kd>
HandleCount(0n566)
0:Process Switch (Object == 0x0000000000000000)
1:PreviousProcess(0xfffffa8003c8ecd0) => NewProcess(0xfffffa8003c8e950)
2:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 8)(0xfffffa8003c8e430) System
3:ProcessID(460)(0xfffffa80051e4c10) ThreadID( 12)(0xfffffa8005229060) svchost.exe
4:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 16)(0xfffffa8003cb27a0) System
5:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 20)(0xfffffa8003cb2310) System
6:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 24)(0xfffffa8003cb6040) System
7:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 28)(0xfffffa8003ccabb0) System
8:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 32)(0xfffffa8003cca720) System
9:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 36)(0xfffffa8003cca290) System
10:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 40)(0xfffffa8003cbd040) System
11:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 44)(0xfffffa8003cbdbb0) System
12:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 48)(0xfffffa8003cbd720) System
13:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 52)(0xfffffa8003cbc040) System
14:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 56)(0xfffffa8003cbcbb0) System
15:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 60)(0xfffffa8003cbc720) System
16:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 64)(0xfffffa8003cbb040) System
17:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 68)(0xfffffa8003cbbbb0) System
18:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 72)(0xfffffa8003cbb720) System
19:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 76)(0xfffffa8003cba040) System
20:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 80)(0xfffffa8003cbabb0) System
21:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 84)(0xfffffa8003cba720) System
22:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 88)(0xfffffa8003cb9040) System
23:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 92)(0xfffffa8003cb9bb0) System
24:ProcessID( 4)(0xfffffa8003c8e950) ThreadID( 96)(0xfffffa8003cb9720) System
25:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(100)(0xfffffa8003cb8040) System
26:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(104)(0xfffffa8003ccd370) System
27:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(108)(0xfffffa8003cce040) System
28:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(112)(0xfffffa8003ccebb0) System
29:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(116)(0xfffffa8003cce720) System
30:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(120)(0xfffffa8003cd0bb0) System
31:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(124)(0xfffffa8003cd0460) System
32:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(128)(0xfffffa8003cd1bb0) System
33:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(132)(0xfffffa8003cd1520) System
34:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(136)(0xfffffa8003cd2040) System
35:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(140)(0xfffffa8003cd2970) System
36:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(144)(0xfffffa8003cd3040) System
37:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(148)(0xfffffa8003cd3bb0) System
38:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(152)(0xfffffa8003c83bb0) System
39:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(156)(0xfffffa8003c8d040) System
40:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(160)(0xfffffa8003d1fbb0) System
41:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(164)(0xfffffa8003d2c040) System
42:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(168)(0xfffffa8003d2c770) System
43:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(172)(0xfffffa8003d33bb0) System
44:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(176)(0xfffffa8003df4040) System
45:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(180)(0xfffffa8003df8630) System
46:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(184)(0xfffffa8003dffbb0) System
47:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(188)(0xfffffa8003e7cb20) System
48:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(192)(0xfffffa8003ee1040) System
49:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(196)(0xfffffa8003ee17b0) System
50:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(200)(0xfffffa80044e2630) System
51:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(204)(0xfffffa80044fb040) System
52:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(208)(0xfffffa80045319f0) System
53:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(212)(0xfffffa8004637040) System
54:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(216)(0xfffffa80046c5bb0) System
55:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(220)(0xfffffa8003c33780) System
56:Process Switch (Object == 0x0000000000000000)
57:ProcessID(956)(0xfffffa80051725c0) ThreadID(228)(0xfffffa80051945d0) svchost.exe
58:ProcessID(968)(0xfffffa800517ab00) ThreadID(232)(0xfffffa80051f5060) svchost.exe
59:ProcessID(920)(0xfffffa8005210040) ThreadID(236)(0xfffffa8005647060) svchost.exe
60:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(240)(0xfffffa8004994720) System
61:ProcessID(1520)(0xfffffa80053277d0) ThreadID(244)(0xfffffa8005368700) explorer.exe
62:Process Switch (Object == 0x0000000000000000)
63:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(252)(0xfffffa8004a90040) System
64:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(256)(0xfffffa8004a90bb0) System
65:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(260)(0xfffffa8004a90720) System
66:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(264)(0xfffffa8004a91040) System
67:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(268)(0xfffffa8004a91bb0) System
68:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(272)(0xfffffa8004a91720) System
69:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(276)(0xfffffa8004a92040) System
70:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(280)(0xfffffa8004a92bb0) System
71:Process Switch (Object == 0x0000000000000000)
72:ProcessID(1836)(0xfffffa800513eab0) ThreadID(288)(0xfffffa80056cb820) msdtc.exe
73:Process Switch (Object == 0x0000000000000000)
74:ProcessID(1520)(0xfffffa80053277d0) ThreadID(296)(0xfffffa8005814060) explorer.exe
75:ProcessID(968)(0xfffffa800517ab00) ThreadID(300)(0xfffffa8003cfb310) svchost.exe
76:PreviousProcess(0xfffffa80051a27c3) => NewProcess(0xfffffa80051a2440)
77:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(308)(0xfffffa8004d8cbb0) System
78:ProcessID(304)(0xfffffa80051a2440) ThreadID(312)(0xfffffa80051a4bb0) svchost.exe
79:ProcessID(908)(0xfffffa800515e9b0) ThreadID(316)(0xfffffa800523fbb0) svchost.exe
80:Process Switch (Object == 0x0000000000000000)
81:ProcessID(984)(0xfffffa8005180930) ThreadID(324)(0xfffffa80051ab060) SLsvc.exe
82:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(328)(0xfffffa8004dd1040) System
