Buster Sandbox Analyzer

About PEID: the program is obsolete. Skip it. Last update is from 2008 so it's totally useless nowadays.

About report: program crashed so WerFault was loaded. In this case report is useless.

The important question is: why did notepad crash? Obviously it happens because LOG_API is being injected.

What beta version of BSA are you using? Beta 5 downloaded from the link provided above?

What version of Windows are you using?

 

BSA is latest Beta.
Windows 10 Pro x64 1909

 

Ok, nice. And what Sandboxie version are you using?

 

5.40.2.
All is latest except Windows )

 

I just installed Sandboxie 5.40.2 and BSA 1.89 Beta 5 on a Windows 10 Pro x64 1903 and everything worked fine: I sandboxed notepad, put some letters, save it and exit. Same process you did.

You wrote: "When I opened notepad.exe, put some letters, saved it and tried to close - I've got an error:"

At what point do you get the error?, when you save or when you close?

I don't think it makes any difference, but let's try this... Run notepad sandboxed in the same sandbox you use within BSA. Put some letters, save and exit. But do all this by yourself, don't use BSA.

Does notepad crash?

Meanwhile you could ask to some members from russian forum (http://gallery.ru-board.com/topic.cgi?forum=5&topic=20992&start=0) to make the same test with notepad to see if they also get the same error or not.

We need to know if it's a general problem or a problem specific in your PC.

 

Yeah, you're right, the crash happens even when BSA is not involved.
But I have few sandboxes with different configurations. Notepad works OK in all of them except BSA.
BSA config is as follows:

Spoiler: BSA Config

[BSA]

InjectDll=d:\Program Files\Sandboxie\Buster Sandbox Analyzer\lapi32.dll
InjectDll64=d:\Program Files\Sandboxie\Buster Sandbox Analyzer\lapi64.dll
OpenPipePath=\Device\NamedPipe\LogAPI
Enabled=y
ConfigLevel=7
BoxNameTitle=n
BorderColor=#0000FF
NotifyInternetAccessDenied=y
Template=BlockPorts
NotifyDirectDiskAccess=y
ProcessLimit1=20
ProcessLimit2=30

"lapi" is renamed logapi file for verbose log (the situation with normal log is the same).

I would be happy to ask in Russian forum but I believe nobody uses BSA there

 

"Yeah, you're right, the crash happens even when BSA is not involved."

This was the expected because LOG_API is injected anyway.

"But I have few sandboxes with different configurations. Notepad works OK in all of them except BSA."

That's because in BSA sandbox you inject LOG_API dll.

"I would be happy to ask in Russian forum but I believe nobody uses BSA there "

Using BSA is not necessary for testing. You just need some users download Log_API (Build 1.0.5) from here:

https://github.com/sandboxie-plus/LogApiDll/releases

they create a new sandbox, add LOG_API to sandbox settings and test.

Or if you can install the same Windows/Build you use in a virtual machine and do tests. That would be fine too.

I'm afraid you have installed something in your system that it's interefering with LOG_API.

 

Tested in VM - and really something is linked with my system.
OK, too bad, it was not so cranky before
Looks like I am temporarily out of testing process.

 

If you have Windows Defender, EMET (Enhanced Mitigation Experience Toolkit) or any other antivirus/security suite installed, disable it temporaly and test again.

If you find out what is the software interfering with LOG_API, let us know, please.

Edit: Run resource access monitor and post log, please:

https://www.sandboxie.com/ResourceAccessMonitor

 

I am using Comodo, anyway - putting both Sandboxie program and Sandboxes folder into exclusion did not help/ Total disabling of FW/HIPS/AV in Comodo didn't help also.

