$ python Volatility/vol.py -f xxxx.raw --profile=Win7SP1x64 --dtb=0x187000 pslist Volatility Foundation Volatility Framework 2.3.1 Offset(V) Name PID PPID Thds Hnds Sess Wow64 Start Exit ------------------ -------------------- ------ ------ ------ -------- ------ ------ ------------------------------ ------------------------------ 0xfffffa8003866040 0 69...4 0 -------- ------ 0 $ python Volatility/vol.py -f xxxx.raw --profile=Win7SP1x64 --dtb=0x187000 psscan Offset(P) Name PID PPID PDB Time created Time exited ------------------ ---------------- ------ ------ ------------------ ------------------------------ ------------------------------ 0x00000000001ddb30 cmd.exe 1328 6856 0x00000000af93a000 2013-10-23 09:37:21 UTC+0000 2013-10-23 09:37:21 UTC+0000 0x00000000031f99e0 cmd.exe 12996 6856 0x000000006aefc000 2013-10-24 17:06:20 UTC+0000 2013-10-24 17:06:20 UTC+0000 0x000000003a82d9e0 cmd.exe 12996 6856 0x000000006aefc000 2013-10-24 17:06:20 UTC+0000 2013-10-24 17:06:20 UTC+0000 0x0000000074bc0b30 cmd.exe 1328 6856 0x00000000af93a000 2013-10-23 09:37:21 UTC+0000 2013-10-23 09:37:21 UTC+0000 0x0000000097ef19e0 cmd.exe 12996 6856 0x000000006aefc000 2013-10-24 17:06:20 UTC+0000 2013-10-24 17:06:20 UTC+0000 0x00000000cc0d99e0 cmd.exe 12996 6856 0x000000006aefc000 2013-10-24 17:06:20 UTC+0000 2013-10-24 17:06:20 UTC+0000 0x000000010414d688 cmd.exe 8968 3076 0x000000009e6c9000 2013-10-18 05:48:32 UTC+0000 2013-10-18 05:48:32 UTC+0000 0x000000010b8bf270 cmd.exe 8968 3076 0x000000009e6c9000 2013-10-18 05:48:32 UTC+0000 2013-10-18 05:48:32 UTC+0000 0x0000000111ba7588 cmd.exe 8968 3076 0x000000009e6c9000 2013-10-18 05:48:32 UTC+0000 2013-10-18 05:48:32 UTC+0000 0x0000000117a0e9e0 cmd.exe 12996 6856 0x000000006aefc000 2013-10-24 17:06:20 UTC+0000 2013-10-24 17:06:20 UTC+0000 0x00000001251c7060 cmd.exe 1236 6856 0x0000000032a0d000 2013-10-23 04:32:20 UTC+0000 2013-10-23 04:32:22 UTC+0000 0x00000001251cc190 cmd.exe 10804 6856 0x00000000cc5b5000 2013-10-29 06:49:43 UTC+0000 2013-10-29 06:49:46 UTC+0000 0x00000001252fbb30 cmd.exe 7628 6856 0x0000000078f7b000 2013-10-30 17:23:43 UTC+0000 2013-10-30 17:23:46 UTC+0000 0x00000001253a5060 svchost.exe 3128 448 0x000000004cfec000 2013-10-11 13:04:52 UTC+0000 0x00000001253b1b30 atieclxx.exe 2068 756 0x000000004f9f1000 2013-10-11 13:04:51 UTC+0000 0x0000000125503b30 svchost.exe 2864 448 0x0000000035806000 2013-10-11 13:04:33 UTC+0000 0x000000012551fb30 cmd.exe 8000 3076 0x00000000636db000 2013-10-21 00:53:32 UTC+0000 2013-10-21 00:53:33 UTC+0000 0x0000000125540b30 cmd.exe 10516 6856 0x0000000093360000 2013-10-23 08:36:20 UTC+0000 2013-10-23 08:36:21 UTC+0000 0x000000012556c4b0 Foxit Updater. 2224 2128 0x000000001e7b9000 2013-10-22 15:51:26 UTC+0000 2013-10-31 14:22:15 UTC+0000 0x00000001255b81b0 cmd.exe 7960 3076 0x000000003db7d000 2013-10-17 21:40:32 UTC+0000 2013-10-17 21:40:32 UTC+0000 0x00000001255bba60 cmd.exe 11652 6856 0x000000006e74b000 2013-10-23 23:49:20 UTC+0000 2013-10-23 23:49:21 UTC+0000 0x00000001255cf8a0 cmd.exe 13276 6856 0x00000000b4cca000 2013-10-25 11:23:34 UTC+0000 2013-10-25 11:23:35 UTC+0000 0x0000000125631620 cmd.exe 12496 6856 0x000000007515d000 2013-10-27 10:07:43 UTC+0000 