83:ProcessID(304)(0xfffffa80051a2440) ThreadID(332)(0xfffffa800574c3e0) svchost.exe
84:ProcessID(968)(0xfffffa800517ab00) ThreadID(336)(0xfffffa8005329060) svchost.exe
85:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(340)(0xfffffa8004e16bb0) System
86:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(344)(0xfffffa8004e129c0) System
87:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(348)(0xfffffa8004e19040) System
88:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(352)(0xfffffa8004e19bb0) System
89:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(356)(0xfffffa8004e19720) System
90:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(360)(0xfffffa8004e1a040) System
91:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(364)(0xfffffa8004e1abb0) System
92:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(368)(0xfffffa8004e1a720) System
93:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(372)(0xfffffa8004e1b040) System
94:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(376)(0xfffffa8004e1bbb0) System
95:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(380)(0xfffffa8004e1b720) System
96:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(384)(0xfffffa8004e1c040) System
97:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(388)(0xfffffa8004e1cbb0) System
98:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(392)(0xfffffa8004e1c720) System
99:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(396)(0xfffffa8004e1d040) System
100:Process Switch (Object == 0x0000000000000000)
101:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(404)(0xfffffa8004e376f0) System
102:PreviousProcess(0xfffffa8004e33f93) => NewProcess(0xfffffa8004e33c10)
103:ProcessID(408)(0xfffffa8004e33c10) ThreadID(412)(0xfffffa8004e15660) smss.exe
104:ProcessID(304)(0xfffffa80051a2440) ThreadID(416)(0xfffffa80051b4060) svchost.exe
105:Process Switch (Object == 0x0000000000000000)
106:ProcessID(304)(0xfffffa80051a2440) ThreadID(424)(0xfffffa80051b0700) svchost.exe
107:ProcessID(304)(0xfffffa80051a2440) ThreadID(428)(0xfffffa80051b4a70) svchost.exe
108:ProcessID(908)(0xfffffa800515e9b0) ThreadID(432)(0xfffffa800520e9a0) svchost.exe
109:Process Switch (Object == 0x0000000000000000)
110:ProcessID(968)(0xfffffa800517ab00) ThreadID(440)(0xfffffa80051b57c0) svchost.exe
111:Process Switch (Object == 0x0000000000000000)
112:Process Switch (Object == 0x0000000000000000)
113:Process Switch (Object == 0x0000000000000000)
114:ProcessID(408)(0xfffffa8004e33c10) ThreadID(456)(0xfffffa8004a4b500) smss.exe
115:PreviousProcess(0xfffffa80051e4f90) => NewProcess(0xfffffa80051e4c10)
116:ProcessID(1520)(0xfffffa80053277d0) ThreadID(464)(0xfffffa8004f89bb0) explorer.exe
117:ProcessID(408)(0xfffffa8004e33c10) ThreadID(468)(0xfffffa8004eda060) smss.exe
118:PreviousProcess(0xfffffa8004f22530) => NewProcess(0xfffffa8004f221b0)
119:Process Switch (Object == 0x0000000000000000)
120:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(480)(0xfffffa8004f23830) System
121:ProcessID(472)(0xfffffa8004f221b0) ThreadID(484)(0xfffffa8004f340f0) csrss.exe
122:ProcessID(472)(0xfffffa8004f221b0) ThreadID(488)(0xfffffa8004f33820) csrss.exe
123:ProcessID(472)(0xfffffa8004f221b0) ThreadID(492)(0xfffffa8004f378e0) csrss.exe
124:ProcessID(472)(0xfffffa8004f221b0) ThreadID(496)(0xfffffa8004f35060) csrss.exe
125:ProcessID(408)(0xfffffa8004e33c10) ThreadID(500)(0xfffffa8004f38060) smss.exe
126:Process Switch (Object == 0x0000000000000000)