Spoiler: ResourceAccessMonitor

(Drive) \Device\CdRom0; PID: 10168
(Drive) \Device\CdRom0; PID: 1284
(Drive) \Device\CdRom0; PID: 14692
(Drive) \Device\CdRom0; PID: 15872
(Drive) \Device\CdRom0; PID: 18540
(Drive) \Device\CdRom0; PID: 19656
(Drive) \Device\CdRom0; PID: 5296
(Drive) \Device\CdRom0; PID: 7436
(Drive) \Device\HarddiskVolume1; PID: 10168
(Drive) \Device\HarddiskVolume1; PID: 1284
(Drive) \Device\HarddiskVolume1; PID: 14692
(Drive) \Device\HarddiskVolume1; PID: 15872
(Drive) \Device\HarddiskVolume1; PID: 18540
(Drive) \Device\HarddiskVolume1; PID: 19656
(Drive) \Device\HarddiskVolume1; PID: 5296
(Drive) \Device\HarddiskVolume1; PID: 7436
(Drive) \Device\HarddiskVolume11; PID: 10168
(Drive) \Device\HarddiskVolume11; PID: 1284
(Drive) \Device\HarddiskVolume11; PID: 14692
(Drive) \Device\HarddiskVolume11; PID: 15872
(Drive) \Device\HarddiskVolume11; PID: 18540
(Drive) \Device\HarddiskVolume11; PID: 19656
(Drive) \Device\HarddiskVolume11; PID: 5296
(Drive) \Device\HarddiskVolume11; PID: 7436
(Drive) \Device\HarddiskVolume12; PID: 10168
(Drive) \Device\HarddiskVolume12; PID: 1284
(Drive) \Device\HarddiskVolume12; PID: 14692
(Drive) \Device\HarddiskVolume12; PID: 15872
(Drive) \Device\HarddiskVolume12; PID: 18540
(Drive) \Device\HarddiskVolume12; PID: 19656
(Drive) \Device\HarddiskVolume12; PID: 5296
(Drive) \Device\HarddiskVolume12; PID: 7436
(Drive) \Device\HarddiskVolume2; PID: 10168
(Drive) \Device\HarddiskVolume2; PID: 1284
(Drive) \Device\HarddiskVolume2; PID: 14692
(Drive) \Device\HarddiskVolume2; PID: 15872
(Drive) \Device\HarddiskVolume2; PID: 18540
(Drive) \Device\HarddiskVolume2; PID: 19656
(Drive) \Device\HarddiskVolume2; PID: 5296
(Drive) \Device\HarddiskVolume2; PID: 7436
(Drive) \Device\HarddiskVolume3; PID: 10168
(Drive) \Device\HarddiskVolume3; PID: 1284
(Drive) \Device\HarddiskVolume3; PID: 14692
(Drive) \Device\HarddiskVolume3; PID: 15872
(Drive) \Device\HarddiskVolume3; PID: 18540
(Drive) \Device\HarddiskVolume3; PID: 19656
(Drive) \Device\HarddiskVolume3; PID: 5296
(Drive) \Device\HarddiskVolume3; PID: 7436
(Drive) \Device\HarddiskVolume4; PID: 10168
(Drive) \Device\HarddiskVolume4; PID: 1284
(Drive) \Device\HarddiskVolume4; PID: 14692
(Drive) \Device\HarddiskVolume4; PID: 15872
(Drive) \Device\HarddiskVolume4; PID: 18540
(Drive) \Device\HarddiskVolume4; PID: 19656
(Drive) \Device\HarddiskVolume4; PID: 5296
(Drive) \Device\HarddiskVolume4; PID: 7436
(Drive) \Device\HarddiskVolume5; PID: 10168
(Drive) \Device\HarddiskVolume5; PID: 1284
(Drive) \Device\HarddiskVolume5; PID: 14692
(Drive) \Device\HarddiskVolume5; PID: 15872
(Drive) \Device\HarddiskVolume5; PID: 18540
(Drive) \Device\HarddiskVolume5; PID: 19656
(Drive) \Device\HarddiskVolume5; PID: 5296
(Drive) \Device\HarddiskVolume5; PID: 7436
(Drive) \Device\HarddiskVolume9; PID: 10168
(Drive) \Device\HarddiskVolume9; PID: 1284
(Drive) \Device\HarddiskVolume9; PID: 14692
(Drive) \Device\HarddiskVolume9; PID: 15872
(Drive) \Device\HarddiskVolume9; PID: 18540
(Drive) \Device\HarddiskVolume9; PID: 19656
(Drive) \Device\HarddiskVolume9; PID: 5296
(Drive) \Device\HarddiskVolume9; PID: 7436
Clsid -------------------------------
Clsid {53BD6B4E-3780-4693-AFC3-7161C2F3EE9C} MruLongList; PID: 10168
Clsid {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Thumbnail Cache Class Factory for Out of Proc Server; PID: 10168
Clsid {BCDE0395-E52F-467C-8E3D-C4579291692E} MMDeviceEnumerator class; PID: 10168
Clsid {C2F03A33-21F5-47FA-B4BB-156362A2F239} Immersive Shell; PID: 15872
Clsid {DCB00C01-570F-4A9B-8D69-199FDBA5723B} NetworkListManager; PID: 5296
Clsid {DCB00C01-570F-4A9B-8D69-199FDBA5723B} NetworkListManager; PID: 7436
Clsid unknown; PID: 1284
Clsid O {A47979D2-C419-11D9-A5B4-001185AD2B89} Network List Manager; PID: 5296
Clsid O {A47979D2-C419-11D9-A5B4-001185AD2B89} Network List Manager; PID: 7436
File/Key -------------------------------
Image -------------------------------
Ipc -------------------------------
Ipc \BaseNamedObjects\[CoreUI]-PID(1016-TID(1720 10488836-a4b2-4019-9e5f-1527bad3c53e; PID: 10168
Ipc \BaseNamedObjects\[CoreUI]-PID(15872)-TID(12160) 92fe20b0-a1b4-4d0b-a154-488ac5a2eaee; PID: 15872
Ipc \BaseNamedObjects\[CoreUI]-PID(438-TID(4732) 655b42e1-7de4-4c26-b297-e6be530385cf; PID: 10168
Ipc \BaseNamedObjects\[CoreUI]-PID(438-TID(4732) 655b42e1-7de4-4c26-b297-e6be530385cf; PID: 15872
Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 10168
Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 1284
Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 14692
Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 15872
Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 18540
Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 19656
Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 5296
Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 7436
Ipc \BaseNamedObjects\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}; PID: 14692
Ipc \BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}; PID: 14692
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{32B0B91A-D239-4294-A516-355E12200F92}.2.ver0x0000000000000002.db; PID: 10168
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{4413C97E-7BC2-4440-8444-5F8F78ED4711}.2.ver0x0000000000000001.db; PID: 10168
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000091.db; PID: 10168
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000091.db; PID: 15872
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6D5609CF-7BFB-4C0B-A5B0-F33627D02ED9}.2.ver0x0000000000000001.db; PID: 10168
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000003.db; PID: 10168
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000003.db; PID: 15872