2013-10-27 10:07:44 UTC+0000 0x000000012571e1c0 cmd.exe 1308 6856 0x0000000098759000 2013-10-22 23:27:20 UTC+0000 2013-10-22 23:27:20 UTC+0000 0x0000000125731b30 CcmExec.exe 2144 448 0x000000003c412000 2013-10-11 13:04:29 UTC+0000 0x000000012578cb30 cmd.exe 8284 6856 0x0000000034c7e000 2013-10-29 08:51:43 UTC+0000 2013-10-29 08:51:44 UTC+0000 0x00000001257c1b30 cmd.exe 15544 6856 0x0000000062366000 2013-10-31 05:34:43 UTC+0000 2013-10-31 05:34:44 UTC+0000 0x00000001257eab30 cmd.exe 8188 3076 0x0000000017458000 2013-10-17 20:38:32 UTC+0000 2013-10-17 20:38:34 UTC+0000 0x00000001258cf660 cmd.exe 1468 3076 0x00000000bd156000 2013-10-17 10:29:32 UTC+0000 2013-10-17 10:29:34 UTC+0000 0x000000012593e4d0 svchost.exe 1660 448 0x0000000066a21000 2013-10-11 13:04:27 UTC+0000 0x0000000125946b30 cmd.exe 9820 3076 0x0000000112b5a000 2013-10-20 12:40:32 UTC+0000 2013-10-20 12:40:34 UTC+0000 0x000000012595e060 svchost.exe 1720 448 0x0000000068d6a000 2013-10-11 13:04:27 UTC+0000 0x000000012599cb30 cmd.exe 6520 3076 0x00000000bfcf4000 2013-10-19 10:15:32 UTC+0000 2013-10-19 10:15:32 UTC+0000 0x00000001259a3060 WmiPrvSE.exe 2212 632 0x0000000026a04000 2013-10-11 13:04:48 UTC+0000 0x0000000125a37060 ALsvc.exe 1980 448 0x00000000622a3000 2013-10-11 13:04:28 UTC+0000 0x0000000125a9f060 cmd.exe 11696 6856 0x0000000021285000 2013-10-25 04:16:34 UTC+0000 2013-10-25 04:16:34 UTC+0000 0x0000000125abb740 svchost.exe 1152 448 0x00000000626f6000 2013-10-11 13:04:29 UTC+0000 0x0000000125b25470 cmd.exe 14212 6856 0x000000006956b000 2013-10-28 05:26:43 UTC+0000 2013-10-28 05:26:45 UTC+0000 0x0000000125b445b0 svchost.exe 1776 448 0x0000000067f34000 2013-10-11 13:04:27 UTC+0000 0x0000000125b6f960 cmd.exe 12708 6856 0x000000002e185000 2013-10-23 18:44:20 UTC+0000 2013-10-23 18:44:20 UTC+0000 0x0000000125be4320 chrome.exe 10244 12964 0x0000000079d60000 2013-10-28 21:03:04 UTC+0000 2013-10-31 14:22:07 UTC+0000 0x0000000125bf1060 cmd.exe 10140 3076 0x000000010ad60000 2013-10-19 09:13:32 UTC+0000 2013-10-19 09:13:35 UTC+0000 0x0000000125c1a060 SAVAdminServic 12256 448 0x0000000025102000 2013-10-21 15:11:56 UTC+0000 0x0000000125c23670 svchost.exe 1404 448 0x0000000046fd8000 2013-10-11 13:04:26 UTC+0000 0x0000000125c673d0 taskhost.exe 4956 448 0x00000000b72cf000 2013-10-31 05:05:24 UTC+0000 2013-10-31 05:05:37 UTC+0000 0x0000000125ca8060 spoolsv.exe 1512 448 0x000000006b0ee000 2013-10-11 13:04:27 UTC+0000 0x0000000125cb1060 cmd.exe 12396 6856 0x000000001e7cc000 2013-10-24 13:02:20 UTC+0000 2013-10-24 13:02:21 UTC+0000 0x0000000125d25060 cmd.exe 9288 3076 0x0000000091dcb000 2013-10-19 21:26:32 UTC+0000 2013-10-19 21:26:32 UTC+0000 0x0000000125d39600 cmd.exe 5336 6856 0x00000000027de000 2013-10-26 07:42:43 UTC+0000 2013-10-26 07:42:44 UTC+0000 0x0000000125d3d960 cmd.exe 6788 3076 0x000000003516e000 2013-10-18 02:44:31 UTC+0000 2013-10-18 02:44:31 UTC+0000 0x0000000125d4eb30 cmd.exe 3136 3076 0x000000011c351000 2013-10-18 03:45:31 UTC+0000 2013-10-18 03:45:32 UTC+0000 0x0000000125d69610 RouterNT.exe 2036 448 0x000000005fba1000 2013-10-11 13:04:28 UTC+0000 0x0000000125da7b30 cmd.exe 7200 3076 0x000000008fe13000 2013-10-21 06:57:31 UTC+0000 2013-10-21 06:57:35 UTC+0000 