127:ProcessID(592)(0xfffffa8004f664e0) ThreadID(508)(0xfffffa80056fb060) services.exe
128:PreviousProcess(0xfffffa8004f3b4c0) => NewProcess(0xfffffa8004f3b140)
129:ProcessID(460)(0xfffffa80051e4c10) ThreadID(516)(0xfffffa80051debb0) svchost.exe
130:PreviousProcess(0xfffffa8004f38dc0) => NewProcess(0xfffffa8004f38a40)
131:ProcessID(520)(0xfffffa8004f38a40) ThreadID(524)(0xfffffa8004f3f060) wininit.exe
132:ProcessID(472)(0xfffffa8004f221b0) ThreadID(528)(0xfffffa8004f24060) csrss.exe
133:ProcessID(520)(0xfffffa8004f38a40) ThreadID(532)(0xfffffa8004ed9bb0) wininit.exe
134:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(536)(0xfffffa8004f427f0) System
135:ProcessID(512)(0xfffffa8004f3b140) ThreadID(540)(0xfffffa8004f56400) csrss.exe
136:ProcessID(512)(0xfffffa8004f3b140) ThreadID(544)(0xfffffa8004f57060) csrss.exe
137:ProcessID(512)(0xfffffa8004f3b140) ThreadID(548)(0xfffffa8004f57780) csrss.exe
138:ProcessID(512)(0xfffffa8004f3b140) ThreadID(552)(0xfffffa8004f58bb0) csrss.exe
139:PreviousProcess(0xfffffa8004f5a3c0) => NewProcess(0xfffffa8004f5a040)
140:ProcessID(556)(0xfffffa8004f5a040) ThreadID(560)(0xfffffa8004f5a980) winlogon.exe
141:ProcessID(512)(0xfffffa8004f3b140) ThreadID(564)(0xfffffa8004f39990) csrss.exe
142:ProcessID(612)(0xfffffa8004f74c10) ThreadID(568)(0xfffffa8005687340) lsm.exe
143:ProcessID(472)(0xfffffa8004f221b0) ThreadID(572)(0xfffffa8004f5e8b0) csrss.exe
144:ProcessID(512)(0xfffffa8004f3b140) ThreadID(576)(0xfffffa8004f61060) csrss.exe
145:ProcessID(472)(0xfffffa8004f221b0) ThreadID(580)(0xfffffa8004f62060) csrss.exe
146:ProcessID(956)(0xfffffa80051725c0) ThreadID(584)(0xfffffa80051fb060) svchost.exe
147:ProcessID(304)(0xfffffa80051a2440) ThreadID(588)(0xfffffa800576f060) svchost.exe
148:PreviousProcess(0xfffffa8004f66860) => NewProcess(0xfffffa8004f664e0)
149:ProcessID(592)(0xfffffa8004f664e0) ThreadID(596)(0xfffffa8004f68060) services.exe
150:ProcessID(520)(0xfffffa8004f38a40) ThreadID(600)(0xfffffa8004f6e5a0) wininit.exe
151:PreviousProcess(0xfffffa8004f713c0) => NewProcess(0xfffffa8004f71040)
152:ProcessID(460)(0xfffffa80051e4c10) ThreadID(608)(0xfffffa8005215b50) svchost.exe
153:PreviousProcess(0xfffffa8004f74f93) => NewProcess(0xfffffa8004f74c10)
154:ProcessID(612)(0xfffffa8004f74c10) ThreadID(616)(0xfffffa8004f76060) lsm.exe
155:ProcessID(472)(0xfffffa8004f221b0) ThreadID(620)(0xfffffa8004f76640) csrss.exe
156:ProcessID(472)(0xfffffa8004f221b0) ThreadID(624)(0xfffffa8004f75060) csrss.exe
157:ProcessID(472)(0xfffffa8004f221b0) ThreadID(628)(0xfffffa8004f70060) csrss.exe
158:ProcessID(512)(0xfffffa8004f3b140) ThreadID(632)(0xfffffa800503a750) csrss.exe
159:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(636)(0xfffffa80050442b0) System
160:ProcessID(460)(0xfffffa80051e4c10) ThreadID(640)(0xfffffa8003cfe060) svchost.exe
161:ProcessID(604)(0xfffffa8004f71040) ThreadID(644)(0xfffffa800507f410) lsass.exe
162:ProcessID(604)(0xfffffa8004f71040) ThreadID(648)(0xfffffa800508b060) lsass.exe
163:ProcessID(604)(0xfffffa8004f71040) ThreadID(652)(0xfffffa800508bb60) lsass.exe
164:ProcessID(604)(0xfffffa8004f71040) ThreadID(656)(0xfffffa800508b6b0) lsass.exe
165:ProcessID(604)(0xfffffa8004f71040) ThreadID(660)(0xfffffa800508c3c0) lsass.exe
166:ProcessID(920)(0xfffffa8005210040) ThreadID(664)(0xfffffa80056c5060) svchost.exe
167:ProcessID(592)(0xfffffa8004f664e0) ThreadID(668)(0xfffffa80056d0060) services.exe
168:ProcessID(520)(0xfffffa8004f38a40) ThreadID(672)(0xfffffa800508e610) wininit.exe
