C:\Windows\System32\cryptnet.dll', DllCharacteristics: 4160, Timestamp: 6267df0, CheckSum: 34527 RVA 00003004, 00007ffb`05710000 - 00007ffb`05721000: 'C:\Windows\System32\kernel.appcore.dll', DllCharacteristics: 4160, Timestamp: be88784d, CheckSum: 1c039 RVA 00003070, 00007ffb`023f0000 - 00007ffb`02455000: 'C:\Windows\System32\wevtapi.dll', DllCharacteristics: 4160, Timestamp: d0420679, CheckSum: 69b7e RVA 000030DC, 00007ffa`e4f50000 - 00007ffa`e4f6a000: 'C:\Windows\System32\keyiso.dll', DllCharacteristics: 4160, Timestamp: f06fb443, CheckSum: 21b8f RVA 00003148, 00007ffa`f66d0000 - 00007ffa`f66eb000: 'C:\Windows\System32\mpr.dll', DllCharacteristics: 4160, Timestamp: 696e6b80, CheckSum: 1ae62 Stream 3: type UnloadedModuleListStream (14), size 00000084, RVA 000031B4 5 unloaded modules RVA 000031C0, 00007ffb`04a40000 - 00007ffb`04af7000: 'aadcloudap.dll' RVA 000031D8, 00007ffb`04a20000 - 00007ffb`04a38000: 'samcli.dll' RVA 000031F0, 00007ffb`049f0000 - 00007ffb`04a13000: 'CRYPTXML.dll' RVA 00003208, 00007ffb`04890000 - 00007ffb`049e2000: 'webservices.dll' RVA 00003220, 00007ffb`04910000 - 00007ffb`0491c000: 'credssp.dll' Stream 4: type TokenInformationStream (19), size 000002C0, RVA 00003238 1 Tokens Token 338 for 824 Stream 5: type MemoryListStream (5), size 00000F04, RVA 0000A4EB 240 memory ranges range# RVA Address Size 0 0000B3EF 000001fe`88fb0000 00000000`000ff000 1 0010A3EF 000001fe`89c80000 00000000`00077000 2 001813EF 000001fe`89e83000 00000000`00034000 3 001B53EF 000001fe`89f80000 00000000`000ff000 4 002B43EF 000001fe`8a1c2000 00000000`00127000 5 003DB3EF 00007ffb`055fe000 00000000`00004000 6 003DF3EF 000001fe`89200000 00000000`00001000 7 003E03EF 00007ffb`05605000 00000000`00000140 8 003E052F 000001fe`89b00000 00000000`00002000 9 003E252F 00007ffb`05d37000 00000000`00000620 10 003E2B4F 000001fe`89210000 00000000`00001000 11 003E3B4F 00007ffa`f24ef000 00000000`0000a000 12 003EDB4F 00007ffb`050b0000 00000000`0000959a 13 003F70E9 00007ffb`04d1a000 00000000`00001000 14 003F80E9 00007ff6`5374c000 00000000`00001000 15 003F90E9 00007ff6`5374e000 00000000`00000030 16 003F9119 00007ffb`04989000 00000000`00001000 17 003FA119 00007ffb`04eed000 00000000`00005000 18 003FF119 00007ffb`0498b000 00000000`00000038 19 003FF151 000001fe`89220000 00000000`00001000 20 00400151 000000fe`70274000 00000000`0000c000 21 0040C151 00007ffa`e4f66000 00000000`00001000 22 0040D151 000001fe`8a080000 00000000`00001000 23 0040E151 00007ffa`f676a000 00000000`00001000 24 0040F151 00007ffb`050c1000 00000000`000009d0 25 0040FB21 00007ffb`04ef6000 00000000`000004a8 26 0040FFC9 00007ffb`08bff000 00000000`00008000 27 00417FC9 00007ffa`f676d000 00000000`00000058 28 00418021 000001fe`89230000 00000000`00001000 29 00419021 000001fe`8a08c000 00000000`00001000 30 0041A021 000000fe`6fef4000 00000000`0000c000 31 00426021 00007ffb`05638000 00000000`0000103c 32 0042705D 00007ffa`f3aa0000 00000000`00001000 33 0042805D 00007ffb`050d7000 00000000`00001000 34 0042905D 00007ffa`f3aa2000 00000000`00000120 35 0042917D 00007ffa`ff8e5000 00000000`00001000 36 0042A17D 00007ffb`04b76000 00000000`00002000 37 0042C17D 00007ffb`050d9000 00000000`00000050 38 0042C1CD 00007ffb`0563c000 00000000`00000040 39 0042C20D 00007ffa`ff8e7000 00000000`00000010 40 0042C21D 000000fe`707f4000 00000000`0000c000 41 0043821D 000001fe`89240000 00000000`00001000 42 0043921D 00007ffb`04b7b000 00000000`000000b8 43 004392D5 000001fe`89250000 00000000`00001000 44 0043A2D5 00007ffb`09524000 00000000`00001000 45 0043B2D5 000000fe`6fd43000 00000000`00001000 46 0043C2D5 00007ffa`f5b09000 00000000`00001000 47 0043D2D5 00007ffb`04d5a000 00000000`00002000 48 0043F2D5 000001fe`89420000 00000000`0000f000 49 0044E2D5 00007ffb`0548a000 00000000`0000a000 50 004582D5 00007ffb`098bf000 00000000`0000b000 51 004632D5 00007ffa`f5b0c000 00000000`00000170 52 00463445 00007ffb`09529000 00000000`00000090 53 004634D5 000000fe`6fd48000 00000000`00002000 54 004654D5 00007ffb`04d5e000 00000000`000001c8 55 0046569D 00007ffb`06a16000 00000000`00002000 56 0046769D 000000fe`6fd4e000 00000000`00008000 57 0046F69D 00007ffb`050fc000 00000000`00004304 58 004739A1 000001fe`89260000 00000000`00001000 59 004749A1 00007ffb`05661000 00000000`00001000 60 004759A1 00007ffb`06a21000 00000000`000003f8 61 00475D99 000001fe`89430000 00000000`00069000 62 004DED99 00007ffb`05664000 00000000`00000150 63 004DEEE9 00007ffb`05102000 00000000`000000a0 64 004DEF89 00007ffb`0480b000 00000000`00003000 65 004E1F89 00007df5`66820000 00000000`00001000 66 004E2F89 00007ffb`04641000 00000000`00003000 67 004E5F89 00007ffb`0549e000 00000000`00000850 68 004E67D9 000000fe`700f4000 00000000`0000c000 69 004F27D9 00007ffb`04811000 00000000`00000208 70 004F29E1 00007ffb`098d8000 00000000`00003510 71 004F5EF1 000001fe`89270000 00000000`0000f000 72 00504EF1 00007ffb`052db000 00000000`000053f8 73 0050A2E9 00007ffb`04d7a000 00000000`00001000 74 0050B2E9 00007ffb`025fe000 00000000`00001000 75 0050C2E9 000001fe`89b70000 00000000`00002000 76 0050E2E9 000000fe`6fd68000 00000000`00002000 77 005102E9 00007ffb`02604000 00000000`000000f8 78 005103E1 000001fe`890b0000 00000000`00002000 79 005123E1 000000fe`6fd6c000 00000000`00002000 80 005143E1 00007ffb`04bb8000 00000000`000065d8 81 0051A9B9 00007ffb`052e8000 00000000`00000368 82 0051AD21 000001fe`89280000 00000000`00001000 83 0051BD21 000000fe`6fd72000 00000000`00002000 84 0051DD21 00007ffb`04827000 00000000`00001000 85 0051ED21 00007ffb`04829000 00000000`00000028 86 0051ED49 000000fe`6fd76000 00000000`00002000 87 00520D49 000001fe`89b80000 00000000`0002c000 88 0054CD49 00007ffb`04bc1000 00000000`000001c8 89 0054CF11 000000fe`70674000 00000000`0000c000 90 00558F11 000000fe`6fd7c000 00000000`00002000 91 0055AF11 00007ffb`04f5f000 00000000`00002000 92 0055CF11 00007ffb`06880000 00000000`00001000 93 0055DF11 00007ffb`0244c000 00000000`00001000 94 0055EF11 000001fe`89290000 00000000`0000f000 95 0056DF11 00007ffb`06883000 00000000`00000048 96 0056DF59 000001fe`899c0000 00000000`00016000 97 00583F59 00007ffb`04f64000 00000000`00000070 98 00583FC9 00007ffb`02451000 00000000`00000078 99 00584041 000000fe`6fd84000 00000000`00008000 100 0058C041 00007ffb`05136000 00000000`00001000 101 0058D041 000000fe`702ec000 00000000`00014000 102 005A1041 00007ffb`05138000 00000000`00000130 103 005A1171 000001fe`892a0000 00000000`00001000 104 005A2171 00007ffb`04a10000 00000000`00003000 105 005A5171 00007ffb`04a18000 00000000`00000358 106 005A54C9 00007ffb`04f7f000 00000000`00002000 107 005A74C9 000001fe`892b0000 00000000`00002000 108 005A94C9 00007ffb`04f82000 00000000`00000078 109 005A9541 00007ffb`05150000 00000000`00001000 110 005AA541 00007ffb`05a4a000 00000000`00003000 111 005AD541 00007ffb`05152000 00000000`00000118 112 005AD659 00007ffb`08e59000 00000000`0000115c 113 005AE7B5 00007ffa`f3eb3000 00000000`00001000 114 005AF7B5 000000fe`6ff74000 00000000`0000c000 115 005BB7B5 00007ffb`04bf3000 00000000`00002000 116 005BD7B5 00007ffa`f3eb7000 00000000`00000180 117 005BD935 000001fe`89d80000 00000000`00036000 118 005F3935 00007ffb`04bf7000 00000000`00000158 119 005F3A8D 00007ffa`fba97000 00000000`00001000 120 005F4A8D 00007ffa`fba99000 00000000`00000060 121 005F4AED 000001fe`88f30000 00000000`00007000 122 005FBAED 000001fe`89100000 00000000`00001000 123 005FCAED 00007ffb`05505000 00000000`00001000 124 005FDAED 00007ffb`04876000 00000000`00001000 125 005FEAED 00007ffb`05507000 00000000`00000058 126 005FEB45 00007ffb`04879000 00000000`000002f8 127 005FEE3D 00007ffb`04fb3000 00000000`00001000 128 005FFE3D 00007ffb`04887000 00000000`00001000 129 00600E3D 00007ffb`04fb6000 00000000`00000048 130 00600E85 00007ffb`05182000 00000000`00001000 131 00601E85 00007ffb`04889000 00000000`00000060 132 00601EE5 00007ffb`05185000 00000000`00000058 133 00601F3D 00007ffa`fbac3000 00000000`00001000 134 00602F3D 000000fe`70174000 00000000`0000c000 135 0060EF3D 00007ffb`08598000 00000000`00006044 136 00614F81 00007ffa`fbac5000 00000000`000001e0 137 00615161 000001fe`892f0000 00000000`00001000 138 00616161 00007ffb`08204000 00000000`00001000 139 00617161 00007ffb`04a61000 00000000`00002000 140 00619161 00007ffb`04a65000 00000000`000001a8 141 00619309 00007ffb`058c6000 00000000`00001000 142 0061A309 000001fe`89130000 00000000`00001000 143 0061B309 00007ffa`f3efa000 00000000`00006000 144 00621309 00007ffb`04c37000 00000000`00001000 145 00622309 00007ffb`058c8000 00000000`000000b8 146 006223C1 00007ffb`04c3a000 00000000`00000188 147 00622549 000001fe`89300000 00000000`00002000 148 00624549 00007ffa`f3f01000 00000000`00000020 149 00624569 000001fe`88f70000 00000000`00001000 150 00625569 00007ffa`feb58000 00000000`00001000 151 00626569 000001fe`89140000 00000000`0000f000 152 00635569 00007ffa`feb5a000 00000000`00000010 153 00635579 000001fe`88f80000 00000000`00010000 154 00645579 000001fe`89150000 00000000`0000f000 155 00654579 00007ffb`0571c000 00000000`00001000 156 00655579 00007ffb`085c8000 00000000`000005d0 157 00655B49 00007ffb`0571e000 00000000`00000040 158 00655B89 00007ffb`046f7000 00000000`00001000 159 00656B89 00007ffb`05ab6000 00000000`00001070 160 00657BF9 000000fe`70374000 00000000`0000c000 161 00663BF9 000001fe`8a180000 00000000`00041000 162 006A4BF9 00007ffb`046fc000 00000000`000003a0 163 006A4F99 00007ffb`036d5000 00000000`00001000 164 006A5F99 00007ffb`05abc000 00000000`00000170 165 006A6109 00007ffb`036d7000 00000000`00000038 166 006A6141 00007ffb`051c7000 00000000`00001000 167 006A7141 000001fe`89160000 00000000`00002000 168 006A9141 00007ffb`04a9b000 00000000`00001000 169 006AA141 00007ffb`04a9d000 00000000`000000b8 170 006AA1F9 000001fe`88fa0000 00000000`0000f000 171 006B91F9 000000fe`6fff4000 00000000`0000c000 172 006C51F9 00007ffb`0573e000 00000000`00001000 173 006C61F9 000001fe`89340000 00000000`00001000 174 006C71F9 00007ffb`050135d4 00000000`00000100 175 006C72F9 00007ffb`06b03000 00000000`00003000 176 006CA2F9 00007ffa`f2f1e000 00000000`00001000 177 006CB2F9 00007ffa`f2f20000 00000000`000000a0 178 006CB399 000000fe`7056d000 00000000`00013000 179 006DE399 00007ffb`04729000 00000000`00008b00 180 006E6E99 00007ffb`06b0f000 00000000`00000140 181 006E6FD9 00007ffb`04e58000 00000000`00004000 182 006EAFD9 000001fe`88df0000 00000000`00011000 183 006FBFD9 00007ffb`051f4000 00000000`00001000 184 006FCFD9 000001fe`8a380000 00000000`00001000 185 006FDFD9 00007ffb`04e60000 00000000`000004d8 186 006FE4B1 00007ffb`051f7000 00000000`000000f8 187 006FE5A9 00007ffb`04733000 00000000`00000078 188 006FE621 000001fe`898c0000 00000000`0003f000 189 0073D621 00007ffb`097ffbf4 00000000`000001e0 190 0073D801 00007ffb`098001f4 00000000`00000100 191 0073D901 00007ffb`098006c4 00000000`00000100 192 0073DA01 00007ffb`05e91000 00000000`00007000 193 00744A01 000001fe`89530000 00000000`00001000 194 00745A01 00007ffb`098034e4 00000000`00000100 195 00745B01 000001fe`891a0000 00000000`00003000 196 00748B01 00007ffa`f66e6000 00000000`00001000 197 00749B01 000000fe`701f4000 00000000`0000c000 198 00755B01 00007ffa`f66e8000 00000000`00000070 199 00755B71 00007ffb`0576d000 00000000`00001000 200 00756B71 00007ffb`05770000 00000000`00000088 201 00756BF9 00007ffb`04e78000 00000000`00001000 202 00757BF9 00007ffb`04e7a000 