0x0000000125dc1b30 cmd.exe 8612 6856 0x0000000072f0c000 2013-10-26 10:45:43 UTC+0000 2013-10-26 10:45:44 UTC+0000 0x0000000125df35f0 cmd.exe 12868 6856 0x0000000000ceb000 2013-10-26 19:53:43 UTC+0000 2013-10-26 19:53:44 UTC+0000 0x0000000125dfeb30 cmd.exe 3184 6856 0x0000000112939000 2013-10-26 06:41:44 UTC+0000 2013-10-26 06:41:45 UTC+0000 0x0000000125e25b30 cmd.exe 10580 3076 0x000000008c9a9000 2013-10-20 17:46:32 UTC+0000 2013-10-20 17:46:33 UTC+0000 0x0000000125e81b30 cmd.exe 4796 6856 0x0000000043c4e000 2013-10-23 16:42:20 UTC+0000 2013-10-23 16:42:23 UTC+0000 0x0000000125e8c5d0 cmd.exe 5128 6856 0x000000005ffaf000 2013-10-25 21:32:43 UTC+0000 2013-10-25 21:32:43 UTC+0000 0x0000000125ea2820 cmd.exe 8460 3076 0x000000008bb99000 2013-10-18 07:50:32 UTC+0000 2013-10-18 07:50:33 UTC+0000 0x0000000125ebfb30 cmd.exe 13288 6856 0x00000001029f4000 2013-10-23 01:29:20 UTC+0000 2013-10-23 01:29:21 UTC+0000 0x0000000125f0d330 cmd.exe 6644 6856 0x0000000110c19000 2013-10-26 01:36:44 UTC+0000 2013-10-26 01:36:44 UTC+0000 0x0000000125f1f4b0 lmi_rescue.exe 7576 9116 0x000000008c445000 2013-10-31 14:30:11 UTC+0000 0x0000000125f1fb30 cmd.exe 3412 3076 0x000000000043e000 2013-10-16 23:17:32 UTC+0000 2013-10-16 23:17:34 UTC+0000 0x0000000125f23440 ra64app.exe 4340 7576 0x0000000047903000 2013-10-31 14:30:11 UTC+0000 2013-10-31 14:30:12 UTC+0000 0x0000000125f295b0 cmd.exe 9380 6856 0x000000010a255000 2013-10-29 10:53:43 UTC+0000 2013-10-29 10:53:44 UTC+0000 0x0000000125f31060 cmd.exe 6428 3076 0x000000006ea75000 2013-10-20 07:36:32 UTC+0000 2013-10-20 07:36:33 UTC+0000 0x0000000125f36700 cmd.exe 5352 3076 0x00000001022d3000 2013-10-20 02:31:32 UTC+0000 2013-10-20 02:31:32 UTC+0000 0x0000000125f67b30 svchost.exe 332 448 0x000000007ec27000 2013-10-11 13:04:13 UTC+0000 0x0000000125f7c060 svchost.exe 576 448 0x000000007f42c000 2013-10-11 13:04:13 UTC+0000 0x0000000125f99060 SavService.exe 1032 448 0x000000007eeb4000 2013-10-11 13:04:13 UTC+0000 2013-10-21 15:10:45 UTC+0000 0x0000000125fafb30 cmd.exe 7500 6856 0x000000006c7be000 2013-10-29 23:05:43 UTC+0000 2013-10-29 23:05:43 UTC+0000 0x0000000125fd2b30 cmd.exe 9660 3076 0x000000006ba57000 2013-10-19 07:12:32 UTC+0000 2013-10-19 07:12:33 UTC+0000 0x0000000125fd31b0 taskeng.exe 16016 948 0x00000001107fd000 2013-10-31 14:35:59 UTC+0000 0x0000000126001b30 cmd.exe 7440 6856 0x000000006e1f3000 2013-10-25 06:18:34 UTC+0000 2013-10-25 06:18:35 UTC+0000 0x000000012600f5c0 cmd.exe 10812 6856 0x000000007c0fe000 2013-10-24 19:07:34 UTC+0000 2013-10-24 19:07:35 UTC+0000 0x000000012601eb30 cmd.exe 1920 6856 0x000000010ec66000 2013-10-29 11:54:44 UTC+0000 2013-10-29 11:54:44 UTC+0000 0x0000000126022060 svchost.exe 3896 448 0x0000000026761000 2013-10-11 13:06:34 UTC+0000 0x00000001260249d0 ManagementAgen 1876 448 0x000000004e740000 2013-10-11 13:04:27 UTC+0000 0x000000012605d060 cmd.exe 10652 3076 0x0000000022f3e000 2013-10-20 08:36:31 UTC+0000 2013-10-20 08:36:32 UTC+0000 0x0000000126068060 svchost.exe 1540 448 0x00000000454d8000 2013-10-11 13:04:27 UTC+0000 0x0000000126082060 cmd.exe 6608 3076 0x0000000085f9f000 2013-10-20 01:29:31 UTC+0000 2013-10-20 01:29:32 UTC+0000 0x0000000126084300 cmd.exe 11584 3580 0x000000003cc9a000 2013-10-31 14:38:03 UTC+0000 0x0000000126123470 svchost.exe 840 448 0x000000008b33d000 2013-10-11 13:04:09 UTC+0000 0x0000000126135310 SearchIndexer. 