169:ProcessID(1964)(0xfffffa800564bb40) ThreadID(676)(0xfffffa8003cdcb30) taskeng.exe
170:ProcessID(604)(0xfffffa8004f71040) ThreadID(680)(0xfffffa80050de540) lsass.exe
171:ProcessID(604)(0xfffffa8004f71040) ThreadID(684)(0xfffffa80050e1af0) lsass.exe
172:ProcessID(968)(0xfffffa800517ab00) ThreadID(688)(0xfffffa8005194060) svchost.exe
173:ProcessID(604)(0xfffffa8004f71040) ThreadID(692)(0xfffffa80050e5060) lsass.exe
174:ProcessID(908)(0xfffffa800515e9b0) ThreadID(696)(0xfffffa8005217930) svchost.exe
175:ProcessID(604)(0xfffffa8004f71040) ThreadID(700)(0xfffffa80050eda00) lsass.exe
176:ProcessID(604)(0xfffffa8004f71040) ThreadID(704)(0xfffffa8005106060) lsass.exe
177:ProcessID(592)(0xfffffa8004f664e0) ThreadID(708)(0xfffffa8005106790) services.exe
178:ProcessID(592)(0xfffffa8004f664e0) ThreadID(712)(0xfffffa8005107060) services.exe
179:ProcessID(1964)(0xfffffa800564bb40) ThreadID(716)(0xfffffa8005368bb0) taskeng.exe
180:ProcessID(592)(0xfffffa8004f664e0) ThreadID(720)(0xfffffa8005108770) services.exe
181:ProcessID(604)(0xfffffa8004f71040) ThreadID(724)(0xfffffa8004f5c060) lsass.exe
182:ProcessID(460)(0xfffffa80051e4c10) ThreadID(728)(0xfffffa800526f4c0) svchost.exe
183:ProcessID(956)(0xfffffa80051725c0) ThreadID(732)(0xfffffa80051a1bb0) svchost.exe
184:ProcessID(556)(0xfffffa8004f5a040) ThreadID(736)(0xfffffa8005301bb0) winlogon.exe
185:Process Switch (Object == 0x0000000000000000)
186:ProcessID(2036)(0xfffffa800572d460) ThreadID(744)(0xfffffa80051a0990) dwm.exe
187:ProcessID(604)(0xfffffa8004f71040) ThreadID(748)(0xfffffa8005110060) lsass.exe
188:PreviousProcess(0xfffffa8004f8b860) => NewProcess(0xfffffa8004f8b4e0)
189:ProcessID(908)(0xfffffa800515e9b0) ThreadID(756)(0xfffffa800522ba80) svchost.exe
190:ProcessID(460)(0xfffffa80051e4c10) ThreadID(760)(0xfffffa8005213060) svchost.exe
191:ProcessID(592)(0xfffffa8004f664e0) ThreadID(764)(0xfffffa8005625060) services.exe
192:PreviousProcess(0xfffffa80051086a0) => NewProcess(0xfffffa8005108320)
193:ProcessID(768)(0xfffffa8005108320) ThreadID(772)(0xfffffa8004f71bb0) svchost.exe
194:ProcessID(908)(0xfffffa800515e9b0) ThreadID(776)(0xfffffa8005217350) svchost.exe
195:ProcessID(768)(0xfffffa8005108320) ThreadID(780)(0xfffffa80050e6690) svchost.exe
196:ProcessID(768)(0xfffffa8005108320) ThreadID(784)(0xfffffa800511e060) svchost.exe
197:ProcessID(768)(0xfffffa8005108320) ThreadID(788)(0xfffffa800511e9e0) svchost.exe
198:ProcessID(604)(0xfffffa8004f71040) ThreadID(792)(0xfffffa8005330390) lsass.exe
199:ProcessID(768)(0xfffffa8005108320) ThreadID(796)(0xfffffa800511f060) svchost.exe
200:ProcessID(956)(0xfffffa80051725c0) ThreadID(800)(0xfffffa8005329bb0) svchost.exe
201:ProcessID(592)(0xfffffa8004f664e0) ThreadID(804)(0xfffffa8005120bb0) services.exe
202:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(808)(0xfffffa800512bbb0) System
203:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(812)(0xfffffa800521d040) System
204:ProcessID(768)(0xfffffa8005108320) ThreadID(816)(0xfffffa800512c060) svchost.exe
205:ProcessID(968)(0xfffffa800517ab00) ThreadID(820)(0xfffffa80056cb060) svchost.exe
206:ProcessID(1836)(0xfffffa800513eab0) ThreadID(824)(0xfffffa80051cb310) msdtc.exe
207:PreviousProcess(0xfffffa800512d870) => NewProcess(0xfffffa800512d4f0)
208:ProcessID(828)(0xfffffa800512d4f0) ThreadID(832)(0xfffffa800512fbb0) svchost.exe
209:ProcessID(828)(0xfffffa800512d4f0) ThreadID(836)(0xfffffa80051301d0) svchost.exe
210:ProcessID(828)(0xfffffa800512d4f0) ThreadID(840)(0xfffffa800512e590) svchost.exe