00000000`00000040 203 00757C39 00007ffb`08f1a000 00000000`00004442 204 0075C07B 00007ffb`05ea5000 00000000`000004d8 205 0075C553 000001fe`891b0000 00000000`0000f000 206 0076B553 00007ffb`08f24000 00000000`00000470 207 0076B9C3 00007ffb`0594c000 00000000`00001000 208 0076C9C3 00007ffb`06974000 00000000`00004000 209 007709C3 00007ffb`04af1000 00000000`00002000 210 007729C3 000000fe`6fe74000 00000000`0000c000 211 0077E9C3 00007ffb`04928000 00000000`00001000 212 0077F9C3 00007ffb`04af5000 00000000`00000110 213 0077FAD3 00007ffb`0697d000 00000000`00000040 214 0077FB13 000001fe`891c0000 00000000`00002000 215 00781B13 000001fe`89390000 00000000`0000f000 216 00790B13 00007ffb`082a5000 00000000`00004000 217 00794B13 000001fe`89ac0000 00000000`00002000 218 00796B13 00007ffb`082ae000 00000000`00000120 219 00796C33 00007ffb`08647000 00000000`00002000 220 00798C33 00007ffb`045ac000 00000000`00002000 221 0079AC33 00007ffb`0864c000 00000000`000000b8 222 0079ACEB 00007ffb`045af000 00000000`00000010 223 0079ACFB 000001fe`89570000 00000000`0000f000 224 007A9CFB 00007ffb`04782000 00000000`00001000 225 007AACFB 00007ffb`094b2000 00000000`00002000 226 007ACCFB 00007ffb`04786000 00000000`000002c0 227 007ACFBB 00007ffb`057ae000 00000000`0000107c 228 007AE037 000001fe`893b0000 00000000`0000f000 229 007BD037 000001fe`88e50000 00000000`00002000 230 007BF037 00007ffb`057b2000 00000000`00000090 231 007BF0C7 00007ffb`04cf1000 00000000`00002000 232 007C10C7 000000fe`70074000 00000000`0000c000 233 007CD0C7 00007ffb`094c0000 00000000`00000288 234 007CD34F 000001fe`89e80000 00000000`00002000 235 007CF34F 000001fe`893c0000 00000000`00002000 236 007D134F 00007ffb`04cfb000 00000000`000001d8 237 007D1527 00007ffb`05d23000 00000000`000046e0 238 007D5C07 00007ffb`04968000 00000000`00001000 239 007D6C07 00007ffb`0496b000 00000000`00000188 Total memory: 7cb9a0 Stream 6: type MemoryInfoListStream (16), size 00009670, RVA 007F5637 Stream 7: type ExceptionStream (6), size 000000A8, RVA 00000690 ThreadID 884 ExceptionCode C0000005 ExceptionRecord 0 ExceptionAddress 7ffb05013654 Context record RVA 4f62, size 4d0 Stream 8: type SystemInfoStream (7), size 00000038, RVA 00000104 ProcessorArchitecture 0009 (PROCESSOR_ARCHITECTURE_AMD64) ProcessorLevel 0006 ProcessorRevision 5507 NumberOfProcessors 08 MajorVersion 0000000A MinorVersion 00000000 BuildNumber 00004563 (17763) PlatformId 00000002 (VER_PLATFORM_WIN32_NT) CSDVersionRva 0000377C Length: 0 Product: Server, suite: TerminalServer SingleUserTS Stream 9: type MiscInfoStream (15), size 00000554, RVA 0000013C Stream 10: type HandleDataStream (12), size 0000E908, RVA 007E6D2F 1491 descriptors, header size is 16, descriptor size is 40 Handle(0000000000000004,"Event","") Handle(0000000000000008,"Event","") Handle(000000000000000C,"WaitCompletionPacket","") Handle(0000000000000010,"IoCompletion","") Handle(0000000000000014,"TpWorkerFactory","") Handle(0000000000000018,"IRTimer","") Handle(000000000000001C,"WaitCompletionPacket","") Handle(0000000000000020,"IRTimer","") Handle(0000000000000024,"WaitCompletionPacket","") Handle(0000000000000028,"","") Handle(000000000000002C,"","") Handle(0000000000000030,"","") Handle(0000000000000034,"Directory","\KnownDlls") Handle(0000000000000038,"Event","") Handle(000000000000003C,"Event","") Handle(0000000000000040,"File","") Handle(0000000000000044,"","") Handle(0000000000000048,"Mutant","\BaseNamedObjects\SM0:824:304:WilStaging_02") Handle(000000000000004C,"ALPC Port","") Handle(0000000000000050,"Directory","\BaseNamedObjects") Handle(0000000000000054,"Semaphore","\BaseNamedObjects\SM0:824:304:WilStaging_02_p0") Handle(0000000000000058,"Semaphore","\BaseNamedObjects\SM0:824:304:WilStaging_02_p0h") Handle(000000000000005C,"","") Handle(0000000000000060,"","") Handle(0000000000000064,"Key","\REGISTRY\MACHINE") Handle(0000000000000068,"IoCompletion","") Handle(000000000000006C,"TpWorkerFactory","") Handle(0000000000000070,"IRTimer","") Handle(0000000000000074,"WaitCompletionPacket","") Handle(0000000000000078,"IRTimer","") Handle(000000000000007C,"WaitCompletionPacket","") Handle(0000000000000080,"Mutant","") Handle(0000000000000084,"Semaphore","") Handle(0000000000000088,"Semaphore","") Handle(000000000000008C,"ALPC Port","\SeLsaCommandPort") Handle(0000000000000090,"ALPC Port","") Handle(0000000000000094,"ALPC Port","") Handle(0000000000000098,"Event","") Handle(000000000000009C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager") Handle(00000000000000A0,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions") Handle(00000000000000A4,"","") Handle(00000000000000A8,"","") Handle(00000000000000AC,"","") Handle(00000000000000B0,"Semaphore","") Handle(00000000000000B4,"Semaphore","") Handle(00000000000000B8,"Event","") Handle(00000000000000BC,"File","") Handle(00000000000000C0,"","") Handle(00000000000000C4,"","") Handle(00000000000000C8,"","") Handle(00000000000000CC,"Semaphore","") Handle(00000000000000D0,"Semaphore","") Handle(00000000000000D4,"Semaphore","") Handle(00000000000000D8,"Semaphore","") Handle(00000000000000DC,"Semaphore","") Handle(00000000000000E0,"Semaphore","") Handle(00000000000000E4,"Semaphore","") Handle(00000000000000E8,"Semaphore","") Handle(00000000000000EC,"","") Handle(00000000000000F0,"","") Handle(00000000000000F4,"","") Handle(00000000000000F8,"","") Handle(00000000000000FC,"Event","") Handle(0000000000000100,"Semaphore","") Handle(0000000000000104,"Semaphore","") Handle(0000000000000108,"","") Handle(000000000000010C,"","") Handle(0000000000000110,"","") Handle(0000000000000114,"","") Handle(0000000000000118,"","") Handle(000000000000011C,"Semaphore","") Handle(0000000000000120,"Semaphore","") Handle(0000000000000124,"Semaphore","") Handle(0000000000000128,"Token","") Handle(000000000000012C,"Section","\LsaPerformance") Handle(0000000000000130,"","") Handle(0000000000000134,"","") Handle(0000000000000138,"","") Handle(000000000000013C,"","") Handle(0000000000000140,"","") Handle(0000000000000144,"Semaphore","") Handle(0000000000000148,"Semaphore","") Handle(000000000000014C,"Event","") Handle(0000000000000150,"WaitCompletionPacket","") Handle(0000000000000154,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa") Handle(0000000000000158,"Event","") Handle(000000000000015C,"WaitCompletionPacket","") Handle(0000000000000160,"IoCompletion","") Handle(0000000000000164,"TpWorkerFactory","") Handle(0000000000000168,"IRTimer","") Handle(000000000000016C,"WaitCompletionPacket","") Handle(0000000000000170,"IRTimer","") Handle(0000000000000174,"WaitCompletionPacket","") Handle(0000000000000178,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System") Handle(000000000000017C,"Event","") Handle(0000000000000180,"WaitCompletionPacket","") Handle(0000000000000184,"","") Handle(0000000000000188,"","") Handle(000000000000018C,"Event","") Handle(0000000000000190,"File","") Handle(0000000000000194,"WaitCompletionPacket","") Handle(0000000000000198,"Key","\REGISTRY\MACHINE") Handle(000000000000019C,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Ole") Handle(00000000000001A0,"Event","") Handle(00000000000001A4,"Key","\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft") Handle(00000000000001A8,"Key","\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings") Handle(00000000000001AC,"Event","") Handle(00000000000001B0,"","") Handle(00000000000001B4,"","") Handle(00000000000001B8,"","") Handle(00000000000001BC,"Event","") Handle(00000000000001C0,"Event","") Handle(00000000000001C4,"Event","") Handle(00000000000001C8,"Event","") Handle(00000000000001CC,"Event","") Handle(00000000000001D0,"Event","") Handle(00000000000001D4,"","") Handle(00000000000001D8,"","") Handle(00000000000001DC,"","") Handle(00000000000001E0,"","") Handle(00000000000001E4,"","") Handle(00000000000001E8,"","") Handle(00000000000001EC,"","") Handle(00000000000001F0,"","") Handle(00000000000001F4,"Mutant","") Handle(00000000000001F8,"Event","") Handle(00000000000001FC,"Mutant","") Handle(0000000000000200,"Event","") Handle(0000000000000204,"Event","") Handle(0000000000000208,"","") Handle(000000000000020C,"","") Handle(0000000000000210,"Semaphore","") Handle(0000000000000214,"File","") Handle(0000000000000218,"Semaphore","") Handle(000000000000021C,"Semaphore","") Handle(0000000000000220,"Semaphore","") Handle(0000000000000224,"Semaphore","") Handle(0000000000000228,"Semaphore","") Handle(000000000000022C,"Event","") Handle(0000000000000230,"Semaphore","") Handle(0000000000000234,"Semaphore","") Handle(0000000000000238,"Key","\REGISTRY\MACHINE\SECURITY") Handle(000000000000023C,"Key","\REGISTRY\MACHINE\SECURITY\RXACT") Handle(0000000000000240,"Key","\REGISTRY\MACHINE\SECURITY\Policy") Handle(0000000000000244,"Semaphore","") Handle(0000000000000248,"Semaphore","") Handle(000000000000024C,"Semaphore","") Handle(0000000000000250,"Semaphore","") Handle(0000000000000254,"Semaphore","") Handle(0000000000000258,"Semaphore","") Handle(000000000000025C,"Semaphore","") Handle(0000000000000260,"Semaphore","") Handle(0000000000000264,"Event","") Handle(0000000000000268,"Semaphore","") Handle(000000000000026C,"Semaphore","") Handle(0000000000000270,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Audit") Handle(0000000000000274,"WaitCompletionPacket","") Handle(0000000000000278,"Event","") Handle(000000000000027C,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit") Handle(0000000000000280,"WaitCompletionPacket","") Handle(0000000000000284,"Semaphore","") Handle(0000000000000288,"Semaphore","") Handle(000000000000028C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\CentralizedAccessPolicies") Handle(0000000000000290,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\CentralizedAccessPolicies\CAPs") Handle(0000000000000294,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\CentralizedAccessPolicies\CAPEs") Handle(0000000000000298,"Semaphore","") Handle(000000000000029C,"Semaphore","") Handle(00000000000002A0,"Semaphore","") Handle(00000000000002A4,"Semaphore","") Handle(00000000000002A8,"Semaphore","") Handle(00000000000002AC,"Semaphore","") Handle(00000000000002B0,"Semaphore","") Handle(00000000000002B4,"Semaphore","") Handle(00000000000002B8,"Semaphore","") Handle(00000000000002BC,"Semaphore","") Handle(00000000000002C0,"Semaphore","") Handle(00000000000002C4,"Semaphore","") Handle(00000000000002C8,"Semaphore","") Handle(00000000000002CC,"Semaphore","") Handle(00000000000002D0,"Semaphore","") Handle(00000000000002D4,"Semaphore","") Handle(00000000000002D8,"Semaphore","") Handle(00000000000002DC,"Semaphore","") Handle(00000000000002E0,"Semaphore","") Handle(00000000000002E4,"Semaphore","") Handle(00000000000002E8,"Semaphore","") Handle(00000000000002EC,"Semaphore","") Handle(00000000000002F0,"Semaphore","") Handle(00000000000002F4,"Semaphore","") Handle(00000000000002F8,"Token","") Handle(00000000000002FC,"Semaphore","") Handle(0000000000000300,"Semaphore","") Handle(0000000000000304,"Semaphore","") Handle(0000000000000308,"Semaphore","") Handle(000000000000030C,"Semaphore","") Handle(0000000000000310,"Semaphore","") Handle(0000000000000314,"Semaphore","") Handle(0000000000000318,"Semaphore","") Handle(000000000000031C,"Semaphore","") Handle(0000000000000320,"Semaphore","") Handle(0000000000000324,"Semaphore","") Handle(0000000000000328,"Semaphore","") Handle(000000000000032C,"Semaphore","") Handle(0000000000000330,"Semaphore","") Handle(0000000000000334,"Semaphore","") Handle(0000000000000338,"Semaphore","") Handle(000000000000033C,"","") Handle(0000000000000340,"","") Handle(0000000000000344,"","") Handle(0000000000000348,"Event","") Handle(000000000000034C,"Key","\REGISTRY\USER\.DEFAULT\Control