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{ED06CBD3-DA15-42F0-8481-950F75DDBEDD}.2.ver0x0000000000000001.db; PID: 10168
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro; PID: 10168
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro; PID: 15872
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2; PID: 10168
Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2; PID: 15872
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_1280.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_16.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_1920.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_32.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_48.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_768.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterEvent; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_sr.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide_alternate.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1280.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_16.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1920.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_2560.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_48.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_768.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_custom_stream.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_exif.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_wide.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_wide_alternate.db!dfMaintainer; PID: 10168
Ipc \BaseNamedObjects\RotHintTable; PID: 14692
Ipc \BaseNamedObjects\SC_AutoStartComplete; PID: 19656
Ipc \BaseNamedObjects\windows_shell_global_counters; PID: 10168
Ipc \BaseNamedObjects\windows_shell_global_counters; PID: 15872
Ipc \PdcPort; PID: 5296
Ipc \PdcPort; PID: 7436
Ipc \RPC Control\actkernel; PID: 14692
Ipc \RPC Control\actkernel; PID: 19656
Ipc \RPC Control\epmapper; PID: 10168
Ipc \RPC Control\epmapper; PID: 1284
Ipc \RPC Control\epmapper; PID: 14692
Ipc \RPC Control\epmapper; PID: 15872
Ipc \RPC Control\epmapper; PID: 18540
Ipc \RPC Control\epmapper; PID: 19656
Ipc \RPC Control\epmapper; PID: 5296
Ipc \RPC Control\epmapper; PID: 7436
Ipc \RPC Control\keysvc; PID: 1284
Ipc \RPC Control\OLE6EE136B88D492D2C2A9955166FC0; PID: 15872
Ipc \RPC Control\OLE756D2AA51A48D7EFA771169806ED; PID: 7436
Ipc \RPC Control\OLE79ABE116A102706202979D1EB785; PID: 5296
Ipc \RPC Control\OLEF372054F63E17B27CE2FD7002EF6; PID: 10168
Ipc \RPC Control\OLEF372054F63E17B27CE2FD7002EF6; PID: 18540
Ipc \RPC Control\OLEFC7FD81B0DC5BD5DF474257C4D32; PID: 10168
Ipc \RPC Control\protected_storage; PID: 5296
Ipc \RPC Control\protected_storage; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 1284
Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 18540
Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_EALocalStorageV8131_000014B0; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_EALocalStorageV8131_00001D0C; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_EALocalStorageV8131_000027B8; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_EALocalStorageV8131_00003E00; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_EALocalStorageV8131_00004CC8; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\1ebe3030-8051-4ac9-a704-5ad83ef25cb3; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\27b8HWNDInterface:361020; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\27b8HWNDInterface:3c0d2c; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\27b8HWNDInterface:3f0faa; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\27b8HWNDInterface:5f0fde; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\43d1985f-61ea-4df9-bba1-e4f7e75997f3; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{32B0B91A-D239-4294-A516-355E12200F92}.2.ver0x0000000000000002.db; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{4413C97E-7BC2-4440-8444-5F8F78ED4711}.2.ver0x0000000000000001.db; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000091.db; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000091.db; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6D5609CF-7BFB-4C0B-A5B0-F33627D02ED9}.2.ver0x0000000000000001.db; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000003.db; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000003.db; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{ED06CBD3-DA15-42F0-8481-950F75DDBEDD}.2.ver0x0000000000000001.db; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000072f.db; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000231.db; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000231.db; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*cversions.1.ro; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*cversions.1.ro; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*cversions.3.ro; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_1280.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_16.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_1920.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_32.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_48.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_768.