211:ProcessID(828)(0xfffffa800512d4f0) ThreadID(844)(0xfffffa80051326d0) svchost.exe
212:ProcessID(828)(0xfffffa800512d4f0) ThreadID(848)(0xfffffa8005133bb0) svchost.exe
213:ProcessID(1964)(0xfffffa800564bb40) ThreadID(852)(0xfffffa8003d01bb0) taskeng.exe
214:ProcessID(828)(0xfffffa800512d4f0) ThreadID(856)(0xfffffa800513d060) svchost.exe
215:ProcessID(612)(0xfffffa8004f74c10) ThreadID(860)(0xfffffa800513f710) lsm.exe
216:ProcessID(768)(0xfffffa8005108320) ThreadID(864)(0xfffffa8005811b50) svchost.exe
217:ProcessID(612)(0xfffffa8004f74c10) ThreadID(868)(0xfffffa80051499b0) lsm.exe
218:ProcessID(612)(0xfffffa8004f74c10) ThreadID(872)(0xfffffa8005149500) lsm.exe
219:ProcessID(612)(0xfffffa8004f74c10) ThreadID(876)(0xfffffa800514d060) lsm.exe
220:ProcessID(612)(0xfffffa8004f74c10) ThreadID(880)(0xfffffa800514d8f0) lsm.exe
221:ProcessID(612)(0xfffffa8004f74c10) ThreadID(884)(0xfffffa800514e060) lsm.exe
222:ProcessID(612)(0xfffffa8004f74c10) ThreadID(888)(0xfffffa800514e8b0) lsm.exe
223:Process Switch (Object == 0x0000000000000000)
224:ProcessID(612)(0xfffffa8004f74c10) ThreadID(896)(0xfffffa8005155060) lsm.exe
225:Process Switch (Object == 0x0000000000000000)
226:Process Switch (Object == 0x0000000000000000)
227:PreviousProcess(0xfffffa800515ed30) => NewProcess(0xfffffa800515e9b0)
228:ProcessID(908)(0xfffffa800515e9b0) ThreadID(912)(0xfffffa8005160ad0) svchost.exe
229:ProcessID(908)(0xfffffa800515e9b0) ThreadID(916)(0xfffffa800515d590) svchost.exe
230:PreviousProcess(0xfffffa80052103c0) => NewProcess(0xfffffa8005210040)
231:ProcessID(592)(0xfffffa8004f664e0) ThreadID(924)(0xfffffa800520c060) services.exe
232:Process Switch (Object == 0x0000000000000000)
233:ProcessID(556)(0xfffffa8004f5a040) ThreadID(932)(0xfffffa8005165490) winlogon.exe
234:ProcessID(612)(0xfffffa8004f74c10) ThreadID(936)(0xfffffa800573e7c0) lsm.exe
235:ProcessID(908)(0xfffffa800515e9b0) ThreadID(940)(0xfffffa800516b060) svchost.exe
236:ProcessID(908)(0xfffffa800515e9b0) ThreadID(944)(0xfffffa800516a060) svchost.exe
237:ProcessID(968)(0xfffffa800517ab00) ThreadID(948)(0xfffffa8003d02060) svchost.exe
238:ProcessID(908)(0xfffffa800515e9b0) ThreadID(952)(0xfffffa800516f060) svchost.exe
239:PreviousProcess(0xfffffa8005172940) => NewProcess(0xfffffa80051725c0)
240:ProcessID(956)(0xfffffa80051725c0) ThreadID(960)(0xfffffa80051716b0) svchost.exe
241:ProcessID(920)(0xfffffa8005210040) ThreadID(964)(0xfffffa800521d720) svchost.exe
242:PreviousProcess(0xfffffa800517ae80) => NewProcess(0xfffffa800517ab00)
243:ProcessID(968)(0xfffffa800517ab00) ThreadID(972)(0xfffffa800517c060) svchost.exe
244:ProcessID(908)(0xfffffa800515e9b0) ThreadID(976)(0xfffffa800517cbb0) svchost.exe
245:ProcessID(968)(0xfffffa800517ab00) ThreadID(980)(0xfffffa800517fbb0) svchost.exe
246:PreviousProcess(0xfffffa8005180cb0) => NewProcess(0xfffffa8005180930)
247:ProcessID(984)(0xfffffa8005180930) ThreadID(988)(0xfffffa8005182060) SLsvc.exe
248:ProcessID(908)(0xfffffa800515e9b0) ThreadID(992)(0xfffffa8005185700) svchost.exe
249:ProcessID( 4)(0xfffffa8003c8e950) ThreadID(996)(0xfffffa8005746330) System
250:Process Switch (Object == 0x0000000000000000)
251:ProcessID(1092)(0xfffffa8005248880) ThreadID(1004)(0xfffffa80057154c0) svchost.exe
252:ProcessID(968)(0xfffffa800517ab00) ThreadID(1008)(0xfffffa80051928e0) svchost.exe
253:Process Switch (Object == 0x0000000000000000)
254:ProcessID(1836)(0xfffffa800513eab0) ThreadID(1016)(0xfffffa8005743450) msdtc.exe
255:ProcessID(612)(0xfffffa8004f74c10) ThreadID(1020)(0xfffffa800576d780) lsm.exe
[---]