Panel\International") Handle(0000000000000350,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids") Handle(0000000000000354,"Semaphore","") Handle(0000000000000358,"Semaphore","") Handle(000000000000035C,"","") Handle(0000000000000360,"","") Handle(0000000000000364,"","") Handle(0000000000000368,"","") Handle(000000000000036C,"Semaphore","") Handle(0000000000000370,"Semaphore","") Handle(0000000000000374,"Semaphore","") Handle(0000000000000378,"Semaphore","") Handle(000000000000037C,"","") Handle(0000000000000380,"","") Handle(0000000000000384,"","") Handle(0000000000000388,"","") Handle(000000000000038C,"","") Handle(0000000000000390,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Parameters") Handle(0000000000000394,"Event","\DSYSDBG.Debug.Trace.Memory.338") Handle(0000000000000398,"Section","\BaseNamedObjects\Debug.Trace.Memory.338") Handle(000000000000039C,"Event","") Handle(00000000000003A0,"WaitCompletionPacket","") Handle(00000000000003A4,"","") Handle(00000000000003A8,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Parameters") Handle(00000000000003AC,"Semaphore","") Handle(00000000000003B0,"Semaphore","") Handle(00000000000003B4,"Event","") Handle(00000000000003B8,"Semaphore","") Handle(00000000000003BC,"Semaphore","") Handle(00000000000003C0,"Semaphore","") Handle(00000000000003C4,"Semaphore","") Handle(00000000000003C8,"Semaphore","") Handle(00000000000003CC,"Semaphore","") Handle(00000000000003D0,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\HostToRealm") Handle(00000000000003D4,"Event","") Handle(00000000000003D8,"WaitCompletionPacket","") Handle(00000000000003DC,"Event","") Handle(00000000000003E0,"Semaphore","") Handle(00000000000003E4,"Semaphore","") Handle(00000000000003E8,"Semaphore","") Handle(00000000000003EC,"Semaphore","") Handle(00000000000003F0,"Semaphore","") Handle(00000000000003F4,"Semaphore","") Handle(00000000000003F8,"Semaphore","") Handle(00000000000003FC,"Semaphore","") Handle(0000000000000404,"Event","") Handle(0000000000000408,"Semaphore","") Handle(000000000000040C,"Semaphore","") Handle(0000000000000410,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Domains") Handle(0000000000000414,"Event","") Handle(0000000000000418,"Semaphore","") Handle(000000000000041C,"Event","") Handle(0000000000000420,"","") Handle(0000000000000424,"","") Handle(0000000000000428,"Semaphore","") Handle(000000000000042C,"Semaphore","") Handle(0000000000000430,"Token","") Handle(0000000000000434,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9") Handle(0000000000000438,"Event","") Handle(000000000000043C,"Event","") Handle(0000000000000440,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5") Handle(0000000000000444,"","") Handle(0000000000000450,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Audit\PerUserAuditing\System") Handle(0000000000000454,"","") Handle(0000000000000458,"","") Handle(000000000000045C,"","") Handle(0000000000000460,"","") Handle(0000000000000464,"","") Handle(0000000000000468,"","") Handle(000000000000046C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa") Handle(0000000000000470,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\MSV1_0") Handle(0000000000000474,"Semaphore","") Handle(0000000000000478,"Semaphore","") Handle(000000000000047C,"Semaphore","") Handle(0000000000000480,"Semaphore","") Handle(0000000000000484,"Semaphore","") Handle(0000000000000488,"Semaphore","") Handle(000000000000048C,"Semaphore","") Handle(0000000000000490,"Semaphore","") Handle(0000000000000494,"Semaphore","") Handle(0000000000000498,"Semaphore","") Handle(000000000000049C,"Semaphore","") Handle(00000000000004A0,"Semaphore","") Handle(00000000000004A4,"Semaphore","") Handle(00000000000004A8,"Semaphore","") Handle(00000000000004AC,"","") Handle(00000000000004B0,"","") Handle(00000000000004B4,"Semaphore","") Handle(00000000000004B8,"Semaphore","") Handle(00000000000004BC,"Semaphore","") Handle(00000000000004C0,"Semaphore","") Handle(00000000000004C4,"Event","") Handle(00000000000004C8,"WaitCompletionPacket","") Handle(00000000000004CC,"File","") Handle(00000000000004D0,"Semaphore","") Handle(00000000000004D4,"Semaphore","") Handle(00000000000004D8,"Semaphore","") Handle(00000000000004DC,"Semaphore","") Handle(00000000000004E0,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") Handle(00000000000004E4,"Event","") Handle(00000000000004E8,"WaitCompletionPacket","") Handle(00000000000004EC,"Key","\REGISTRY\MACHINE\SECURITY\Cache") Handle(00000000000004F0,"","") Handle(00000000000004F4,"Event","") Handle(00000000000004F8,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options") Handle(00000000000004FC,"","") Handle(0000000000000500,"","") Handle(0000000000000504,"","") Handle(0000000000000508,"Semaphore","") Handle(000000000000050C,"Process","") Handle(0000000000000510,"","") Handle(0000000000000514,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Audit\AuditPolicy") Handle(0000000000000518,"Semaphore","") Handle(000000000000051C,"","") Handle(0000000000000520,"","") Handle(0000000000000524,"","") Handle(0000000000000528,"","") Handle(000000000000052C,"Event","") Handle(0000000000000530,"","") Handle(0000000000000534,"File","") Handle(0000000000000538,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces") Handle(000000000000053C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces") Handle(0000000000000540,"","") Handle(0000000000000544,"","") Handle(0000000000000548,"","") Handle(000000000000054C,"","") Handle(0000000000000550,"","") Handle(0000000000000554,"","") Handle(0000000000000558,"","") Handle(000000000000055C,"","") Handle(0000000000000560,"","") Handle(0000000000000564,"","") Handle(0000000000000568,"","") Handle(000000000000056C,"","") Handle(0000000000000570,"Event","") Handle(0000000000000574,"Event","") Handle(0000000000000578,"","") Handle(000000000000057C,"Semaphore","") Handle(0000000000000580,"Semaphore","") Handle(0000000000000584,"Token","") Handle(0000000000000588,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Credssp") Handle(000000000000058C,"","") Handle(0000000000000590,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Credssp") Handle(0000000000000594,"WaitCompletionPacket","") Handle(0000000000000598,"Event","") Handle(000000000000059C,"Semaphore","") Handle(00000000000005A0,"Semaphore","") Handle(00000000000005A4,"","") Handle(00000000000005A8,"Semaphore","") Handle(00000000000005AC,"Semaphore","") Handle(00000000000005B0,"Semaphore","") Handle(00000000000005B4,"Semaphore","") Handle(00000000000005B8,"Semaphore","") Handle(00000000000005BC,"Semaphore","") Handle(00000000000005C0,"","") Handle(00000000000005C4,"","") Handle(00000000000005C8,"","") Handle(00000000000005CC,"","") Handle(00000000000005D0,"Semaphore","") Handle(00000000000005D4,"Semaphore","") Handle(00000000000005D8,"Semaphore","") Handle(00000000000005DC,"Semaphore","") Handle(00000000000005E0,"Semaphore","") Handle(00000000000005E4,"Semaphore","") Handle(00000000000005E8,"Semaphore","") Handle(00000000000005EC,"Semaphore","") Handle(00000000000005F0,"Semaphore","") Handle(00000000000005F4,"Semaphore","") Handle(00000000000005F8,"Semaphore","") Handle(00000000000005FC,"Semaphore","") Handle(0000000000000600,"Semaphore","") Handle(0000000000000604,"Semaphore","") Handle(0000000000000608,"","") Handle(000000000000060C,"","") Handle(0000000000000610,"","") Handle(0000000000000614,"Semaphore","") Handle(0000000000000618,"","") Handle(000000000000061C,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\IdentityStore\LogonCache\D7F9888F-E3FC-49b0-9EA6-A85B5F392A4F") Handle(0000000000000620,"","") Handle(0000000000000624,"","") Handle(0000000000000628,"","") Handle(000000000000062C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\crypt32") Handle(0000000000000630,"Event","") Handle(0000000000000634,"WaitCompletionPacket","") Handle(0000000000000638,"Semaphore","") Handle(000000000000063C,"Key","\REGISTRY\USER") Handle(0000000000000640,"","") Handle(0000000000000644,"Semaphore","") Handle(0000000000000648,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\IdentityStore\Providers") Handle(000000000000064C,"Event","") Handle(0000000000000650,"","") Handle(0000000000000654,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\WDigest") Handle(0000000000000658,"WaitCompletionPacket","") Handle(000000000000065C,"Event","") Handle(0000000000000660,"Semaphore","") Handle(0000000000000664,"Semaphore","") Handle(0000000000000668,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\WDigest") Handle(000000000000066C,"Semaphore","") Handle(0000000000000670,"Semaphore","") Handle(0000000000000674,"Semaphore","") Handle(0000000000000678,"Semaphore","") Handle(000000000000067C,"Semaphore","") Handle(0000000000000680,"Semaphore","") Handle(0000000000000684,"Semaphore","") Handle(0000000000000688,"Semaphore","") Handle(000000000000068C,"Event","") Handle(0000000000000690,"Semaphore","") Handle(0000000000000694,"Semaphore","") Handle(0000000000000698,"Semaphore","") Handle(000000000000069C,"","") Handle(00000000000006A0,"","") Handle(00000000000006A4,"Semaphore","") Handle(00000000000006A8,"Semaphore","") Handle(00000000000006AC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL") Handle(00000000000006B0,"WaitCompletionPacket","") Handle(00000000000006B4,"Event","") Handle(00000000000006B8,"WaitCompletionPacket","") Handle(00000000000006BC,"Section","\RPC Control\DSEC338") Handle(00000000000006C0,"File","") Handle(00000000000006C8,"Token","") Handle(00000000000006CC,"ALPC Port","\RPC Control\audit") Handle(00000000000006D0,"Event","") Handle(00000000000006D4,"Event","") Handle(00000000000006D8,"ALPC Port","\RPC Control\securityevent") Handle(00000000000006DC,"Event","") Handle(00000000000006E0,"ALPC Port","\RPC Control\LSARPC_ENDPOINT") Handle(00000000000006E4,"Event","") Handle(00000000000006E8,"ALPC Port","\RPC Control\lsacap") Handle(00000000000006EC,"Event","") Handle(00000000000006F0,"ALPC Port","\RPC Control\LSA_IDPEXT_ENDPOINT") Handle(00000000000006F4,"Event","") Handle(00000000000006F8,"ALPC Port","\RPC Control\LSA_EAS_ENDPOINT") Handle(00000000000006FC,"Semaphore","") Handle(0000000000000700,"Semaphore","") Handle(0000000000000704,"Semaphore","") Handle(0000000000000708,"Semaphore","") Handle(000000000000070C,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\IdentityStore\Cache") Handle(0000000000000714,"Event","") Handle(0000000000000718,"Thread","") Handle(0000000000000720,"Event","") Handle(0000000000000724,"Thread","") Handle(0000000000000728,"","") Handle(000000000000072C,"","") Handle(0000000000000730,"ALPC Port","\RPC