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!036028; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0416d8; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0425a8; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!042a98; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!042f88; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!043478; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!043968; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!043e58; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!044348; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!044838; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!044d28; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!045218; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!045708; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!045bf8; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!074588; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!074a78; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!074f68; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!075458; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!07de98; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!11242d8; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!11253c8; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!11264b8; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!11275a8; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!1128698; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!1129788; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!112a878; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!112b968; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!112ca58; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!112db48; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!25a0a8; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!28a858; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!2a8888; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!2cfc78; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!2d2168; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterEvent; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_sr.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide_alternate.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1280.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_16.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1920.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_2560.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_48.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_768.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_custom_stream.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_exif.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!2174f450; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!21872970; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!21e540; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!28370; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!41fe6d4a; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!4268c5ca; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!426a44e8; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!4960; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!4b74; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!4e8c; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_wide.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_wide_alternate.db!dfMaintainer; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\ComPlusCOMRegTable; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\Cor_Private_IPCBlock_v4_10168; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\CPFATE_10168_v4.0.30319; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\f01b4d95cf55d32a.automaticDestinations-ms; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00002f80_00000000_000005fc; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00002f80_00000000_000006ca; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00004338_00000000_00002f9a; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00004338_00000000_0000498e; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00004338_00000000_000050bc; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00004338_00000000_000050ed; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\IDMEventMonitor; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\Lv16_HoverWithCtrlAllowed; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\Lv16_HoverWithCtrlAllowed; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\Lv16_LeftMouseClickWithAltAllowed; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\Lv16_LeftMouseClickWithAltAllowed; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\Mutexf01b4d95cf55d32a.automaticDestinations-ms; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\OleDfRoot15B8CE56CC137065; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\OleDfRoot48C5B78795676E20; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\RotHintTable; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_10168; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_1284; PID: 1284
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_14692; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_15872; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_18540; PID: 18540
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_19656; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_5296; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_7436; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_RPCSS_SXS_READY; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_RPCSS_SXS_READY; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceCrypto_Mutex1; PID: 1284
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 1284
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 1284
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 18540
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_Mutex1; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcEptMapper; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 1284
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 18540
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\SBIE_ProtectedStorage_Mutex; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SBIE_ProtectedStorage_Section; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 1284
Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 18540
Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\SC_AutoStartComplete; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\ScmCreatedEvent; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SessionImmersiveColorMutex; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SessionImmersiveColorPreference; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\Shell.CMruPidlList; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SM0:10168:120:WilError_02; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SM0:10168:120:WilError_02_p0; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SM0:10168:120:WilError_02_p0h; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SM0:10168:304:WilStaging_02; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SM0:10168:304:WilStaging_02_p0; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SM0:10168:304:WilStaging_02_p0h; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SM0:1284:304:WilStaging_02; PID: 1284
Ipc \Sessions\1\BaseNamedObjects\SM0:1284:304:WilStaging_02_p0; PID: 1284
Ipc \Sessions\1\BaseNamedObjects\SM0:1284:304:WilStaging_02_p0h; PID: 1284
Ipc \Sessions\1\BaseNamedObjects\SM0:14692:120:WilError_02; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\SM0:14692:120:WilError_02_p0; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\SM0:14692:120:WilError_02_p0h; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\SM0:14692:304:WilStaging_02; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\SM0:14692:304:WilStaging_02_p0; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\SM0:14692:304:WilStaging_02_p0h; PID: 14692
Ipc \Sessions\1\BaseNamedObjects\SM0:15872:120:WilError_02; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SM0:15872:120:WilError_02_p0; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SM0:15872:120:WilError_02_p0h; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SM0:15872:304:WilStaging_02; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SM0:15872:304:WilStaging_02_p0; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SM0:15872:304:WilStaging_02_p0h; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\SM0:18540:304:WilStaging_02; PID: 18540
Ipc \Sessions\1\BaseNamedObjects\SM0:18540:304:WilStaging_02_p0; PID: 18540
Ipc \Sessions\1\BaseNamedObjects\SM0:18540:304:WilStaging_02_p0h; PID: 18540
Ipc \Sessions\1\BaseNamedObjects\SM0:19656:120:WilError_02; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SM0:19656:120:WilError_02_p0; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SM0:19656:120:WilError_02_p0h; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SM0:19656:304:WilStaging_02; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SM0:19656:304:WilStaging_02_p0; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SM0:19656:304:WilStaging_02_p0h; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\SM0:5296:120:WilError_02; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\SM0:5296:120:WilError_02_p0; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\SM0:5296:120:WilError_02_p0h; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\SM0:5296:304:WilStaging_02; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\SM0:5296:304:WilStaging_02_p0; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\SM0:5296:304:WilStaging_02_p0h; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\SM0:7436:120:WilError_02; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\SM0:7436:120:WilError_02_p0; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\SM0:7436:120:WilError_02_p0h; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\SM0:7436:304:WilStaging_02; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\SM0:7436:304:WilStaging_02_p0; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\SM0:7436:304:WilStaging_02_p0h; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\SyncRootManager; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\SyncRootManager; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\ThumbnailCache.SimultaneousExtractions.{66526bdc-5216-40c2-b496-d1eb7c2223a4}; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\UrlZonesSM_**; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\WERReportingForProcess10168; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\WERReportingForProcess10168; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\WERReportingForProcessComplete10168; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\WERReportingForProcessComplete10168; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 15872
Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 18540
Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 19656
Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 5296
Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 7436
Ipc \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex; PID: 10168
Ipc \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex; PID: 10168
Ipc \WindowsErrorReportingServicePort; PID: 10168
Ipc \WindowsErrorReportingServicePort; PID: 5296
Ipc \WindowsErrorReportingServicePort; PID: 7436
Ipc O \...\Cor_SxSPublic_IPCBlock; PID: 10168
Ipc O \BaseNamedObjects\CoreMessagingRegistrar; PID: 10168
Ipc O \BaseNamedObjects\CoreMessagingRegistrar; PID: 15872
Ipc O \BaseNamedObjects\msctf.serverDefault1; PID: 10168
Ipc O \BaseNamedObjects\msctf.serverDefault1; PID: 15872
Ipc O \BaseNamedObjects\TabletHardwarePresent; PID: 10168
Ipc O \KernelObjects\LowMemoryCondition; PID: 10168
Ipc O \KernelObjects\LowMemoryCondition; PID: 1284
Ipc O \KernelObjects\MaximumCommitCondition; PID: 10168
Ipc O \KernelObjects\MaximumCommitCondition; PID: 1284