3972 448 0x000000002836e000 2013-10-11 13:06:36 UTC+0000 0x00000001261535c0 svchost.exe 916 448 0x0000000073455000 2013-10-11 13:04:09 UTC+0000 0x0000000126168410 cmd.exe 4140 6856 0x000000010f5b1000 2013-10-30 22:27:43 UTC+0000 2013-10-30 22:27:43 UTC+0000 0x0000000126169060 schtasks.exe 12248 6856 0x0000000108b0b000 2013-10-23 05:33:27 UTC+0000 0x000000012616e9e0 svchost.exe 948 448 0x0000000072f5f000 2013-10-11 13:04:09 UTC+0000 0x0000000126191a30 cmd.exe 4756 3076 0x0000000015f32000 2013-10-20 03:32:32 UTC+0000 2013-10-20 03:32:32 UTC+0000 0x00000001261eab30 cmd.exe 6260 3076 0x000000011d689000 2013-10-19 22:26:31 UTC+0000 2013-10-19 22:26:32 UTC+0000 0x00000001261ed940 cmd.exe 1476 6856 0x00000000be609000 2013-10-27 13:10:43 UTC+0000 2013-10-27 13:10:44 UTC+0000 0x0000000126206740 cmd.exe 13580 6856 0x000000000af42000 2013-10-26 08:43:43 UTC+0000 2013-10-26 08:43:43 UTC+0000 0x00000001262bd3d0 cmd.exe 14264 6856 0x0000000091846000 2013-10-28 20:39:43 UTC+0000 2013-10-28 20:39:44 UTC+0000 0x00000001262d2b30 cmd.exe 11300 6856 0x00000000311ee000 2013-10-29 14:57:43 UTC+0000 2013-10-29 14:57:44 UTC+0000 0x00000001262f83d0 cmd.exe 5060 6856 0x0000000032b55000 2013-10-25 20:31:43 UTC+0000 2013-10-25 20:31:44 UTC+0000 0x00000001263138a0 chrome.exe 11008 12964 0x0000000083bd2000 2013-10-29 16:31:10 UTC+0000 2013-10-31 14:20:38 UTC+0000 0x0000000126382b30 SavService.exe 2116 448 0x00000001069b8000 2013-10-21 15:11:55 UTC+0000 0x000000012639c310 cmd.exe 11284 6856 0x0000000098a4e000 2013-10-22 20:24:21 UTC+0000 2013-10-22 20:24:22 UTC+0000 0x00000001263b3b30 ra64app.exe 10132 9116 0x000000010bdec000 2013-10-31 14:30:11 UTC+0000 2013-10-31 14:30:11 UTC+0000 0x00000001263cc620 UI0Detect.exe 11564 448 0x00000000754a2000 2013-10-21 15:11:04 UTC+0000 0x00000001263f5850 cmd.exe 6572 3076 0x000000000bd32000 2013-10-18 00:43:32 UTC+0000 2013-10-18 00:43:33 UTC+0000 0x0000000126413280 cmd.exe 11928 6856 0x0000000014c66000 2013-10-23 20:46:20 UTC+0000 2013-10-23 20:46:22 UTC+0000 0x0000000126415b30 cmd.exe 9100 3076 0x0000000011dd6000 2013-10-17 22:40:32 UTC+0000 2013-10-17 22:40:32 UTC+0000 0x000000012642bb30 cmd.exe 11204 6856 0x0000000010e75000 2013-10-31 03:32:43 UTC+0000 2013-10-31 03:32:44 UTC+0000 0x0000000126444060 cmd.exe 12168 6856 0x0000000097025000 2013-10-27 06:03:43 UTC+0000 2013-10-27 06:03:44 UTC+0000 0x00000001264a69e0 svchost.exe 632 448 0x000000008c56e000 2013-10-11 13:04:09 UTC+0000 0x00000001264af060 svchost.exe 712 448 0x000000007584c000 2013-10-11 13:04:09 UTC+0000 0x00000001264bb1d0 cmd.exe 10100 3076 0x000000004ceb0000 2013-10-19 01:05:31 UTC+0000 2013-10-19 01:05:31 UTC+0000 0x00000001264ea370 atiesrxx.exe 756 448 0x000000008bd37000 2013-10-11 13:04:09 UTC+0000 0x0000000126619b30 cmd.exe 4776 6856 0x0000000069148000 2013-10-24 15:04:20 UTC+0000 2013-10-24 15:04:20 UTC+0000 0x0000000126632060 wininit.exe 396 308 0x0000000091574000 2013-10-11 13:04:06 UTC+0000 0x0000000126638b30 csrss.exe 412 388 0x000000007ec16000 2013-10-11 13:04:06 