Control\lsapolicylookup") Handle(0000000000000734,"","") Handle(0000000000000738,"","") Handle(000000000000073C,"","") Handle(0000000000000740,"","") Handle(0000000000000744,"ALPC Port","\RPC Control\lsasspirpc") Handle(0000000000000748,"Event","") Handle(000000000000074C,"ALPC Port","") Handle(0000000000000750,"File","") Handle(0000000000000754,"IoCompletion","") Handle(0000000000000758,"File","") Handle(000000000000075C,"Semaphore","") Handle(0000000000000760,"Semaphore","") Handle(0000000000000764,"Process","") Handle(0000000000000768,"TpWorkerFactory","") Handle(000000000000076C,"IRTimer","") Handle(0000000000000770,"WaitCompletionPacket","") Handle(0000000000000774,"IRTimer","") Handle(0000000000000778,"WaitCompletionPacket","") Handle(000000000000077C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa") Handle(0000000000000780,"Event","\BaseNamedObjects\LSA_RPC_SERVER_ACTIVE") Handle(0000000000000790,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb") Handle(0000000000000794,"Event","") Handle(0000000000000798,"Event","") Handle(000000000000079C,"ALPC Port","\RPC Control\protected_storage") Handle(00000000000007A0,"ALPC Port","\RPC Control\SidKey Local End Point") Handle(00000000000007A4,"Event","") Handle(00000000000007A8,"ALPC Port","") Handle(00000000000007AC,"ALPC Port","") Handle(00000000000007B0,"WaitCompletionPacket","") Handle(00000000000007B4,"Event","") Handle(00000000000007B8,"Semaphore","") Handle(00000000000007BC,"Semaphore","") Handle(00000000000007C0,"Process","") Handle(00000000000007C4,"Event","") Handle(00000000000007C8,"Process","") Handle(00000000000007CC,"Semaphore","") Handle(00000000000007D0,"Semaphore","") Handle(00000000000007D4,"Process","") Handle(00000000000007D8,"ALPC Port","") Handle(00000000000007DC,"Event","") Handle(00000000000007E0,"Event","\BaseNamedObjects\LSA_RPC_SERVER_ACTIVE") Handle(00000000000007E4,"Semaphore","") Handle(00000000000007E8,"Semaphore","") Handle(00000000000007EC,"Semaphore","") Handle(00000000000007F0,"Semaphore","") Handle(00000000000007F4,"Process","") Handle(00000000000007F8,"","") Handle(00000000000007FC,"","") Handle(0000000000000804,"Semaphore","") Handle(0000000000000808,"Semaphore","") Handle(000000000000080C,"Semaphore","") Handle(0000000000000810,"Semaphore","") Handle(0000000000000814,"Event","") Handle(0000000000000818,"Event","") Handle(000000000000081C,"Key","\REGISTRY\MACHINE\SAM\SAM") Handle(0000000000000820,"","") Handle(0000000000000824,"Key","\REGISTRY\MACHINE\SAM\SAM\RXACT") Handle(0000000000000828,"Key","\REGISTRY\MACHINE\SAM\SAM\Domains\Builtin") Handle(000000000000082C,"Key","\REGISTRY\MACHINE\SAM\SAM\Domains\Account") Handle(0000000000000830,"","") Handle(0000000000000834,"","") Handle(0000000000000838,"Event","") Handle(000000000000083C,"ALPC Port","") Handle(0000000000000840,"Semaphore","") Handle(0000000000000844,"","") Handle(0000000000000848,"ALPC Port","\RPC Control\samss lpc") Handle(000000000000084C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SAM") Handle(0000000000000850,"Event","") Handle(0000000000000854,"WaitCompletionPacket","") Handle(0000000000000858,"Semaphore","") Handle(000000000000085C,"ALPC Port","") Handle(0000000000000860,"Semaphore","") Handle(0000000000000864,"Semaphore","") Handle(0000000000000868,"Semaphore","") Handle(000000000000086C,"Process","") Handle(0000000000000870,"Semaphore","") Handle(0000000000000878,"","") Handle(000000000000087C,"","") Handle(0000000000000880,"","") Handle(0000000000000884,"","") Handle(0000000000000888,"Semaphore","") Handle(000000000000088C,"Semaphore","") Handle(0000000000000890,"Semaphore","") Handle(0000000000000894,"","") Handle(0000000000000898,"","") Handle(000000000000089C,"Event","") Handle(00000000000008A0,"WaitCompletionPacket","") Handle(00000000000008A4,"Event","") Handle(00000000000008A8,"Event","") Handle(00000000000008AC,"ALPC Port","\RPC Control\MicrosoftLaps_LRPC_0fb2f016-fe45-4a08-a7f9-a467f5e5fa0b") Handle(00000000000008B0,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SAM\ComponentUpdates") Handle(00000000000008B4,"Event","") Handle(00000000000008B8,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SAM\ComponentUpdates\BuiltIn") Handle(00000000000008BC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SAM\ComponentUpdates\Account") Handle(00000000000008C0,"Event","") Handle(00000000000008C4,"WaitCompletionPacket","") Handle(00000000000008C8,"","") Handle(00000000000008CC,"Event","\BaseNamedObjects\LSA_SUBSYSTEM_INITIALIZED") Handle(00000000000008D0,"Token","") Handle(00000000000008D4,"Event","\SAM_SERVICE_STARTED") Handle(00000000000008DC,"WaitCompletionPacket","") Handle(00000000000008E0,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder") Handle(00000000000008E4,"Semaphore","") Handle(00000000000008E8,"WaitCompletionPacket","") Handle(00000000000008EC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\ComponentUpdates\SecurityInstallationProvider") Handle(00000000000008F0,"ALPC Port","") Handle(00000000000008F8,"Token","") Handle(00000000000008FC,"Semaphore","") Handle(0000000000000900,"Semaphore","") Handle(0000000000000904,"Process","") Handle(0000000000000908,"Semaphore","") Handle(000000000000090C,"Semaphore","") Handle(0000000000000910,"Process","") Handle(0000000000000914,"Semaphore","") Handle(0000000000000918,"ALPC Port","") Handle(000000000000091C,"Token","") Handle(0000000000000920,"Semaphore","") Handle(0000000000000924,"ALPC Port","") Handle(0000000000000928,"Semaphore","") Handle(000000000000092C,"Semaphore","") Handle(0000000000000930,"Process","") Handle(0000000000000938,"Semaphore","") Handle(000000000000093C,"Semaphore","") Handle(0000000000000940,"Semaphore","") Handle(0000000000000944,"Semaphore","") Handle(0000000000000948,"Token","") Handle(000000000000094C,"Process","") Handle(0000000000000950,"Token","") Handle(0000000000000954,"Semaphore","") Handle(0000000000000958,"Semaphore","") Handle(000000000000095C,"Process","") Handle(0000000000000960,"Token","") Handle(0000000000000964,"ALPC Port","") Handle(0000000000000968,"Token","") Handle(0000000000000970,"Semaphore","") Handle(0000000000000974,"Semaphore","") Handle(0000000000000978,"Process","") Handle(000000000000097C,"Token","") Handle(0000000000000980,"Token","") Handle(0000000000000984,"Token","") Handle(0000000000000988,"Token","") Handle(000000000000098C,"ALPC Port","") Handle(0000000000000994,"Semaphore","") Handle(0000000000000998,"File","") Handle(000000000000099C,"Event","\BaseNamedObjects\TermSrvReadyEvent") Handle(00000000000009A0,"ALPC Port","") Handle(00000000000009A8,"Semaphore","") Handle(00000000000009B8,"Semaphore","") Handle(00000000000009BC,"Semaphore","") Handle(00000000000009C0,"Event","") Handle(00000000000009C4,"Token","") Handle(00000000000009D4,"Semaphore","") Handle(00000000000009DC,"ALPC Port","") Handle(00000000000009F0,"Semaphore","") Handle(00000000000009F8,"ALPC Port","") Handle(00000000000009FC,"Semaphore","") Handle(0000000000000A00,"ALPC Port","") Handle(0000000000000A04,"Semaphore","") Handle(0000000000000A08,"Process","") Handle(0000000000000A0C,"Semaphore","") Handle(0000000000000A10,"Semaphore","") Handle(0000000000000A14,"Process","") Handle(0000000000000A18,"ALPC Port","") Handle(0000000000000A1C,"ALPC Port","") Handle(0000000000000A24,"Event","") Handle(0000000000000A28,"Semaphore","") Handle(0000000000000A30,"Semaphore","") Handle(0000000000000A34,"Semaphore","") Handle(0000000000000A38,"ALPC Port","") Handle(0000000000000A3C,"Process","") Handle(0000000000000A40,"","") Handle(0000000000000A4C,"Semaphore","") Handle(0000000000000A54,"Event","") Handle(0000000000000A58,"Event","") Handle(0000000000000A5C,"Semaphore","") Handle(0000000000000A60,"Semaphore","") Handle(0000000000000A64,"Process","") Handle(0000000000000A74,"Thread","") Handle(0000000000000A78,"ALPC Port","") Handle(0000000000000A7C,"Event","") Handle(0000000000000A80,"Semaphore","") Handle(0000000000000A84,"Semaphore","") Handle(0000000000000A88,"Semaphore","") Handle(0000000000000A8C,"Token","") Handle(0000000000000A90,"ALPC Port","") Handle(0000000000000A94,"Token","") Handle(0000000000000A98,"Process","") Handle(0000000000000A9C,"Semaphore","") Handle(0000000000000AA0,"Semaphore","") Handle(0000000000000AA4,"Process","") Handle(0000000000000AA8,"Token","") Handle(0000000000000AAC,"Token","") Handle(0000000000000AB0,"Token","") Handle(0000000000000AB4,"Token","") Handle(0000000000000ABC,"ALPC Port","") Handle(0000000000000AC8,"Process","") Handle(0000000000000ACC,"ALPC Port","") Handle(0000000000000AD4,"ALPC Port","") Handle(0000000000000AD8,"ALPC Port","") Handle(0000000000000ADC,"Process","") Handle(0000000000000AE0,"ALPC Port","") Handle(0000000000000AE4,"Token","") Handle(0000000000000AE8,"Semaphore","") Handle(0000000000000AEC,"Semaphore","") Handle(0000000000000AF0,"Process","") Handle(0000000000000AF4,"ALPC Port","") Handle(0000000000000AFC,"Token","") Handle(0000000000000B08,"Token","") Handle(0000000000000B0C,"Event","") Handle(0000000000000B1C,"Token","") Handle(0000000000000B20,"Token","") Handle(0000000000000B24,"Event","") Handle(0000000000000B34,"Semaphore","") Handle(0000000000000B38,"ALPC Port","") Handle(0000000000000B3C,"Semaphore","") Handle(0000000000000B40,"Thread","") Handle(0000000000000B44,"Semaphore","") Handle(0000000000000B48,"Semaphore","") Handle(0000000000000B4C,"Process","") Handle(0000000000000B50,"Semaphore","") Handle(0000000000000B54,"Process","") Handle(0000000000000B58,"ALPC Port","") Handle(0000000000000B5C,"Event","") Handle(0000000000000B60,"Semaphore","") Handle(0000000000000B64,"Semaphore","") Handle(0000000000000B68,"Process","") Handle(0000000000000B6C,"Semaphore","") Handle(0000000000000B70,"Semaphore","") Handle(0000000000000B74,"Semaphore","") Handle(0000000000000B78,"Event","") Handle(0000000000000B7C,"Token","") Handle(0000000000000B80,"Semaphore","") Handle(0000000000000B94,"ALPC Port","") Handle(0000000000000B9C,"ALPC Port","") Handle(0000000000000BA0,"ALPC Port","") Handle(0000000000000BA4,"Semaphore","") Handle(0000000000000BA8,"Semaphore","") Handle(0000000000000BAC,"Semaphore","") Handle(0000000000000BB0,"Process","") Handle(0000000000000BB4,"Thread","") Handle(0000000000000BB8,"Event","") Handle(0000000000000BBC,"ALPC Port","") Handle(0000000000000BC0,"File","") Handle(0000000000000BC4,"Semaphore","") Handle(0000000000000BC8,"Token","") Handle(0000000000000BCC,"Semaphore","") Handle(0000000000000BD0,"Semaphore","") Handle(0000000000000BD4,"Event","") Handle(0000000000000BD8,"WaitCompletionPacket","") Handle(0000000000000BDC,"File","") Handle(0000000000000BE0,"Event","") Handle(0000000000000BE4,"WaitCompletionPacket","") Handle(0000000000000BE8,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters") Handle(0000000000000BF0,"Event","") Handle(0000000000000BF4,"Semaphore","") Handle(0000000000000BF8,"ALPC