Ipc O \KernelObjects\MaximumCommitCondition; PID: 14692
Ipc O \KernelObjects\MaximumCommitCondition; PID: 15872
Ipc O \KernelObjects\MaximumCommitCondition; PID: 18540
Ipc O \KernelObjects\MaximumCommitCondition; PID: 19656
Ipc O \KernelObjects\MaximumCommitCondition; PID: 5296
Ipc O \KernelObjects\MaximumCommitCondition; PID: 7436
Ipc O \KernelObjects\MemoryErrors; PID: 5296
Ipc O \KernelObjects\MemoryErrors; PID: 7436
Ipc O \KernelObjects\SystemErrorPortReady; PID: 10168
Ipc O \KernelObjects\SystemErrorPortReady; PID: 5296
Ipc O \KernelObjects\SystemErrorPortReady; PID: 7436
Ipc O \KnownDlls\advapi32.dll; PID: 10168
Ipc O \KnownDlls\advapi32.dll; PID: 1284
Ipc O \KnownDlls\advapi32.dll; PID: 14692
Ipc O \KnownDlls\advapi32.dll; PID: 15872
Ipc O \KnownDlls\advapi32.dll; PID: 18540
Ipc O \KnownDlls\advapi32.dll; PID: 19656
Ipc O \KnownDlls\advapi32.dll; PID: 5296
Ipc O \KnownDlls\advapi32.dll; PID: 7436
Ipc O \KnownDlls\bcrypt.dll; PID: 10168
Ipc O \KnownDlls\bcrypt.dll; PID: 1284
Ipc O \KnownDlls\bcrypt.dll; PID: 14692
Ipc O \KnownDlls\bcrypt.dll; PID: 15872
Ipc O \KnownDlls\bcrypt.dll; PID: 19656
Ipc O \KnownDlls\bcrypt.dll; PID: 5296
Ipc O \KnownDlls\bcrypt.dll; PID: 7436
Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 10168
Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 1284
Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 14692
Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 15872
Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 18540
Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 19656
Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 5296
Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 7436
Ipc O \KnownDlls\cfgmgr32.dll; PID: 10168
Ipc O \KnownDlls\cfgmgr32.dll; PID: 1284
Ipc O \KnownDlls\cfgmgr32.dll; PID: 15872
Ipc O \KnownDlls\cfgmgr32.dll; PID: 18540
Ipc O \KnownDlls\cfgmgr32.dll; PID: 19656
Ipc O \KnownDlls\cfgmgr32.dll; PID: 5296
Ipc O \KnownDlls\cfgmgr32.dll; PID: 7436
Ipc O \KnownDlls\clbcatq.dll; PID: 10168
Ipc O \KnownDlls\clbcatq.dll; PID: 1284
Ipc O \KnownDlls\clbcatq.dll; PID: 14692
Ipc O \KnownDlls\clbcatq.dll; PID: 15872
Ipc O \KnownDlls\clbcatq.dll; PID: 18540
Ipc O \KnownDlls\clbcatq.dll; PID: 19656
Ipc O \KnownDlls\clbcatq.dll; PID: 5296
Ipc O \KnownDlls\clbcatq.dll; PID: 7436
Ipc O \KnownDlls\combase.dll; PID: 10168
Ipc O \KnownDlls\combase.dll; PID: 1284
Ipc O \KnownDlls\combase.dll; PID: 14692
Ipc O \KnownDlls\combase.dll; PID: 15872
Ipc O \KnownDlls\combase.dll; PID: 18540
Ipc O \KnownDlls\combase.dll; PID: 19656
Ipc O \KnownDlls\combase.dll; PID: 5296
Ipc O \KnownDlls\combase.dll; PID: 7436
Ipc O \KnownDlls\COMDLG32.dll; PID: 10168
Ipc O \KnownDlls\COMDLG32.dll; PID: 15872
Ipc O \KnownDlls\coml2.dll; PID: 10168
Ipc O \KnownDlls\CRYPT32.dll; PID: 10168
Ipc O \KnownDlls\CRYPT32.dll; PID: 1284
Ipc O \KnownDlls\CRYPT32.dll; PID: 15872
Ipc O \KnownDlls\CRYPT32.dll; PID: 19656
Ipc O \KnownDlls\CRYPT32.dll; PID: 5296
Ipc O \KnownDlls\CRYPT32.dll; PID: 7436
Ipc O \KnownDlls\cryptsp.dll; PID: 10168
Ipc O \KnownDlls\cryptsp.dll; PID: 15872
Ipc O \KnownDlls\cryptsp.dll; PID: 18540
Ipc O \KnownDlls\cryptsp.dll; PID: 19656
Ipc O \KnownDlls\cryptsp.dll; PID: 5296
Ipc O \KnownDlls\cryptsp.dll; PID: 7436
Ipc O \KnownDlls\gdi32.dll; PID: 10168
Ipc O \KnownDlls\gdi32.dll; PID: 1284
Ipc O \KnownDlls\gdi32.dll; PID: 14692
Ipc O \KnownDlls\gdi32.dll; PID: 15872
Ipc O \KnownDlls\gdi32.dll; PID: 18540
Ipc O \KnownDlls\gdi32.dll; PID: 19656
Ipc O \KnownDlls\gdi32.dll; PID: 5296
Ipc O \KnownDlls\gdi32.dll; PID: 7436
Ipc O \KnownDlls\gdi32full.dll; PID: 10168
Ipc O \KnownDlls\gdi32full.dll; PID: 1284
Ipc O \KnownDlls\gdi32full.dll; PID: 14692
Ipc O \KnownDlls\gdi32full.dll; PID: 15872
Ipc O \KnownDlls\gdi32full.dll; PID: 18540
Ipc O \KnownDlls\gdi32full.dll; PID: 19656
Ipc O \KnownDlls\gdi32full.dll; PID: 5296
Ipc O \KnownDlls\gdi32full.dll; PID: 7436
Ipc O \KnownDlls\IMAGEHLP.dll; PID: 10168
Ipc O \KnownDlls\IMAGEHLP.dll; PID: 15872
Ipc O \KnownDlls\IMAGEHLP.dll; PID: 19656
Ipc O \KnownDlls\IMAGEHLP.dll; PID: 5296
Ipc O \KnownDlls\IMAGEHLP.dll; PID: 7436
Ipc O \KnownDlls\IMM32.dll; PID: 10168
Ipc O \KnownDlls\IMM32.dll; PID: 1284
Ipc O \KnownDlls\IMM32.dll; PID: 14692
Ipc O \KnownDlls\IMM32.dll; PID: 15872
Ipc O \KnownDlls\IMM32.dll; PID: 18540
Ipc O \KnownDlls\IMM32.dll; PID: 19656
Ipc O \KnownDlls\IMM32.dll; PID: 5296
Ipc O \KnownDlls\IMM32.dll; PID: 7436
Ipc O \KnownDlls\kernel.appcore.dll; PID: 10168
Ipc O \KnownDlls\kernel.appcore.dll; PID: 1284
Ipc O \KnownDlls\kernel.appcore.dll; PID: 15872
Ipc O \KnownDlls\kernel.appcore.dll; PID: 18540
Ipc O \KnownDlls\kernel.appcore.dll; PID: 19656
Ipc O \KnownDlls\kernel.appcore.dll; PID: 5296
Ipc O \KnownDlls\kernel.appcore.dll; PID: 7436
Ipc O \KnownDlls\kernel32.dll; PID: 10168
Ipc O \KnownDlls\kernel32.dll; PID: 1284
Ipc O \KnownDlls\kernel32.dll; PID: 14692
Ipc O \KnownDlls\kernel32.dll; PID: 15872
Ipc O \KnownDlls\kernel32.dll; PID: 18540
Ipc O \KnownDlls\kernel32.dll; PID: 19656
Ipc O \KnownDlls\kernel32.dll; PID: 5296
Ipc O \KnownDlls\kernel32.dll; PID: 7436
Ipc O \KnownDlls\KERNELBASE.dll; PID: 10168
Ipc O \KnownDlls\KERNELBASE.dll; PID: 1284
Ipc O \KnownDlls\KERNELBASE.dll; PID: 14692
Ipc O \KnownDlls\KERNELBASE.dll; PID: 15872
Ipc O \KnownDlls\KERNELBASE.dll; PID: 18540
Ipc O \KnownDlls\KERNELBASE.dll; PID: 19656
Ipc O \KnownDlls\KERNELBASE.dll; PID: 5296
Ipc O \KnownDlls\KERNELBASE.dll; PID: 7436
Ipc O \KnownDlls\MSASN1.dll; PID: 10168
Ipc O \KnownDlls\MSASN1.dll; PID: 1284
Ipc O \KnownDlls\MSASN1.dll; PID: 15872
Ipc O \KnownDlls\MSASN1.dll; PID: 19656
Ipc O \KnownDlls\MSASN1.dll; PID: 5296
Ipc O \KnownDlls\MSASN1.dll; PID: 7436
Ipc O \KnownDlls\MSCTF.dll; PID: 10168
Ipc O \KnownDlls\MSCTF.dll; PID: 15872