UTC+0000 0x0000000126663b30 swc_service.ex 1112 448 0x00000001107f2000 2013-10-21 15:11:47 UTC+0000 0x0000000126688060 lsass.exe 464 396 0x000000007d953000 2013-10-11 13:04:06 UTC+0000 0x000000012668e590 lsm.exe 472 396 0x000000007d999000 2013-10-11 13:04:06 UTC+0000 0x00000001266b3b30 services.exe 448 396 0x0000000090b6c000 2013-10-11 13:04:06 UTC+0000 0x00000001266cab30 winlogon.exe 544 388 0x000000007be5c000 2013-10-11 13:04:07 UTC+0000 0x00000001267d5060 cmd.exe 6972 3076 0x00000000cc7f4000 2013-10-18 12:54:31 UTC+0000 2013-10-18 12:54:32 UTC+0000 0x00000001267e6b30 cmd.exe 10148 3076 0x0000000022651000 2013-10-19 15:19:31 UTC+0000 2013-10-19 15:19:34 UTC+0000 0x000000012680b310 cmd.exe 15376 6856 0x0000000033f07000 2013-10-30 18:24:43 UTC+0000 2013-10-30 18:24:47 UTC+0000 0x0000000126818b30 cmd.exe 2612 6856 0x00000000904b8000 2013-10-26 15:49:43 UTC+0000 2013-10-26 15:49:44 UTC+0000 0x000000012683d290 cmd.exe 9348 3076 0x000000006de30000 2013-10-18 18:59:31 UTC+0000 2013-10-18 18:59:32 UTC+0000 0x000000012684db30 cmd.exe 10492 3076 0x000000003810b000 2013-10-20 15:44:32 UTC+0000 2013-10-20 15:44:33 UTC+0000 0x000000012685fb30 cmd.exe 7444 3076 0x0000000066c66000 2013-10-18 19:00:32 UTC+0000 2013-10-18 19:00:32 UTC+0000 0x0000000126863b30 cmd.exe 14896 6856 0x00000001118f8000 2013-10-30 13:19:43 UTC+0000 2013-10-30 13:19:44 UTC+0000 0x0000000126863b30 cmd.exe 14896 6856 0x00000001118f8000 2013-10-30 13:19:43 UTC+0000 2013-10-30 13:19:44 UTC+0000 0x00000001268e2b30 csrss.exe 316 308 0x000000009232e000 2013-10-11 13:04:05 UTC+0000 0x0000000126b0c060 cmd.exe 7028 3076 0x000000001d303000 2013-10-17 05:23:31 UTC+0000 2013-10-17 05:23:32 UTC+0000 0x0000000126b2c270 cmd.exe 1264 6856 0x0000000030c84000 2013-10-23 05:33:21 UTC+0000 2013-10-23 05:33:31 UTC+0000 0x0000000126b42b30 smss.exe 244 4 0x000000009bd71000 2013-10-11 13:04:03 UTC+0000 0x0000000126c8f560 cmd.exe 1868 6856 0x000000002a485000 2013-10-28 19:38:43 UTC+0000 2013-10-28 19:38:43 UTC+0000 0x0000000126cc9b30 cmd.exe 10564 6856 0x0000000032d91000 2013-10-27 11:08:43 UTC+0000 2013-10-27 11:08:44 UTC+0000 0x0000000126d26b30 cmd.exe 13504 6856 0x000000001f6d6000 2013-10-25 16:27:43 UTC+0000 2013-10-25 16:27:44 UTC+0000 0x0000000126d3b060 cmd.exe 14936 6856 0x0000000080044000 2013-10-28 13:32:44 UTC+0000 2013-10-28 13:32:46 UTC+0000 0x0000000126d536e0 cmd.exe 11840 6856 0x000000004cb6b000 2013-10-29 09:52:43 UTC+0000 2013-10-29 09:52:43 UTC+0000 0x0000000126daab30 cmd.exe 8848 3076 0x00000000358fa000 2013-10-17 18:36:31 UTC+0000 2013-10-17 18:36:32 UTC+0000 0x0000000126dbc1a0 cmd.exe 12532 6856 0x0000000119ea8000 2013-10-25 03:15:34 UTC+0000 2013-10-25 03:15:35 UTC+0000 0x0000000126dc9a10 cmd.exe 7412 3076 0x0000000013b2b000 2013-10-17 19:37:31 UTC+0000 2013-10-17 19:37:34 UTC+0000 0x0000000126dcf2c0 cmd.exe 15536 6856 0x000000009414c000 2013-10-30 01:07:43 UTC+0000 2013-10-30 01:07:44 UTC+0000 0x0000000126ddf8a0 cmd.exe 11804 6856 0x000000007a703000 2013-10-25 23:34:43 UTC+0000 2013-10-25 23:34:43 UTC+0000 0x0000000126e07b30 cmd.exe 5332 6856 0x000000007877f000 2013-10-28 17:36:43 UTC+0000 2013-10-28 17:36:44 UTC+0000 0x0000000126e167e0 cmd.exe 6188 3076 0x0000000024475000 