Port","") Handle(0000000000000C04,"Semaphore","") Handle(0000000000000C08,"","") Handle(0000000000000C0C,"File","") Handle(0000000000000C10,"Semaphore","") Handle(0000000000000C14,"Semaphore","") Handle(0000000000000C18,"Semaphore","") Handle(0000000000000C1C,"Semaphore","") Handle(0000000000000C20,"Event","") Handle(0000000000000C24,"Thread","") Handle(0000000000000C28,"File","") Handle(0000000000000C2C,"Semaphore","") Handle(0000000000000C30,"Semaphore","") Handle(0000000000000C34,"","") Handle(0000000000000C38,"Event","") Handle(0000000000000C3C,"File","") Handle(0000000000000C40,"","") Handle(0000000000000C44,"Event","") Handle(0000000000000C48,"File","") Handle(0000000000000C4C,"Event","") Handle(0000000000000C50,"Thread","") Handle(0000000000000C54,"Event","") Handle(0000000000000C58,"File","") Handle(0000000000000C5C,"File","") Handle(0000000000000C60,"Event","") Handle(0000000000000C64,"Event","") Handle(0000000000000C68,"Semaphore","") Handle(0000000000000C6C,"Semaphore","") Handle(0000000000000C70,"Semaphore","") Handle(0000000000000C74,"Token","") Handle(0000000000000C78,"","") Handle(0000000000000C7C,"Event","") Handle(0000000000000C84,"Event","") Handle(0000000000000C88,"ALPC Port","\RPC Control\NETLOGON_LRPC") Handle(0000000000000C8C,"Semaphore","") Handle(0000000000000C90,"","") Handle(0000000000000C94,"Semaphore","") Handle(0000000000000C98,"File","") Handle(0000000000000C9C,"ALPC Port","") Handle(0000000000000CA0,"File","") Handle(0000000000000CA4,"File","") Handle(0000000000000CA8,"","") Handle(0000000000000CAC,"Event","") Handle(0000000000000CB0,"Event","\NETLOGON_SERVICE_STARTED") Handle(0000000000000CB4,"Thread","") Handle(0000000000000CB8,"ALPC Port","") Handle(0000000000000CBC,"ALPC Port","") Handle(0000000000000CC0,"Thread","") Handle(0000000000000CC4,"Event","") Handle(0000000000000CC8,"ALPC Port","") Handle(0000000000000CCC,"Semaphore","") Handle(0000000000000CD0,"File","") Handle(0000000000000CD4,"File","") Handle(0000000000000CD8,"Semaphore","") Handle(0000000000000CDC,"ALPC Port","") Handle(0000000000000CE0,"Event","") Handle(0000000000000CE4,"File","") Handle(0000000000000CEC,"ALPC Port","") Handle(0000000000000CF0,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\ProviderOrder") Handle(0000000000000CF4,"Semaphore","") Handle(0000000000000CF8,"ALPC Port","") Handle(0000000000000CFC,"Thread","") Handle(0000000000000D00,"Semaphore","") Handle(0000000000000D04,"Semaphore","") Handle(0000000000000D08,"File","") Handle(0000000000000D10,"Semaphore","") Handle(0000000000000D14,"ALPC Port","") Handle(0000000000000D18,"Event","") Handle(0000000000000D1C,"","") Handle(0000000000000D20,"Semaphore","") Handle(0000000000000D24,"Semaphore","") Handle(0000000000000D28,"Process","") Handle(0000000000000D2C,"","") Handle(0000000000000D30,"Token","") Handle(0000000000000D34,"File","") Handle(0000000000000D38,"Semaphore","") Handle(0000000000000D3C,"Semaphore","") Handle(0000000000000D40,"","") Handle(0000000000000D44,"Semaphore","") Handle(0000000000000D48,"Event","") Handle(0000000000000D4C,"Process","") Handle(0000000000000D58,"Token","") Handle(0000000000000D5C,"Token","") Handle(0000000000000D60,"Token","") Handle(0000000000000D64,"Token","") Handle(0000000000000D68,"Event","") Handle(0000000000000D70,"Semaphore","") Handle(0000000000000D74,"Semaphore","") Handle(0000000000000D78,"Process","") Handle(0000000000000D7C,"Semaphore","") Handle(0000000000000D80,"Process","") Handle(0000000000000D84,"Token","") Handle(0000000000000D88,"Token","") Handle(0000000000000D8C,"Token","") Handle(0000000000000D90,"Token","") Handle(0000000000000D98,"Semaphore","") Handle(0000000000000DA0,"ALPC Port","") Handle(0000000000000DA8,"Semaphore","") Handle(0000000000000DAC,"Semaphore","") Handle(0000000000000DB0,"Process","") Handle(0000000000000DCC,"ALPC Port","") Handle(0000000000000DD0,"Thread","") Handle(0000000000000DD8,"Token","") Handle(0000000000000DDC,"Process","") Handle(0000000000000DE0,"Token","") Handle(0000000000000DE4,"Semaphore","") Handle(0000000000000DE8,"ALPC Port","") Handle(0000000000000DEC,"","") Handle(0000000000000DF0,"Token","") Handle(0000000000000DF4,"Token","") Handle(0000000000000DF8,"Token","") Handle(0000000000000DFC,"Token","") Handle(0000000000000E00,"Token","") Handle(0000000000000E08,"Session","\KernelObjects\Session0") Handle(0000000000000E10,"ALPC Port","") Handle(0000000000000E20,"ALPC Port","") Handle(0000000000000E24,"File","") Handle(0000000000000E28,"Semaphore","") Handle(0000000000000E2C,"Semaphore","") Handle(0000000000000E30,"Process","") Handle(0000000000000E38,"","") Handle(0000000000000E3C,"Semaphore","") Handle(0000000000000E40,"Event","") Handle(0000000000000E44,"ALPC Port","") Handle(0000000000000E48,"WaitCompletionPacket","") Handle(0000000000000E4C,"Semaphore","") Handle(0000000000000E68,"Process","") Handle(0000000000000E6C,"Semaphore","") Handle(0000000000000E70,"Event","") Handle(0000000000000E74,"Token","") Handle(0000000000000E78,"Process","") Handle(0000000000000E84,"Token","") Handle(0000000000000E88,"Event","") Handle(0000000000000E8C,"File","") Handle(0000000000000E90,"Event","") Handle(0000000000000E94,"IoCompletion","") Handle(0000000000000E98,"Token","") Handle(0000000000000E9C,"Event","") Handle(0000000000000EA0,"Event","") Handle(0000000000000EA4,"Token","") Handle(0000000000000EA8,"Event","") Handle(0000000000000EAC,"Semaphore","") Handle(0000000000000EB0,"Semaphore","") Handle(0000000000000EB4,"Thread","") Handle(0000000000000EB8,"Semaphore","") Handle(0000000000000EBC,"File","") Handle(0000000000000EC0,"Token","") Handle(0000000000000EC8,"Semaphore","") Handle(0000000000000ECC,"ALPC Port","") Handle(0000000000000ED4,"Token","") Handle(0000000000000ED8,"ALPC Port","") Handle(0000000000000EDC,"Semaphore","") Handle(0000000000000EE0,"Event","") Handle(0000000000000EE4,"Semaphore","") Handle(0000000000000EE8,"Semaphore","") Handle(0000000000000EEC,"Process","") Handle(0000000000000EF0,"ALPC Port","") Handle(0000000000000EF8,"Token","") Handle(0000000000000F00,"Semaphore","") Handle(0000000000000F04,"Semaphore","") Handle(0000000000000F08,"Process","") Handle(0000000000000F0C,"Token","") Handle(0000000000000F10,"Token","") Handle(0000000000000F14,"Token","") Handle(0000000000000F18,"Token","") Handle(0000000000000F1C,"Semaphore","") Handle(0000000000000F20,"Token","") Handle(0000000000000F24,"Token","") Handle(0000000000000F28,"Token","") Handle(0000000000000F2C,"Semaphore","") Handle(0000000000000F30,"Semaphore","") Handle(0000000000000F34,"Semaphore","") Handle(0000000000000F38,"Process","") Handle(0000000000000F3C,"Process","") Handle(0000000000000F40,"ALPC Port","") Handle(0000000000000F44,"","") Handle(0000000000000F48,"ALPC Port","") Handle(0000000000000F4C,"Semaphore","") Handle(0000000000000F50,"Event","") Handle(0000000000000F54,"Token","") Handle(0000000000000F58,"Semaphore","") Handle(0000000000000F5C,"Semaphore","") Handle(0000000000000F60,"Process","") Handle(0000000000000F64,"ALPC Port","") Handle(0000000000000F68,"ALPC Port","") Handle(0000000000000F6C,"Token","") Handle(0000000000000F70,"Token","") Handle(0000000000000F7C,"","") Handle(0000000000000F80,"Semaphore","") Handle(0000000000000F84,"ALPC Port","") Handle(0000000000000F88,"Session","\KernelObjects\Session0") Handle(0000000000000F90,"Token","") Handle(0000000000000F94,"ALPC Port","") Handle(0000000000000F98,"File","") Handle(0000000000000F9C,"ALPC Port","") Handle(0000000000000FAC,"Token","") Handle(0000000000000FB0,"Event","") Handle(0000000000000FB8,"Token","") Handle(0000000000000FBC,"Token","") Handle(0000000000000FC0,"","") Handle(0000000000000FC4,"Semaphore","") Handle(0000000000000FC8,"Semaphore","") Handle(0000000000000FCC,"Semaphore","") Handle(0000000000000FD0,"Semaphore","") Handle(0000000000000FD4,"Semaphore","") Handle(0000000000000FD8,"Semaphore","") Handle(0000000000000FE0,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL") Handle(0000000000000FE8,"Session","\KernelObjects\Session0") Handle(0000000000000FEC,"Semaphore","") Handle(0000000000000FF0,"Token","") Handle(0000000000000FF4,"Event","") Handle(0000000000000FF8,"ALPC Port","") Handle(0000000000000FFC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa") Handle(0000000000001004,"WaitCompletionPacket","") Handle(0000000000001008,"WaitCompletionPacket","") Handle(000000000000100C,"Key","\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002") Handle(0000000000001010,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Cryptography\Configuration\Local\SSL\00010002") Handle(0000000000001014,"WaitCompletionPacket","") Handle(0000000000001018,"Event","") Handle(000000000000101C,"WaitCompletionPacket","") Handle(0000000000001020,"Semaphore","") Handle(0000000000001024,"","") Handle(0000000000001028,"Semaphore","") Handle(000000000000102C,"Semaphore","") Handle(0000000000001030,"Semaphore","") Handle(0000000000001034,"Semaphore","") Handle(0000000000001038,"Semaphore","") Handle(000000000000103C,"Semaphore","") Handle(0000000000001040,"Semaphore","") Handle(0000000000001044,"Semaphore","") Handle(0000000000001048,"Semaphore","") Handle(000000000000104C,"Semaphore","") Handle(0000000000001050,"Semaphore","") Handle(0000000000001054,"Semaphore","") Handle(0000000000001058,"Semaphore","") Handle(000000000000105C,"Semaphore","") Handle(0000000000001060,"Semaphore","") Handle(0000000000001064,"Semaphore","") Handle(0000000000001068,"Semaphore","") Handle(000000000000106C,"Semaphore","") Handle(0000000000001070,"Semaphore","") Handle(0000000000001074,"Semaphore","") Handle(0000000000001078,"Semaphore","") Handle(000000000000107C,"Semaphore","") Handle(0000000000001080,"Semaphore","") Handle(0000000000001084,"Semaphore","") Handle(0000000000001088,"Semaphore","") Handle(000000000000108C,"Semaphore","") Handle(0000000000001090,"Semaphore","") Handle(0000000000001094,"Semaphore","") Handle(0000000000001098,"Semaphore","") Handle(000000000000109C,"Semaphore","") Handle(00000000000010A0,"Semaphore","") Handle(00000000000010A4,"Semaphore","") Handle(00000000000010A8,"Semaphore","") Handle(00000000000010AC,"Semaphore","") Handle(00000000000010B0,"Semaphore","") Handle(00000000000010B4,"Semaphore","") Handle(00000000000010B8,"Semaphore","") Handle(00000000000010BC,"Semaphore","") Handle(00000000000010C0,"Semaphore","") Handle(00000000000010C4,"Semaphore","") Handle(00000000000010C8,"Semaphore","") Handle(00000000000010CC,"Event","") Handle(00000000000010D0,"Event","") Handle(00000000000010D4,"Event","") Handle(00000000000010D8,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY") Handle(00000000000010DC,"Event","") Handle(00000000000010E0,"Event","") Handle(00000000000010E4,"WaitCompletionPacket","") Handle(00000000000010E8,"Event","") Handle(00000000000010EC,"WaitCompletionPacket","") Handle(00000000000010F0,"Event","") Handle(00000000000010F4,"Semaphore","") Handle(00000000000010F8,"Semaphore","") Handle(00000000000010FC,"Process","") Handle(0000000000001100,"Event","") Handle(0000000000001104,"Event","") Handle(0000000000001108,"Semaphore","") Handle(000000000000110C,"Semaphore","") Handle(0000000000001110,"","") Handle(0000000000001114,"","") Handle(0000000000001118,"","") Handle(000000000000111C,"Token","") Handle(0000000000001120,"Semaphore","") Handle(0000000000001124,"Semaphore","") Handle(0000000000001128,"Semaphore","") Handle(000000000000112C,"Semaphore","") Handle(0000000000001138,"Semaphore","") Handle(000000000000113C,"Semaphore","") Handle(0000000000001140,"Semaphore","") Handle(0000000000001144,"Semaphore