Ipc O \KnownDlls\MSCTF.dll; PID: 19656
Ipc O \KnownDlls\MSCTF.dll; PID: 5296
Ipc O \KnownDlls\MSCTF.dll; PID: 7436
Ipc O \KnownDlls\msvcp_win.dll; PID: 10168
Ipc O \KnownDlls\msvcp_win.dll; PID: 1284
Ipc O \KnownDlls\msvcp_win.dll; PID: 14692
Ipc O \KnownDlls\msvcp_win.dll; PID: 15872
Ipc O \KnownDlls\msvcp_win.dll; PID: 18540
Ipc O \KnownDlls\msvcp_win.dll; PID: 19656
Ipc O \KnownDlls\msvcp_win.dll; PID: 5296
Ipc O \KnownDlls\msvcp_win.dll; PID: 7436
Ipc O \KnownDlls\MSVCRT.dll; PID: 10168
Ipc O \KnownDlls\MSVCRT.dll; PID: 1284
Ipc O \KnownDlls\MSVCRT.dll; PID: 14692
Ipc O \KnownDlls\MSVCRT.dll; PID: 15872
Ipc O \KnownDlls\MSVCRT.dll; PID: 18540
Ipc O \KnownDlls\MSVCRT.dll; PID: 19656
Ipc O \KnownDlls\MSVCRT.dll; PID: 5296
Ipc O \KnownDlls\MSVCRT.dll; PID: 7436
Ipc O \KnownDlls\NSI.dll; PID: 5296
Ipc O \KnownDlls\NSI.dll; PID: 7436
Ipc O \KnownDlls\ole32.dll; PID: 10168
Ipc O \KnownDlls\ole32.dll; PID: 15872
Ipc O \KnownDlls\ole32.dll; PID: 19656
Ipc O \KnownDlls\ole32.dll; PID: 5296
Ipc O \KnownDlls\ole32.dll; PID: 7436
Ipc O \KnownDlls\OLEAUT32.dll; PID: 10168
Ipc O \KnownDlls\OLEAUT32.dll; PID: 1284
Ipc O \KnownDlls\OLEAUT32.dll; PID: 14692
Ipc O \KnownDlls\OLEAUT32.dll; PID: 15872
Ipc O \KnownDlls\OLEAUT32.dll; PID: 18540
Ipc O \KnownDlls\OLEAUT32.dll; PID: 19656
Ipc O \KnownDlls\OLEAUT32.dll; PID: 5296
Ipc O \KnownDlls\OLEAUT32.dll; PID: 7436
Ipc O \KnownDlls\powrprof.dll; PID: 10168
Ipc O \KnownDlls\powrprof.dll; PID: 14692
Ipc O \KnownDlls\powrprof.dll; PID: 15872
Ipc O \KnownDlls\powrprof.dll; PID: 18540
Ipc O \KnownDlls\powrprof.dll; PID: 19656
Ipc O \KnownDlls\powrprof.dll; PID: 5296
Ipc O \KnownDlls\powrprof.dll; PID: 7436
Ipc O \KnownDlls\profapi.dll; PID: 10168
Ipc O \KnownDlls\profapi.dll; PID: 15872
Ipc O \KnownDlls\profapi.dll; PID: 18540
Ipc O \KnownDlls\profapi.dll; PID: 19656
Ipc O \KnownDlls\profapi.dll; PID: 5296
Ipc O \KnownDlls\profapi.dll; PID: 7436
Ipc O \KnownDlls\PSAPI.DLL; PID: 10168
Ipc O \KnownDlls\PSAPI.DLL; PID: 1284
Ipc O \KnownDlls\PSAPI.DLL; PID: 14692
Ipc O \KnownDlls\PSAPI.DLL; PID: 15872
Ipc O \KnownDlls\PSAPI.DLL; PID: 18540
Ipc O \KnownDlls\PSAPI.DLL; PID: 19656
Ipc O \KnownDlls\PSAPI.DLL; PID: 5296
Ipc O \KnownDlls\PSAPI.DLL; PID: 7436
Ipc O \KnownDlls\rpcrt4.dll; PID: 10168
Ipc O \KnownDlls\rpcrt4.dll; PID: 1284
Ipc O \KnownDlls\rpcrt4.dll; PID: 14692
Ipc O \KnownDlls\rpcrt4.dll; PID: 15872
Ipc O \KnownDlls\rpcrt4.dll; PID: 18540
Ipc O \KnownDlls\rpcrt4.dll; PID: 19656
Ipc O \KnownDlls\rpcrt4.dll; PID: 5296
Ipc O \KnownDlls\rpcrt4.dll; PID: 7436
Ipc O \KnownDlls\sechost.dll; PID: 10168
Ipc O \KnownDlls\sechost.dll; PID: 1284
Ipc O \KnownDlls\sechost.dll; PID: 14692
Ipc O \KnownDlls\sechost.dll; PID: 15872
Ipc O \KnownDlls\sechost.dll; PID: 18540
Ipc O \KnownDlls\sechost.dll; PID: 19656
Ipc O \KnownDlls\sechost.dll; PID: 5296
Ipc O \KnownDlls\sechost.dll; PID: 7436
Ipc O \KnownDlls\Setupapi.dll; PID: 10168
Ipc O \KnownDlls\SHCORE.dll; PID: 10168
Ipc O \KnownDlls\SHCORE.dll; PID: 15872
Ipc O \KnownDlls\SHCORE.dll; PID: 18540
Ipc O \KnownDlls\SHCORE.dll; PID: 19656
Ipc O \KnownDlls\SHCORE.dll; PID: 5296
Ipc O \KnownDlls\SHCORE.dll; PID: 7436
Ipc O \KnownDlls\SHELL32.dll; PID: 10168
Ipc O \KnownDlls\SHELL32.dll; PID: 15872
Ipc O \KnownDlls\SHELL32.dll; PID: 18540
Ipc O \KnownDlls\SHELL32.dll; PID: 19656
Ipc O \KnownDlls\SHELL32.dll; PID: 5296
Ipc O \KnownDlls\SHELL32.dll; PID: 7436
Ipc O \KnownDlls\SHLWAPI.dll; PID: 10168
Ipc O \KnownDlls\SHLWAPI.dll; PID: 15872
Ipc O \KnownDlls\SHLWAPI.dll; PID: 18540
Ipc O \KnownDlls\SHLWAPI.dll; PID: 19656
Ipc O \KnownDlls\SHLWAPI.dll; PID: 5296
Ipc O \KnownDlls\SHLWAPI.dll; PID: 7436
Ipc O \KnownDlls\ucrtbase.dll; PID: 10168
Ipc O \KnownDlls\ucrtbase.dll; PID: 1284
Ipc O \KnownDlls\ucrtbase.dll; PID: 14692
Ipc O \KnownDlls\ucrtbase.dll; PID: 15872
Ipc O \KnownDlls\ucrtbase.dll; PID: 18540
Ipc O \KnownDlls\ucrtbase.dll; PID: 19656
Ipc O \KnownDlls\ucrtbase.dll; PID: 5296
Ipc O \KnownDlls\ucrtbase.dll; PID: 7436
Ipc O \KnownDlls\UMPDC.dll; PID: 10168
Ipc O \KnownDlls\UMPDC.dll; PID: 14692
Ipc O \KnownDlls\UMPDC.dll; PID: 15872
Ipc O \KnownDlls\UMPDC.dll; PID: 18540
Ipc O \KnownDlls\UMPDC.dll; PID: 19656
Ipc O \KnownDlls\UMPDC.dll; PID: 5296
Ipc O \KnownDlls\UMPDC.dll; PID: 7436
Ipc O \KnownDlls\user32.dll; PID: 10168
Ipc O \KnownDlls\user32.dll; PID: 1284
Ipc O \KnownDlls\user32.dll; PID: 14692
Ipc O \KnownDlls\user32.dll; PID: 15872
Ipc O \KnownDlls\user32.dll; PID: 18540
Ipc O \KnownDlls\user32.dll; PID: 19656
Ipc O \KnownDlls\user32.dll; PID: 5296
Ipc O \KnownDlls\user32.dll; PID: 7436
Ipc O \KnownDlls\win32u.dll; PID: 10168
Ipc O \KnownDlls\win32u.dll; PID: 1284
Ipc O \KnownDlls\win32u.dll; PID: 14692
Ipc O \KnownDlls\win32u.dll; PID: 15872
Ipc O \KnownDlls\win32u.dll; PID: 18540
Ipc O \KnownDlls\win32u.dll; PID: 19656
Ipc O \KnownDlls\win32u.dll; PID: 5296
Ipc O \KnownDlls\win32u.dll; PID: 7436
Ipc O \KnownDlls\windows.storage.dll; PID: 10168
Ipc O \KnownDlls\windows.storage.dll; PID: 15872
Ipc O \KnownDlls\windows.storage.dll; PID: 18540
Ipc O \KnownDlls\windows.storage.dll; PID: 19656
Ipc O \KnownDlls\windows.storage.dll; PID: 5296
Ipc O \KnownDlls\windows.storage.dll; PID: 7436
Ipc O \KnownDlls\WINTRUST.dll; PID: 10168
Ipc O \KnownDlls\WINTRUST.dll; PID: 15872
Ipc O \KnownDlls\WINTRUST.dll; PID: 19656
Ipc O \KnownDlls\WINTRUST.dll; PID: 5296
Ipc O \KnownDlls\WINTRUST.dll; PID: 7436
Ipc O \KnownDlls\WS2_32.dll; PID: 10168
Ipc O \KnownDlls\WS2_32.dll; PID: 1284
Ipc O \KnownDlls\WS2_32.dll; PID: 19656
Ipc O \KnownDlls\WS2_32.dll; PID: 5296
Ipc O \KnownDlls\WS2_32.dll; PID: 7436
Ipc O \RPC Control\Audiosrv; PID: 10168
Ipc O \RPC Control\lsapolicylookup; PID: 10168
Ipc O \RPC Control\lsapolicylookup; PID: 1284
Ipc O \RPC Control\lsapolicylookup; PID: 14692