2013-10-17 08:27:32 UTC+0000 2013-10-17 08:27:33 UTC+0000 0x0000000126e578d0 cmd.exe 3032 6856 0x000000002e98a000 2013-10-26 03:38:43 UTC+0000 2013-10-26 03:38:43 UTC+0000 0x0000000126e5bb30 cmd.exe 5812 3076 0x000000008320d000 2013-10-19 19:23:31 UTC+0000 2013-10-19 19:23:33 UTC+0000 0x0000000126e7cb30 cmd.exe 4084 6856 0x00000000b0f6b000 2013-10-28 15:34:43 UTC+0000 2013-10-28 15:34:44 UTC+0000 0x0000000126e82660 cmd.exe 14008 6856 0x000000000dc1e000 2013-10-30 07:13:43 UTC+0000 2013-10-30 07:13:44 UTC+0000 0x0000000126f16b30 chrome.exe 2412 12964 0x00000000568b4000 2013-10-28 17:41:20 UTC+0000 2013-10-31 14:20:39 UTC+0000 0x0000000126f18060 chrome.exe 9240 9048 0x00000000cc06b000 2013-10-31 14:29:06 UTC+0000 0x0000000126f5d410 cmd.exe 6508 6856 0x0000000070748000 2013-10-30 21:27:43 UTC+0000 2013-10-30 21:27:44 UTC+0000 0x0000000126f76130 WmiPrvSE.exe 3348 632 0x00000000446ab000 2013-10-11 13:05:09 UTC+0000 0x0000000126fe0b30 conhost.exe 14928 412 0x000000009fd5f000 2013-10-31 14:38:03 UTC+0000 0x00000001270bb230 cmd.exe 11248 6856 0x0000000052906000 2013-10-26 02:37:43 UTC+0000 2013-10-26 02:37:44 UTC+0000 0x00000001270c5470 cmd.exe 10708 6856 0x0000000070290000 2013-10-22 17:21:20 UTC+0000 2013-10-22 17:21:21 UTC+0000 0x00000001270d3060 schtasks.exe 10376 3076 0x000000006bf53000 2013-10-20 06:35:38 UTC+0000 0x0000000127118b30 cmd.exe 8912 3076 0x00000001042e0000 2013-10-18 14:57:32 UTC+0000 2013-10-18 14:57:32 UTC+0000 0x0000000127138150 cmd.exe 8968 3076 0x000000009e6c9000 2013-10-18 05:48:32 UTC+0000 2013-10-18 05:48:32 UTC+0000 0x0000000127197b30 cmd.exe 4512 6856 0x000000009fbbc000 2013-10-28 09:28:43 UTC+0000 2013-10-28 09:28:44 UTC+0000 0x00000001271b3060 cmd.exe 6720 3076 0x0000000045a6b000 2013-10-16 22:16:32 UTC+0000 2013-10-16 22:16:33 UTC+0000 0x00000001271cc590 h?l????x?l???? 150 0 0x0000003200000000 0x00000001271d1890 cmd.exe 8512 6856 0x000000004cb0e000 2013-10-24 14:03:21 UTC+0000 2013-10-24 14:03:22 UTC+0000 0x00000001271d98c0 conhost.exe 10396 412 0x0000000092b21000 2013-10-20 06:35:38 UTC+0000 0x00000001271f2320 cmd.exe 10680 3076 0x0000000008439000 2013-10-21 02:54:32 UTC+0000 2013-10-21 02:54:32 UTC+0000 0x00000001271fa400 cmd.exe 12008 6856 0x00000000530f2000 2013-10-27 04:01:43 UTC+0000 2013-10-27 04:01:44 UTC+0000 0x0000000127220b30 cmd.exe 1888 3076 0x0000000102da1000 2013-10-19 05:10:32 UTC+0000 2013-10-19 05:10:32 UTC+0000 0x000000012722c1c0 cmd.exe 8920 3076 0x0000000108523000 2013-10-18 01:44:32 UTC+0000 2013-10-18 01:44:33 UTC+0000 0x0000000127259ae0 cmd.exe 12560 6856 0x000000002223b000 2013-10-25 10:22:34 UTC+0000 2013-10-25 10:22:34 UTC+0000 0x0000000127269120 sfc.exe 1300 448 0x000000007296d000 2013-10-31 14:26:25 UTC+0000 0x000000012728d260 cmd.exe 14332 6856 0x0000000023150000 2013-10-28 10:29:43 UTC+0000 2013-10-28 10:29:44 UTC+0000 0x000000012729f060 chrome.exe 4584 9048 0x000000003ff65000 2013-10-31 14:29:11 UTC+0000 0x00000001272efb30 cmd.exe 13240 6856 0x0000000034b46000 2013-10-23 00:28:20 UTC+0000 2013-10-23 00:28:21 UTC+0000 0x00000001273662e0 cmd.exe 7840 3076 0x000000004d965000 2013-10-18 11:53:31 UTC+0000 2013-10-18 11:53:32 UTC+0000 0x00000001273b2b30 cmd.exe 6952 