","") Handle(0000000000001148,"Semaphore","") Handle(0000000000001150,"Semaphore","") Handle(0000000000001154,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config") Handle(0000000000001158,"Key","\REGISTRY\USER\S-1-5-20") Handle(000000000000115C,"Key","\REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\CA") Handle(0000000000001160,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA") Handle(0000000000001164,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA") Handle(0000000000001168,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed") Handle(000000000000116C,"Key","\REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed") Handle(0000000000001170,"Key","\REGISTRY\USER\S-1-5-20") Handle(0000000000001174,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed") Handle(0000000000001178,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT") Handle(000000000000117C,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root") Handle(0000000000001180,"Key","\REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\Root") Handle(0000000000001184,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot") Handle(0000000000001188,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople") Handle(000000000000118C,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot") Handle(0000000000001190,"Key","\REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\TrustedPeople") Handle(0000000000001194,"Key","\REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\SmartCardRoot") Handle(0000000000001198,"Key","\REGISTRY\USER\S-1-5-20") Handle(000000000000119C,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople") Handle(00000000000011A0,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust") Handle(00000000000011A4,"Key","\REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\trust") Handle(00000000000011A8,"Key","\REGISTRY\USER\S-1-5-20") Handle(00000000000011AC,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust") Handle(00000000000011B0,"Event","") Handle(00000000000011B4,"Event","") Handle(00000000000011B8,"Event","") Handle(00000000000011BC,"Event","") Handle(00000000000011C0,"WaitCompletionPacket","") Handle(00000000000011C4,"Event","") Handle(00000000000011C8,"Event","") Handle(00000000000011CC,"WaitCompletionPacket","") Handle(00000000000011D0,"Event","") Handle(00000000000011D4,"Event","") Handle(00000000000011D8,"WaitCompletionPacket","") Handle(00000000000011DC,"Event","") Handle(00000000000011E0,"Event","") Handle(00000000000011E4,"Event","") Handle(00000000000011E8,"Key","\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates") Handle(00000000000011EC,"Event","") Handle(00000000000011F0,"WaitCompletionPacket","") Handle(00000000000011F4,"Event","") Handle(00000000000011F8,"Event","") Handle(00000000000011FC,"WaitCompletionPacket","") Handle(0000000000001200,"Event","") Handle(0000000000001204,"Event","") Handle(0000000000001208,"WaitCompletionPacket","") Handle(000000000000120C,"Event","") Handle(0000000000001210,"Event","") Handle(0000000000001214,"WaitCompletionPacket","") Handle(0000000000001218,"Event","") Handle(000000000000121C,"Event","") Handle(0000000000001220,"WaitCompletionPacket","") Handle(0000000000001224,"Event","") Handle(0000000000001228,"Event","") Handle(000000000000122C,"Event","") Handle(0000000000001230,"Key","\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates") Handle(0000000000001234,"Event","") Handle(0000000000001238,"WaitCompletionPacket","") Handle(000000000000123C,"Event","") Handle(0000000000001240,"Event","") Handle(0000000000001244,"WaitCompletionPacket","") Handle(0000000000001248,"Event","") Handle(000000000000124C,"Event","") Handle(0000000000001250,"Event","") Handle(0000000000001254,"WaitCompletionPacket","") Handle(0000000000001258,"Event","") Handle(000000000000125C,"Event","") Handle(0000000000001260,"WaitCompletionPacket","") Handle(0000000000001264,"Event","") Handle(0000000000001268,"Event","") Handle(000000000000126C,"Event","") Handle(0000000000001270,"Key","\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates") Handle(0000000000001274,"Event","") Handle(0000000000001278,"WaitCompletionPacket","") Handle(000000000000127C,"Event","") Handle(0000000000001280,"Event","") Handle(0000000000001284,"WaitCompletionPacket","") Handle(0000000000001288,"Event","") Handle(000000000000128C,"Event","") Handle(0000000000001290,"Event","") Handle(0000000000001294,"WaitCompletionPacket","") Handle(0000000000001298,"Event","") Handle(000000000000129C,"Event","") Handle(00000000000012A0,"WaitCompletionPacket","") Handle(00000000000012A4,"Event","") Handle(00000000000012A8,"Event","") Handle(00000000000012AC,"Event","") Handle(00000000000012B0,"Key","\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates") Handle(00000000000012B4,"Event","") Handle(00000000000012B8,"WaitCompletionPacket","") Handle(00000000000012BC,"Event","") Handle(00000000000012C0,"Event","") Handle(00000000000012C4,"WaitCompletionPacket","") Handle(00000000000012C8,"Event","") Handle(00000000000012CC,"Event","") Handle(00000000000012D0,"Event","") Handle(00000000000012D4,"WaitCompletionPacket","") Handle(00000000000012D8,"Event","") Handle(00000000000012DC,"Event","") Handle(00000000000012E0,"WaitCompletionPacket","") Handle(00000000000012E4,"Event","") Handle(00000000000012E8,"Event","") Handle(00000000000012EC,"Event","") Handle(00000000000012F0,"Key","\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates") Handle(00000000000012F4,"Event","") Handle(00000000000012F8,"WaitCompletionPacket","") Handle(00000000000012FC,"Event","") Handle(0000000000001300,"Event","") Handle(0000000000001304,"WaitCompletionPacket","") Handle(0000000000001308,"Event","") Handle(000000000000130C,"Event","") Handle(0000000000001310,"Event","") Handle(0000000000001314,"WaitCompletionPacket","") Handle(0000000000001318,"Event","") Handle(000000000000131C,"WaitCompletionPacket","") Handle(0000000000001320,"File","") Handle(0000000000001324,"WaitCompletionPacket","") Handle(0000000000001328,"Semaphore","") Handle(000000000000132C,"Semaphore","") Handle(0000000000001330,"Token","") Handle(0000000000001334,"Token","") Handle(0000000000001338,"Token","") Handle(000000000000133C,"Token","") Handle(0000000000001340,"Token","") Handle(0000000000001344,"Semaphore","") Handle(0000000000001348,"File","") Handle(0000000000001350,"Semaphore","") Handle(0000000000001354,"Semaphore","") Handle(0000000000001358,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Cryptography") Handle(000000000000135C,"Event","") Handle(0000000000001360,"WaitCompletionPacket","") Handle(0000000000001364,"Event","") Handle(000000000000136C,"Token","") Handle(0000000000001370,"Semaphore","") Handle(0000000000001374,"Semaphore","") Handle(0000000000001378,"Semaphore","") Handle(000000000000137C,"Semaphore","") Handle(0000000000001380,"Semaphore","") Handle(0000000000001384,"Semaphore","") Handle(000000000000138C,"Semaphore","") Handle(0000000000001390,"Semaphore","") Handle(0000000000001394,"Token","") Handle(0000000000001398,"Event","") Handle(000000000000139C,"Process","") Handle(00000000000013A0,"Token","") Handle(00000000000013A4,"Token","") Handle(00000000000013A8,"Token","") Handle(00000000000013AC,"File","") Handle(00000000000013B4,"ALPC Port","") Handle(00000000000013B8,"ALPC Port","") Handle(00000000000013BC,"Semaphore","") Handle(00000000000013C0,"Semaphore","") Handle(00000000000013C4,"Semaphore","") Handle(00000000000013C8,"Process","") Handle(00000000000013CC,"Token","") Handle(00000000000013D4,"Event","") Handle(00000000000013D8,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config") Handle(00000000000013DC,"Semaphore","") Handle(00000000000013E0,"Semaphore","") Handle(00000000000013E4,"Semaphore","") Handle(00000000000013E8,"ALPC Port","") Handle(00000000000013EC,"Semaphore","") Handle(00000000000013F0,"WaitCompletionPacket","") Handle(00000000000013F4,"Semaphore","") Handle(00000000000013F8,"Process","") Handle(00000000000013FC,"Process","") Handle(0000000000001404,"Token","") Handle(000000000000140C,"Semaphore","") Handle(0000000000001410,"ALPC Port","") Handle(0000000000001414,"Semaphore","") Handle(0000000000001418,"ALPC Port","") Handle(0000000000001420,"Token","") Handle(0000000000001424,"WaitCompletionPacket","") Handle(0000000000001428,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config") Handle(000000000000142C,"Event","") Handle(0000000000001434,"Token","") Handle(0000000000001438,"ALPC Port","") Handle(000000000000143C,"Semaphore","") Handle(0000000000001440,"Semaphore","") Handle(0000000000001444,"Token","") Handle(0000000000001448,"Semaphore","") Handle(000000000000144C,"Event","") Handle(0000000000001450,"Event","") Handle(0000000000001454,"Semaphore","") Handle(0000000000001458,"Semaphore","") Handle(000000000000145C,"Event","") Handle(0000000000001460,"Semaphore","") Handle(0000000000001464,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate") Handle(0000000000001468,"Event","") Handle(000000000000146C,"WaitCompletionPacket","") Handle(0000000000001470,"Session","\KernelObjects\Session0") Handle(0000000000001474,"Token","") Handle(0000000000001478,"Semaphore","") Handle(000000000000147C,"Semaphore","") Handle(0000000000001480,"Token","") Handle(0000000000001484,"Semaphore","") Handle(0000000000001488,"File","") Handle(000000000000148C,"Token","") Handle(0000000000001490,"Semaphore","") Handle(0000000000001494,"Event","") Handle(0000000000001498,"Semaphore","") Handle(000000000000149C,"ALPC Port","") Handle(00000000000014A0,"Process","") Handle(00000000000014A4,"Event","") Handle(00000000000014A8,"Thread","") Handle(00000000000014AC,"File","") Handle(00000000000014B0,"File","") Handle(00000000000014B4,"File","") Handle(00000000000014B8,"File","") Handle(00000000000014BC,"File","") Handle(00000000000014C0,"File","") Handle(00000000000014C4,"File","") Handle(00000000000014C8,"File","") Handle(00000000000014D0,"ALPC Port","") Handle(00000000000014D4,"Semaphore","") Handle(00000000000014D8,"ALPC Port","") Handle(00000000000014DC,"Semaphore","") Handle(00000000000014E0,"ALPC Port","") Handle(00000000000014E4,"Token","") Handle(00000000000014E8,"Semaphore","") Handle(00000000000014EC,"ALPC Port","") Handle(00000000000014F0,"ALPC Port","") Handle(00000000000014F4,"ALPC Port","") Handle(00000000000014F8,"Semaphore","") Handle(00000000000014FC,"Semaphore","") Handle(0000000000001500,"Process","") Handle(0000000000001504,"Token","") Handle(0000000000001508,"ALPC Port","") Handle(000000000000150C,"Semaphore","") Handle(0000000000001510,"","") Handle(0000000000001514,"Semaphore","") Handle(0000000000001518,"ALPC Port","") Handle(000000000000151C,"Semaphore","") Handle(0000000000001520,"","") Handle(0000000000001524,"Token","") Handle(0000000000001528,"Event","") Handle(000000000000152C,"ALPC Port","") Handle(0000000000001534,"Event","") Handle(0000000000001538,"ALPC Port","") Handle(000000000000153C,"ALPC