3076 0x00000000846b6000 2013-10-17 11:29:31 UTC+0000 2013-10-17 11:29:33 UTC+0000 0x00000001273c19d0 iexplore.exe 11636 3076 0x0000000110118000 2013-10-29 18:08:23 UTC+0000 2013-10-31 14:22:19 UTC+0000 0x00000001273ccb30 swi_service.ex 2000 448 0x000000011ec4a000 2013-10-21 15:12:03 UTC+0000 0x00000001273d9830 cmd.exe 7820 3076 0x0000000047ec7000 2013-10-17 16:34:31 UTC+0000 2013-10-17 16:34:32 UTC+0000 0x00000001274048d0 cmd.exe 8732 6856 0x0000000033083000 2013-10-29 21:03:43 UTC+0000 2013-10-29 21:03:44 UTC+0000 0x0000000127409460 cmd.exe 12584 6856 0x000000010a5b5000 2013-10-27 14:11:43 UTC+0000 2013-10-27 14:11:44 UTC+0000 0x0000000127470b30 cmd.exe 7308 3076 0x00000000ba064000 2013-10-18 16:57:32 UTC+0000 2013-10-18 16:57:33 UTC+0000 0x00000001274a7060 cmd.exe 9752 3076 0x00000000bf168000 2013-10-20 03:31:31 UTC+0000 2013-10-20 03:31:31 UTC+0000 0x00000001274b16a0 cmd.exe 7644 3076 0x000000000a041000 2013-10-17 17:35:31 UTC+0000 2013-10-17 17:35:32 UTC+0000 0x00000001274c9720 SearchFilterHo 15232 3972 0x0000000001b54000 2013-10-31 14:21:02 UTC+0000 2013-10-31 14:23:16 UTC+0000 0x00000001274e13f0 conhost.exe 10736 412 0x00000001118ca000 2013-10-23 05:33:28 UTC+0000 0x00000001276954d0 conhost.exe 13612 412 0x00000000c9ac7000 2013-10-31 14:36:43 UTC+0000 0x00000001276a79e0 cmd.exe 6352 6856 0x000000004d728000 2013-10-27 18:15:44 UTC+0000 2013-10-27 18:15:48 UTC+0000 0x00000001276ab270 iptray.exe 5348 11240 0x00000000b905e000 2013-10-31 14:28:24 UTC+0000 0x00000001276d9530 cmd.exe 4768 3076 0x000000004d39b000 2013-10-17 03:21:31 UTC+0000 2013-10-17 03:21:33 UTC+0000 0x00000001276e9b30 cmd.exe 14836 6856 0x0000000106c8b000 2013-10-30 08:14:43 UTC+0000 2013-10-30 08:14:43 UTC+0000 0x000000012774b420 cmd.exe 8852 6856 0x000000004bc6c000 2013-10-27 20:17:43 UTC+0000 2013-10-27 20:17:43 UTC+0000 0x000000012777a890 cmd.exe 6280 3076 0x000000005ec6b000 2013-10-17 13:31:31 UTC+0000 2013-10-17 13:31:33 UTC+0000 0x0000000127800b30 lmi_rescue.exe 9116 9788 0x00000000b2e65000 2013-10-31 14:29:43 UTC+0000 0x00000001278259a0 rundll32.exe 3064 3580 0x00000000c5cc2000 2013-10-31 14:36:43 UTC+0000 2013-10-31 14:36:43 UTC+0000 0x0000000127853500 cmd.exe 1908 6856 0x0000000046236000 2013-10-30 02:08:44 UTC+0000 2013-10-30 02:08:44 UTC+0000 0x000000012794ab30 cmd.exe 7452 6856 0x00000000b7b2b000 2013-10-28 04:25:43 UTC+0000 2013-10-28 04:25:44 UTC+0000 0x0000000127996060 cmd.exe 212 6856 0x00000000170a8000 2013-10-27 01:59:43 UTC+0000 2013-10-27 01:59:44 UTC+0000 0x00000001279b38d0 chrome.exe 9048 3580 0x0000000091e8c000 2013-10-31 14:29:05 UTC+0000 0x00000001279bf060 chrome.exe 9176 9048 0x0000000075954000 2013-10-31 14:29:06 UTC+0000 0x00000001279bfb30 cmd.exe 8676 6856 0x000000003cd49000 2013-10-30 10:16:43 UTC+0000 2013-10-30 10:16:45 UTC+0000 0x00000001279d8630 cmd.exe 5188 3076 0x000000003ebeb000 2013-10-19 03:07:31 UTC+0000 2013-10-19 03:07:33 UTC+0000 0x00000001279e7700 WmiPrvSE.exe 10536 632 0x0000000107ff9000 2013-10-31 14:19:36 UTC+0000 2013-10-31 14:23:42 UTC+0000 0x0000000127a6b060 audiodg.exe 9500 840 0x000000006865e000 2013-10-18 18:56:04 UTC+0000 0x0000000127a802d0 taskhost.exe 6956 448 0x000000005797d000 2013-10-17 07:41:21 