Port","") Handle(0000000000001540,"Semaphore","") Handle(0000000000001544,"Semaphore","") Handle(0000000000001548,"Process","") Handle(000000000000154C,"Process","") Handle(0000000000001554,"Token","") Handle(0000000000001558,"Semaphore","") Handle(000000000000155C,"Token","") Handle(0000000000001560,"Semaphore","") Handle(0000000000001564,"Semaphore","") Handle(0000000000001568,"Process","") Handle(000000000000156C,"Token","") Handle(0000000000001570,"Semaphore","") Handle(0000000000001574,"Semaphore","") Handle(0000000000001578,"Token","") Handle(000000000000157C,"ALPC Port","") Handle(0000000000001580,"Semaphore","") Handle(0000000000001584,"Semaphore","") Handle(0000000000001588,"Semaphore","") Handle(000000000000158C,"Process","") Handle(0000000000001590,"Semaphore","") Handle(0000000000001594,"ALPC Port","") Handle(0000000000001598,"Semaphore","") Handle(00000000000015A0,"Semaphore","") Handle(00000000000015A4,"ALPC Port","") Handle(00000000000015A8,"Semaphore","") Handle(00000000000015AC,"Semaphore","") Handle(00000000000015B0,"Semaphore","") Handle(00000000000015B4,"Token","") Handle(00000000000015B8,"Process","") Handle(00000000000015BC,"Semaphore","") Handle(00000000000015C0,"Semaphore","") Handle(00000000000015C4,"Semaphore","") Handle(00000000000015C8,"Token","") Handle(00000000000015CC,"Process","") Handle(00000000000015D0,"Process","") Handle(00000000000015D4,"Semaphore","") Handle(00000000000015D8,"Token","") Handle(00000000000015DC,"ALPC Port","") Handle(00000000000015E0,"Semaphore","") Handle(00000000000015E4,"Session","\KernelObjects\Session0") Handle(00000000000015E8,"Event","") Handle(00000000000015EC,"Semaphore","") Handle(00000000000015F0,"Process","") Handle(00000000000015F4,"ALPC Port","") Handle(00000000000015F8,"Token","") Handle(00000000000015FC,"Token","") Handle(0000000000001600,"Token","") Handle(0000000000001604,"Session","\KernelObjects\Session0") Handle(0000000000001608,"Token","") Handle(000000000000160C,"Process","") Handle(0000000000001610,"Semaphore","") Handle(0000000000001614,"Semaphore","") Handle(0000000000001618,"ALPC Port","") Handle(000000000000161C,"Semaphore","") Handle(0000000000001620,"WaitCompletionPacket","") Handle(0000000000001624,"Semaphore","") Handle(0000000000001628,"Process","") Handle(000000000000162C,"Semaphore","") Handle(0000000000001630,"Semaphore","") Handle(0000000000001634,"Semaphore","") Handle(0000000000001638,"Token","") Handle(000000000000163C,"Semaphore","") Handle(0000000000001640,"ALPC Port","") Handle(0000000000001648,"ALPC Port","") Handle(000000000000164C,"Event","") Handle(0000000000001650,"Semaphore","") Handle(0000000000001654,"","") Handle(0000000000001658,"","") Handle(000000000000165C,"Process","") Handle(0000000000001660,"ALPC Port","") Handle(0000000000001664,"ALPC Port","") Handle(0000000000001668,"Process","") Handle(000000000000166C,"Semaphore","") Handle(0000000000001670,"Semaphore","") Handle(0000000000001674,"Process","") Handle(0000000000001678,"Token","") Handle(000000000000167C,"ALPC Port","") Handle(0000000000001680,"ALPC Port","") Handle(0000000000001684,"ALPC Port","") Handle(0000000000001688,"Semaphore","") Handle(000000000000168C,"Process","") Handle(0000000000001690,"Semaphore","") Handle(0000000000001694,"Semaphore","") Handle(0000000000001698,"Process","") Handle(000000000000169C,"ALPC Port","") Handle(00000000000016A0,"Token","") Handle(00000000000016A4,"ALPC Port","") Handle(00000000000016A8,"ALPC Port","") Handle(00000000000016AC,"Semaphore","") Handle(00000000000016B0,"Semaphore","") Handle(00000000000016B4,"Process","") Handle(00000000000016B8,"Token","") Handle(00000000000016BC,"Token","") Handle(00000000000016C0,"ALPC Port","") Handle(00000000000016C4,"Token","") Handle(00000000000016C8,"Semaphore","") Handle(00000000000016CC,"Token","") Handle(00000000000016D0,"ALPC Port","") Handle(00000000000016D4,"ALPC Port","") Handle(00000000000016D8,"ALPC Port","") Handle(00000000000016DC,"ALPC Port","") Handle(00000000000016E0,"Token","") Handle(00000000000016E4,"Process","") Handle(00000000000016E8,"Semaphore","") Handle(00000000000016EC,"Token","") Handle(00000000000016F8,"ALPC Port","") Handle(00000000000016FC,"ALPC Port","") Handle(0000000000001700,"Process","") Handle(0000000000001704,"Token","") Handle(000000000000170C,"ALPC Port","") Handle(0000000000001710,"Semaphore","") Handle(0000000000001714,"Semaphore","") Handle(0000000000001718,"Process","") Handle(000000000000171C,"ALPC Port","") Handle(0000000000001720,"ALPC Port","") Handle(0000000000001724,"Semaphore","") Handle(0000000000001728,"Semaphore","") Handle(000000000000172C,"Semaphore","") Handle(0000000000001730,"ALPC Port","") Handle(0000000000001738,"Process","") Handle(000000000000173C,"ALPC Port","") Handle(0000000000001740,"Semaphore","") Handle(0000000000001744,"ALPC Port","") Handle(0000000000001748,"ALPC Port","") Handle(000000000000174C,"ALPC Port","") Handle(0000000000001750,"ALPC Port","") Handle(0000000000001754,"File","") Handle(0000000000001758,"Semaphore","") Handle(000000000000175C,"Semaphore","") Handle(0000000000001760,"Process","") Handle(0000000000001764,"Semaphore","") Handle(0000000000001768,"Semaphore","") Handle(000000000000176C,"File","") Handle(0000000000001770,"Token","") Handle(0000000000001774,"Process","") Handle(0000000000001778,"Semaphore","") Handle(000000000000177C,"Semaphore","") Handle(0000000000001780,"File","") Handle(0000000000001784,"File","") Handle(0000000000001788,"Event","") Handle(000000000000178C,"Thread","") Handle(0000000000001790,"Semaphore","") Handle(0000000000001794,"File","") Handle(0000000000001798,"Token","") Handle(000000000000179C,"ALPC Port","") Handle(00000000000017A0,"Token","") Handle(00000000000017A4,"Token","") Handle(00000000000017AC,"Token","") Handle(00000000000017B0,"ALPC Port","") Handle(00000000000017B4,"ALPC Port","") Handle(00000000000017B8,"Semaphore","") Handle(00000000000017BC,"Token","") Handle(00000000000017C0,"Token","") Handle(00000000000017C4,"Semaphore","") Handle(00000000000017C8,"ALPC Port","") Handle(00000000000017CC,"Semaphore","") Handle(00000000000017D0,"Semaphore","") Handle(00000000000017D4,"ALPC Port","") Handle(00000000000017DC,"Semaphore","") Handle(00000000000017E0,"Token","") Handle(00000000000017E4,"Session","\KernelObjects\Session0") Handle(00000000000017E8,"Semaphore","") Handle(00000000000017EC,"Semaphore","") Handle(00000000000017F0,"Semaphore","") Handle(00000000000017F8,"Semaphore","") Handle(00000000000017FC,"ALPC Port","") Handle(0000000000001804,"ALPC Port","") Handle(0000000000001808,"Token","") Handle(000000000000180C,"ALPC Port","") Handle(0000000000001810,"ALPC Port","") Handle(0000000000001818,"ALPC Port","") Handle(000000000000181C,"ALPC Port","") Handle(0000000000001820,"ALPC Port","") Handle(0000000000001824,"ALPC Port","") Handle(0000000000001828,"Semaphore","") Handle(000000000000182C,"Semaphore","") Handle(0000000000001830,"Session","\KernelObjects\Session0") Handle(0000000000001834,"ALPC Port","") Handle(0000000000001838,"Process","") Handle(000000000000183C,"ALPC Port","") Handle(0000000000001840,"ALPC Port","") Handle(0000000000001844,"Semaphore","") Handle(0000000000001848,"Semaphore","") Handle(000000000000184C,"Process","") Handle(0000000000001850,"ALPC Port","") Handle(0000000000001854,"Process","") Handle(0000000000001858,"Semaphore","") Handle(000000000000185C,"ALPC Port","") Handle(0000000000001860,"","") Handle(0000000000001864,"Event","") Handle(0000000000001868,"Session","\KernelObjects\Session0") Handle(0000000000001870,"WaitCompletionPacket","") Handle(0000000000001874,"Semaphore","") Handle(0000000000001878,"ALPC Port","") Handle(000000000000187C,"Session","\KernelObjects\Session0") Handle(0000000000001880,"Semaphore","") Handle(0000000000001884,"Event","") Handle(000000000000188C,"Semaphore","") Handle(0000000000001890,"Semaphore","") Handle(0000000000001894,"Semaphore","") Handle(0000000000001898,"Process","") Handle(000000000000189C,"Semaphore","") Handle(00000000000018A4,"ALPC Port","") Handle(00000000000018A8,"Semaphore","") Handle(00000000000018AC,"ALPC Port","") Handle(00000000000018B0,"ALPC Port","") Handle(00000000000018B4,"ALPC Port","") Handle(00000000000018B8,"ALPC Port","") Handle(00000000000018C0,"Semaphore","") Handle(00000000000018C4,"Session","\KernelObjects\Session0") Handle(00000000000018C8,"Semaphore","") Handle(00000000000018CC,"Session","\KernelObjects\Session0") Handle(00000000000018D0,"Process","") Handle(00000000000018DC,"Semaphore","") Handle(00000000000018EC,"ALPC Port","") Handle(00000000000018F0,"Semaphore","") Handle(00000000000018F8,"ALPC Port","") Handle(00000000000018FC,"ALPC Port","") Handle(0000000000001900,"Semaphore","") Handle(0000000000001904,"Semaphore","") Handle(0000000000001908,"Process","") Handle(000000000000190C,"ALPC Port","") Handle(0000000000001914,"Process","") Handle(0000000000001918,"ALPC Port","") Handle(0000000000001920,"ALPC Port","") Handle(0000000000001924,"ALPC Port","") Handle(0000000000001928,"Semaphore","") Handle(0000000000001940,"ALPC Port","") Handle(0000000000001950,"Semaphore","") Handle(0000000000001954,"Semaphore","") Handle(0000000000001958,"Token","") Handle(000000000000195C,"Semaphore","") Handle(0000000000001960,"Semaphore","") Handle(0000000000001964,"Token","") Handle(0000000000001968,"Semaphore","") Handle(000000000000196C,"Semaphore","") Handle(0000000000001970,"Token","") Handle(0000000000001974,"Semaphore","") Handle(0000000000001978,"Semaphore","") Handle(000000000000197C,"Token","") Handle(0000000000001980,"Semaphore","") Handle(0000000000001984,"Semaphore","") Handle(0000000000001988,"Token","") Handle(000000000000198C,"Semaphore","") Handle(0000000000001990,"Semaphore","") Handle(0000000000001994,"Semaphore","") Handle(00000000000019A4,"Semaphore","") Handle(00000000000019AC,"File","") Stream 11: type SystemMemoryInfoStream (21), size 000001EC, RVA 000034F8 Revision : 1 Flags : 0xf BasicInfo TimerResolution : 156,250 PageSize : 0x1000 NumberOfPhysicalPages : 4,190,077 LowestPhysicalPageNumber : 0x1 HighestPhysicalPageNumber : 0x43efff AllocationGranularity : 0x10000 MinimumUserModeAddress : 0x10000 MaximumUserModeAddress : 0x7ffffffeffff ActiveProcessorsAffinityMask : 0xff NumberOfProcessors : 8 FileCacheInfo CurrentSize : 194,805,760 PeakSize : 222,613,504 PageFaultCount : 557,289 MinimumWorkingSet : 0x100 MaximumWorkingSet : 0x100000000 CurrentSizeIncludingTransitionInPages : 357,423 PeakSizeIncludingTransitionInPages : 357,423 TransitionRePurposeCount : 0 Flags : 0 BasicPerfInfo AvailablePages : 3,050,856 CommittedPages : 1,403,054 CommitLimit : 4,812,669 PeakCommitment : 1,405,341 PerfInfo IdleProcessTime : 12,757,812,500 IoReadTransferCount : 2,025,223,508 IoWriteTransferCount : 72,797,013 IoOtherTransferCount : 101,143,204 IoReadOperationCount : 300,520 IoWriteOperationCount : 51,934 IoOtherOperationCount : 1,029,093 AvailablePages : 3,050,856 CommittedPages : 1,403,054 CommitLimit : 4,812,669 PeakCommitment : 1,405,341 CommitLimit : 4,812,669 PageFaultCount : 4,200,850 CopyOnWriteCount : 64,832 TransitionCount : 1,072,837 CacheTransitionCount : 0 DemandZeroCount : 2,600,073 PageReadCount : 454,475 PageReadIoCount : 96,181 CacheReadCount : 0 CacheIoCount : 0 DirtyPagesWriteCount : 0 DirtyWriteIoCount : 0 MappedPagesWriteCount : 0 MappedWriteIoCount : 0 PagedPoolPages : 31,086 NonPagedPoolPages : 32,636 PagedPoolAllocs : 0 PagedPoolFrees : 0 NonPagedPoolAllocs : 0 NonPagedPoolFrees : 0 FreeSystemPtes : 12,292,039 ResidentSystemCodePage : 0 TotalSystemDriverPages : 3,578 TotalSystemCodePages : 0 NonPagedPoolLookasideHits : 0 PagedPoolLookasideHits : 0 AvailablePagedPoolPages : 4,884,110 ResidentSystemCachePage : 47,560 ResidentPagedPoolPage : 29,704 ResidentSystemDriverPage : 2,197 CcFastReadNoWait : 0 CcFastReadWait : 288,066 CcFastReadResourceMiss : 0 CcFastReadNotPossible : 0 CcFastMdlReadNoWait : 0 CcFastMdlReadWait : 0 CcFastMdlReadResourceMiss : 0 CcFastMdlReadNotPossible : 0 CcMapDataNoWait : 0 CcMapDataWait : 766,111 CcMapDataNoWaitMiss : 0 CcMapDataWaitMiss : 31,198 CcPinMappedDataCount : 29,612 CcPinReadNoWait : 1 CcPinReadWait : 7,948 CcPinReadNoWaitMiss : 0 CcPinReadWaitMiss : 128 CcCopyReadNoWait : 177 CcCopyReadWait : 297,080 CcCopyReadNoWaitMiss : 94 CcCopyReadWaitMiss : 29,420 CcMdlReadNoWait : 0 CcMdlReadWait : 193 CcMdlReadNoWaitMiss : 0 CcMdlReadWaitMiss : 0 CcReadAheadIos : 171,796 CcLazyWriteIos : 1,032 CcLazyWritePages : 4,246 CcDataFlushes : 4,804 CcDataPages : 13,630 ContextSwitches : 2,096,944 FirstLevelTbFills : 0 SecondLevelTbFills : 0 SystemCalls : 18,787,839 CcTotalDirtyPages : 2,406 CcDirtyPageThreshold : 1,617,563 ResidentAvailablePages : 4,024,831 SharedCommittedPages : 32,458 Stream 12: type ProcessVmCountersStream (22), size 00000098, RVA 000036E4 Revision : 2 Process Counters PageFaultCount : 7,415 PeakWorkingSetSize : 0x166d000 WorkingSetSize : 0x166c000 QuotaPeakPagedPoolUsage : 0x24a28 QuotaPagedPoolUsage : 0x23750 QuotaPeakNonPagedPoolUsage : 0x10a80 QuotaNonPagedPoolUsage : 0x8900 PagefileUsage : 0x8fe000 PeakPagefileUsage : 0x8fe000 PeakVirtualSize : 0x20106586000 VirtualSize : 0x201062b8000 PrivateUsage : 0x8fe000 PrivateWorkingSetSize : 0x866000 SharedCommitUsage : 0x6d000 Job Counters JobSharedCommitUsage : 0 JobPrivateCommitUsage : 0 JobPeakPrivateCommitUsage : 0 JobPrivateCommitLimit : 0 JobTotalCommitLimit : 0 Stream 13: type CommentStreamW (11), size 0000012E, RVA 0000A3BD ' *** "U:\Downloads\procdump64.exe" -accepteula -mp lsass.exe c:\lsa-dumps\lsass01.dmp -e 1 -n 20 *** First chance exception: C0000005.ACCESS_VIOLATION' Stream 14: type UnusedStream (0), size 00000000, RVA 00000000 Stream 15: type UnusedStream (0), size 00000000, RVA 00000000 Stream 16: type UnusedStream (0), size 00000000, RVA 00000000 Stream 17: type UnusedStream (0), size 00000000, RVA 00000000 Stream 18: type UnusedStream (0), size 00000000, RVA 00000000 Windows 10 Version 17763 MP (8 procs) Free x64 Product: Server, suite: TerminalServer SingleUserTS Edition build lab: 17763.1.amd64fre.rs5_release.180914-1434 Debug session time: Thu May 30 11:26:25.000 2024 (UTC + 2:00) System Uptime: not available Process Uptime: 0 days 0:03:04.000 Kernel time: 0 days 0:00:00.000 User time: 0 days 0:00:00.000 PEB at 000000fe6fd43000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: Yes ImageBaseAddress: 00007ff653740000 NtGlobalFlag: 0 NtGlobalFlag2: 0 Ldr 00007ffb098c53c0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000001fe88fb24b0 . 000001fe8a25af10 Ldr.InLoadOrderModuleList: 000001fe88fb2620 . 000001fe8a25aef0 Ldr.InMemoryOrderModuleList: 000001fe88fb2630 . 000001fe8a25af00 Base TimeStamp Module 7ff653740000 cda34c13 Apr 29 23:58:43 2079 C:\Windows\system32\lsass.exe 7ffb09760000 fb111856 Jun 25 09:59:18 2103 C:\Windows\SYSTEM32\ntdll.dll 7ffb08db0000 6794ffe1 Jan 25 16:14:41 2025 C:\Windows\System32\KERNEL32.DLL 7ffb05ac0000 af5c8902 Mar 25 21:39:46 2063 C:\Windows\System32\KERNELBASE.dll 7ffb093b0000 e9d9ddeb Apr 29 10:50:51 2094 C:\Windows\System32\RPCRT4.dll 7ffb05300000 8e1e4461 Jul 22 16:57:37 2045 C:\Windows\system32\lsasrv.dll 7ffb08b70000 f362c2f9 May 24 21:58:49 2099 C:\Windows\System32\msvcrt.dll 7ffb094d0000 62949a01 May 30 12:18:41 2022 C:\Windows\System32\WS2_32.dll 7ffb05610000 7aa10efe Mar 13 06:11:26 2035 C:\Windows\system32\SspiCli.dll 7ffb08210000 1587400f Jun 12 11:14:55 1981 C:\Windows\System32\sechost.dll 7ffb06860000 b9ef855b Nov 07 03:50:03 2068 C:\Windows\System32\bcrypt.dll 7ffb085f0000 3a7a5fce Feb 02 08:20:46 2001 C:\Windows\System32\WLDAP32.dll 7ffb05960000 48ac8393 Aug 20 22:50:27 2008 C:\Windows\System32\ucrtbase.dll 7ffb05730000 df1ac373 Aug 11 16:32:19 2088 C:\Windows\System32\MSASN1.dll 7ffb05200000 b88d5882 Feb 12 12:16:18 2068 C:\Windows\SYSTEM32\samsrv.dll 7ffb05d60000 55f0c90e Sep 10 02:04:30 2015 C:\Windows\System32\CRYPT32.dll 7ffb051d0000 3e6e2fc9 Mar 11 19:49:45 2003 C:\Windows\system32\ncrypt.dll 7ffb05190000 6f58dff3 Mar 13 12:24:35 2029 C:\Windows\system32\NTASN1.dll 7ffb05160000 6297d356 Jun 01 23:00:06 2022 C:\Windows\system32\Wldp.dll 7ffb082c0000 e64b4fc6 Jun 07 18:41:42 2092 C:\Windows\System32\combase.dll 7ffb058d0000 c310ed30 Sep 15 04:00:16 2073 C:\Windows\System32\bcryptPrimitives.dll 7ffb05a60000 96b900ee Feb 17 11:33:18 2050 C:\Windows\System32\WINTRUST.dll 7ffb06a50000 4c3f3958 Jul 15 18:37:44 2010 C:\Windows\System32\OLEAUT32.dll 7ffb068e0000 448f33c2 Jun 13 23:53:06 2006 C:\Windows\System32\msvcp_win.dll 1fe890f0000 72d1a356 Jan 16 15:51:02 2031 C:\Windows\system32\msprivs.DLL 7ffb05140000 70dd05fe Jan 01 22:26:22 2030 C:\Windows\SYSTEM32\netprovfw.dll 7ffb05110000 b8f305b2 Apr 29 16:14:10 2068 C:\Windows\system32\JOINUTIL.DLL 7ffb050e0000 77510857 Jun 08 01:20:55 2033 C:\Windows\system32\negoexts.DLL 7ffb058b0000 c4976510 Jul 08 08:15:44 2074 C:\Windows\System32\CRYPTSP.dll 7ffb050d0000 210d2d73 Jul 29 01:02:11 1987 C:\Windows\system32\CRYPTBASE.dll 7ffb04fc0000 916a6f0e Apr 24 00:32:46 2047 C:\Windows\system32\kerberos.DLL 7ffb04f90000 df9e7c35 Nov 19 13:27:33 2088 C:\Windows\system32\KerbClientShared.dll 7ffb04f70000 aa991933 Sep 11 22:29:39 2060 C:\Windows\system32\cryptdll.dll 7ffb04f00000 72315049 Sep 17 02:14:01 2030 C:\Windows\system32\mswsock.dll 7ffb04e80000 04653da7 May 03 14:23:03 1972 C:\Windows\system32\msv1_0.DLL 7ffb04e70000 f5e8db6c Sep 26 23:47:24 2100 C:\Windows\system32\NtlmShared.dll 7ffb08e80000 1e5a630d Feb 20 00:34:37 1986 C:\Windows\System32\advapi32.dll 7ffb04d80000 cae8ffd1 Nov 16 06:51:13 2077 C:\Windows\system32\netlogon.DLL 7ffb05780000 8941f3e3 Dec 21 19:54:27 2042 C:\Windows\System32\powrprof.dll 7ffb05640000 5ed587f2 Jun 02 00:57:54 2020 C:\Windows\system32\USERENV.dll 7ffb05750000 a5322be2 Oct 28 22:04:34 2057 C:\Windows\System32\profapi.dll 7ffb04d70000 4caec546 Oct 08 09:16:22 2010 C:\Windows\system32\gmsaclient.dll 7ffb04d20000 b78a438b Jul 31 00:49:47 2067 C:\Windows\system32\logoncli.dll 7ffb04d10000 a7c61208 Mar 13 11:10:16 2059 C:\Windows\system32\netutils.dll 7ffb04c40000 1d050018 Jun 06 02:49:28 1985 C:\Windows\system32\DNSAPI.dll 7ffb08200000 d1d5626a Jul 22 17:08:26 2081 C:\Windows\System32\NSI.dll 7ffb04c00000 a82bcfd6 May 29 16:19:02 2059 C:\Windows\SYSTEM32\IPHLPAPI.DLL 7ffb04bd0000 7ae99d5d May 07 08:02:05 2035 C:\Windows\system32\tspkg.DLL 7ffb04b80000 c59d7209 Jan 23 01:44:57 2075 C:\Windows\system32\pku2u.DLL 7ffb04b00000 26d7a762 Aug 26 12:41:38 1990 C:\Windows\system32\cloudAP.DLL 7ffb04ab0000 a05fb911 Apr 06 14:37:37 2055 C:\Windows\SYSTEM32\MicrosoftAccountCloudAP.dll 7ffb05500000 8735b5a3 Nov 19 04:21:07 2041 C:\Windows\SYSTEM32\DPAPI.DLL 7ffb04a70000 4c770ac1 Aug 27 02:45:53 2010 C:\Windows\system32\rsaenh.dll 7ffb04a20000 cf0d8ff6 Jan 29 17:48:54 2080 C:\Windows\system32\wdigest.DLL 7ffb04990000 60ca7d33 Jun 17 00:37:39 2021 C:\Windows\system32\schannel.DLL 7ffb04970000 132a31c9 Mar 10 11:32:41 1980 C:\Windows\system32\efslsaext.dll 7ffb06980000 6d28fbf1 Jan 13 19:54:41 2028 C:\Windows\System32\shcore.dll 7ffb04930000 5c735aa9 Feb 25 04:02:01 2019 C:\Windows\system32\dpapisrv.dll 7ffb04920000 c9a01a51 Mar 11 19:28:33 2077 C:\Windows\SYSTEM32\SspiSrv.dll 7ffb04880000 b4dc8f44 Feb 25 20:57:56 2066 C:\Windows\system32\KDCPW.DLL 7ffb04820000 0d700e80 Feb 22 09:19:12 1977 C:\Windows\system32\rassfm.DLL 7ffb047c0000 7d047e4c Jun 19 02:01:16 2036 C:\Windows\system32\scecli.DLL 7ffb04740000 edaf1d16 May 12 17:53:58 2096 C:\Windows\SYSTEM32\laps.dll 7ffb04710000 2342cf79 Sep 30 02:04:09 1988 C:\Windows\system32\srvcli.dll 7ffb055b0000 d1e21847 Aug 01 08:31:35 2081 C:\Windows\SYSTEM32\winsta.dll 7ffb04650000 159dfcb4 Jun 29 17:09:40 1981 C:\Windows\system32\dsreg.dll 7ffb045c0000 d4b73854 Feb 02 08:01:40 2083 C:\Windows\system32\msvcp110_win.dll 7ffb04590000 eb528359 Feb 09 02:28:57 2095 C:\Windows\SYSTEM32\gpapi.dll 7ffafba90000 33ea9baa Aug 08 06:08:10 1997 C:\Windows\SYSTEM32\secur32.dll 7ffb04830000 085dbf71 Jun 13 15:19:45 1974 C:\Windows\system32\AUTHZ.dll 7ffaff8e0000 389781ac Feb 02 02:00:28 2000 C:\Windows\System32\rasadhlp.dll 7ffb02590000 7899ac3a Feb 12 07:03:38 2034 C:\Windows\System32\fwpuclnt.dll 7ffafeb50000 bf63185f Oct 01 18:29:19 2071 C:\Windows\system32\DSPARSE.dll 7ffaf6740000 3e00fc58 Dec 18 23:53:12 2002 C:\Windows\SYSTEM32\winbrand.dll 7ffafbaa0000 40893de8 Apr 23 18:01:44 2004 C:\Windows\SYSTEM32\ntdsapi.dll 7ffaf3ee0000 de0cb437 Jan 19 19:15:19 2088 C:\Windows\system32\ncryptsslp.dll 7ffaf3e60000 b999fef9 Sep 03 07:54:01 2068 C:\Windows\system32\ncryptprov.dll 7ffaf2f00000 2b549223 Jan 13 23:05:23 1993 C:\Windows\system32\dssenh.dll 7ffaf3a90000 c6201f7d May 02 05:39:41 2075 C:\Windows\SYSTEM32\mskeyprotect.dll 7ffaf24c0000 22809471 May 05 18:12:33 1988 C:\Windows\System32\SecureTimeAggregator.dll 7ffb036d0000 5b81fd8a Aug 26 03:08:26 2018 C:\Windows\system32\DSROLE.dll 7ffaf5ae0000 06267df0 Apr 09 08:45:04 1973 C:\Windows\System32\cryptnet.dll 7ffb05710000 be88784d Apr 18 22:32:13 2071 C:\Windows\System32\kernel.appcore.dll 7ffb023f0000 d0420679 Sep 19 18:12:41 2080 C:\Windows\SYSTEM32\wevtapi.dll 7ffae4f50000 f06fb443 Oct 29 03:34:43 2097 C:\Windows\system32\keyiso.dll 7ffaf66d0000 696e6b80 Jan 19 18:36:00 2026 C:\Windows\system32\MPR.dll SubSystemData: 0000000000000000 ProcessHeap: 000001fe88fb0000 ProcessParameters: 000001fe88fb1c60 CurrentDirectory: 'C:\Windows\system32\' WindowTitle: 'C:\Windows\system32\lsass.exe' ImageFile: 'C:\Windows\system32\lsass.exe' CommandLine: 'C:\Windows\system32\lsass.exe' DllPath: '< Name not readable >' Environment: 000001fe88fb0fe0 ALLUSERSPROFILE=C:\ProgramData B1SAPHOSTED=TRUE B1USERSTORAGE=U:\ ChocolateyInstall=C:\ProgramData\chocolatey CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=SLD03 ComSpec=C:\Windows\system32\cmd.exe DEFLOGDIR=C:\ProgramData\McAfee\Endpoint Security\Logs DriverData=C:\Windows\System32\Drivers\DriverData HDBADONET=C:\Program Files\SAP\hdbclient\ado.net\ HDBDOTNETCORE=C:\Program Files\SAP\hdbclient\dotnetcore NUMBER_OF_PROCESSORS=8 OS=Windows_NT Path=C:\Windows\System32 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.PYW PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 85 Stepping 7, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=5507 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=%ProgramFiles%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules PUBLIC=C:\Users\Public RANDFILE=C:\NTP\etc\.rnd SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Windows\TEMP TMP=C:\Windows\TEMP USERNAME=SYSTEM USERPROFILE=C:\Windows\system32\config\systemprofile windir=C:\Windows Finished dump check