UTC+0000 0x0000000127aa29e0 cmd.exe 16236 6856 0x0000000084712000 2013-10-30 05:11:43 UTC+0000 2013-10-30 05:11:45 UTC+0000 0x0000000127b1e210 winpmem_1.4.ex 5820 11584 0x0000000052dd2000 2013-10-31 14:38:22 UTC+0000 0x0000000127b3ab30 cmd.exe 1552 3076 0x00000000bee94000 2013-10-18 00:42:31 UTC+0000 2013-10-18 00:42:32 UTC+0000 0x0000000127b5db30 cmd.exe 2548 3076 0x0000000038853000 2013-10-18 09:52:32 UTC+0000 2013-10-18 09:52:33 UTC+0000 0x0000000127b88060 chrome.exe 14132 12964 0x0000000064c1e000 2013-10-25 20:27:03 UTC+0000 2013-10-31 14:21:29 UTC+0000 0x0000000127ba9290 OSPPSVC.EXE 3476 448 0x0000000104d39000 2013-10-11 13:09:13 UTC+0000 0x0000000127bfeb30 cmd.exe 9760 6856 0x000000004886b000 2013-10-27 08:05:43 UTC+0000 2013-10-27 08:05:44 UTC+0000 0x0000000127c3bb30 cmd.exe 8636 3076 0x00000000971b7000 2013-10-17 19:38:32 UTC+0000 2013-10-17 19:38:32 UTC+0000 0x0000000127c5b680 cmd.exe 13456 6856 0x000000003229a000 2013-10-26 16:50:43 UTC+0000 2013-10-26 16:50:44 UTC+0000 0x0000000127c6e3c0 WerFault.exe 16076 14920 0x00000000c10c1000 2013-10-31 14:21:42 UTC+0000 2013-10-31 14:21:47 UTC+0000 0x0000000127cb4060 cmd.exe 9300 3076 0x0000000061768000 2013-10-18 22:03:32 UTC+0000 2013-10-18 22:03:33 UTC+0000 0x0000000127cc5b30 WmiPrvSE.exe 16024 632 0x0000000045fb9000 2013-10-31 14:35:22 UTC+0000 0x0000000127ccfb30 cmd.exe 4720 6856 0x00000000be1df000 2013-10-28 16:35:44 UTC+0000 2013-10-28 16:35:45 UTC+0000 0x0000000127cf3760 cmd.exe 10760 6856 0x00000000335c6000 2013-10-26 12:47:43 UTC+0000 2013-10-26 12:47:44 UTC+0000 0x0000000127d125a0 cmd.exe 4112 6856 0x0000000073804000 2013-10-28 00:21:43 UTC+0000 2013-10-28 00:21:44 UTC+0000 0x0000000127d30b30 cmd.exe 5324 3076 0x0000000030218000 2013-10-19 03:08:32 UTC+0000 2013-10-19 03:08:32 UTC+0000 0x0000000127d3cb30 cmd.exe 12032 3064 0x000000006272b000 2013-10-31 14:36:43 UTC+0000 0x0000000127d52920 explorer.exe 3580 3560 0x000000011a2c1000 2013-10-11 13:06:42 UTC+0000 0x0000000127d75b30 cmd.exe 8596 3076 0x00000000b723b000 2013-10-18 10:53:32 UTC+0000 2013-10-18 10:53:32 UTC+0000 0x0000000127dbb060 taskhost.exe 732 448 0x0000000115dc9000 2013-10-11 13:06:43 UTC+0000 0x0000000127df6b30 jusched.exe 4044 3476 0x000000010f89b000 2013-10-11 13:06:45 UTC+0000 0x0000000127e6a7b0 ALMon.exe 2652 3476 0x0000000018af6000 2013-10-11 13:06:46 UTC+0000 0x0000000127e90060 cmd.exe 14456 6856 0x0000000078660000 2013-10-29 15:58:43 UTC+0000 2013-10-29 15:58:45 UTC+0000 0x0000000127f65040 System 4 0 0x0000000000187000 2013-10-11 13:04:03 UTC+0000 0x0000000127fe7b30 cmd.exe 908 3076 0x00000000cef07000 2013-10-19 01:06:32 UTC+0000 2013-10-19 01:06:32 UTC+0000 0x0000000127ffd060 cmd.exe 4972 6856 0x000000007b39b000 2013-10-30 12:18:43 UTC+0000 2013-10-30 12:18:44 UTC+0000 0x00000001280375f0 dwm.exe 1956 916 0x0000000025669000 2013-10-11 13:06:42 UTC+0000 0x0000000128059b30 cmd.exe 11092 3076 0x00000000c5fcc000 2013-10-20 16:45:32 UTC+0000 2013-10-20 16:45:33 UTC+0000 0x00000001280b8060 cmd.exe 8704 3076 0x00000000936e8000 2013-10-20 18:46:31 UTC+0000 2013-10-20 18:46:32 UTC+0000 0x00000001280b8710 cmd.exe 9164 3076 0x0000000124e15000 2013-10-20 21:50:32 UTC+0000 2013-10-20 21:50:32 UTC+0000