Ipc O \RPC Control\lsapolicylookup; PID: 15872
Ipc O \RPC Control\lsapolicylookup; PID: 18540
Ipc O \RPC Control\lsapolicylookup; PID: 19656
Ipc O \RPC Control\lsapolicylookup; PID: 5296
Ipc O \RPC Control\lsapolicylookup; PID: 7436
Ipc O \RPC Control\LSARPC_ENDPOINT; PID: 10168
Ipc O \RPC Control\lsasspirpc; PID: 10168
Ipc O \RPC Control\lsasspirpc; PID: 14692
Ipc O \RPC Control\lsasspirpc; PID: 15872
Ipc O \RPC Control\lsasspirpc; PID: 19656
Ipc O \RPC Control\samss lpc; PID: 10168
Ipc O \RPC Control\samss lpc; PID: 1284
Ipc O \RPC Control\SbieSvcPort; PID: 10168
Ipc O \RPC Control\SbieSvcPort; PID: 1284
Ipc O \RPC Control\SbieSvcPort; PID: 14692
Ipc O \RPC Control\SbieSvcPort; PID: 15872
Ipc O \RPC Control\SbieSvcPort; PID: 18540
Ipc O \RPC Control\SbieSvcPort; PID: 19656
Ipc O \RPC Control\SbieSvcPort; PID: 5296
Ipc O \RPC Control\SbieSvcPort; PID: 7436
Ipc O \Security\LSA_AUTHENTICATION_INITIALIZED; PID: 10168
Ipc O \Security\LSA_AUTHENTICATION_INITIALIZED; PID: 14692
Ipc O \Security\LSA_AUTHENTICATION_INITIALIZED; PID: 15872
Ipc O \Security\LSA_AUTHENTICATION_INITIALIZED; PID: 19656
Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ParamStrings_0E9FC193; PID: 10168
Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ParamStrings_0E9FC193; PID: 15872
Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ServiceMapping; PID: 10168
Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ServiceMapping; PID: 15872
Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ServiceMapping; PID: 19656
Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ServiceMapping; PID: 5296
Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ServiceMapping; PID: 7436
Ipc O \Sessions\1\BaseNamedObjects\ActualTools_LockMonitor; PID: 10168
Ipc O \Sessions\1\BaseNamedObjects\ActualTools_LockMonitor; PID: 15872
Ipc O \Sessions\1\BaseNamedObjects\ActualTools_LockMonitor; PID: 19656
Ipc O \Sessions\1\BaseNamedObjects\ActualTools_LockMonitor; PID: 5296
Ipc O \Sessions\1\BaseNamedObjects\ActualTools_LockMonitor; PID: 7436
Ipc O \Sessions\1\BaseNamedObjects\ActualTools_UnlockMonitor; PID: 10168
Ipc O \Sessions\1\BaseNamedObjects\ActualTools_UnlockMonitor; PID: 15872
Ipc O \Sessions\1\BaseNamedObjects\ActualTools_UnlockMonitor; PID: 19656
Ipc O \Sessions\1\BaseNamedObjects\ActualTools_UnlockMonitor; PID: 5296
Ipc O \Sessions\1\BaseNamedObjects\ActualTools_UnlockMonitor; PID: 7436
Ipc O \Sessions\1\BaseNamedObjects\CicLoadWinStaWinSta0; PID: 10168
Ipc O \Sessions\1\BaseNamedObjects\CicLoadWinStaWinSta0; PID: 15872
Ipc O \Sessions\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault1; PID: 10168
Ipc O \Sessions\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault1; PID: 15872
Ipc O \Sessions\1\BaseNamedObjects\MSCTF.Asm.MutexDefault1; PID: 10168
Ipc O \Sessions\1\BaseNamedObjects\MSCTF.Asm.MutexDefault1; PID: 15872
Ipc O \Sessions\1\BaseNamedObjects\MSCTF.CtfMonitorInstMutexDefault1; PID: 10168
Ipc O \Sessions\1\BaseNamedObjects\MSCTF.CtfMonitorInstMutexDefault1; PID: 15872
Ipc O \Sessions\1\Windows\ApiPort; PID: 10168
Ipc O \Sessions\1\Windows\ApiPort; PID: 1284
Ipc O \Sessions\1\Windows\ApiPort; PID: 14692
Ipc O \Sessions\1\Windows\ApiPort; PID: 15872
Ipc O \Sessions\1\Windows\ApiPort; PID: 18540
Ipc O \Sessions\1\Windows\ApiPort; PID: 19656
Ipc O \Sessions\1\Windows\ApiPort; PID: 5296
Ipc O \Sessions\1\Windows\ApiPort; PID: 7436
Ipc O \Sessions\1\Windows\SharedSection; PID: 10168
Ipc O \Sessions\1\Windows\SharedSection; PID: 1284
Ipc O \Sessions\1\Windows\SharedSection; PID: 14692
Ipc O \Sessions\1\Windows\SharedSection; PID: 15872
Ipc O \Sessions\1\Windows\SharedSection; PID: 18540
Ipc O \Sessions\1\Windows\SharedSection; PID: 19656
Ipc O \Sessions\1\Windows\SharedSection; PID: 5296
Ipc O \Sessions\1\Windows\SharedSection; PID: 7436
Ipc O \Sessions\1\Windows\Theme4049804192; PID: 10168
Ipc O \Sessions\1\Windows\Theme4049804192; PID: 15872
Ipc O \Sessions\1\Windows\Theme4049804192; PID: 19656
Ipc O \Sessions\1\Windows\Theme4049804192; PID: 5296
Ipc O \Sessions\1\Windows\Theme4049804192; PID: 7436
Ipc O \Sessions\1\Windows\ThemeSection; PID: 10168
Ipc O \Sessions\1\Windows\ThemeSection; PID: 15872
Ipc O \Sessions\1\Windows\ThemeSection; PID: 19656
Ipc O \Sessions\1\Windows\ThemeSection; PID: 5296
Ipc O \Sessions\1\Windows\ThemeSection; PID: 7436
Ipc O \ThemeApiPort; PID: 10168
Ipc O \ThemeApiPort; PID: 15872
Ipc O \ThemeApiPort; PID: 18540
Ipc O \ThemeApiPort; PID: 19656
Ipc O \ThemeApiPort; PID: 5296
Ipc O \ThemeApiPort; PID: 7436
Ipc O \Windows\Theme2718350742; PID: 10168
Ipc O \Windows\Theme2718350742; PID: 15872
Ipc O \Windows\Theme2718350742; PID: 19656
Ipc O \Windows\Theme2718350742; PID: 5296
Ipc O \Windows\Theme2718350742; PID: 7436
Ipc X $:notepad.exe; PID: 7436
Pipe -------------------------------
Pipe ?; PID: 10168
Pipe ?; PID: 1284
Pipe ?; PID: 15872
Pipe ?; PID: 18540
Pipe ?; PID: 19656
Pipe ?; PID: 5296
Pipe ?; PID: 7436
Pipe \Device\000000c7; PID: 10168
Pipe \Device\000000c7; PID: 15872
Pipe \Device\CNG; PID: 10168
Pipe \Device\CNG; PID: 1284
Pipe \Device\CNG; PID: 14692
Pipe \Device\CNG; PID: 15872
Pipe \Device\CNG; PID: 18540
Pipe \Device\CNG; PID: 19656
Pipe \Device\CNG; PID: 5296
Pipe \Device\CNG; PID: 7436
Pipe \Device\DfsClient; PID: 10168
Pipe \Device\Harddisk0\DR0; PID: 1284
Pipe \Device\HarddiskVolume1; PID: 10168
Pipe \Device\HarddiskVolume1; PID: 15872
Pipe \Device\HarddiskVolume10; PID: 10168
Pipe \Device\HarddiskVolume10; PID: 15872
Pipe \Device\HarddiskVolume11; PID: 10168
Pipe \Device\HarddiskVolume11; PID: 15872
Pipe \Device\HarddiskVolume12; PID: 10168
Pipe \Device\HarddiskVolume12; PID: 15872
Pipe \Device\HarddiskVolume2; PID: 10168
Pipe \Device\HarddiskVolume2; PID: 15872
Pipe \Device\HarddiskVolume3; PID: 10168
Pipe \Device\HarddiskVolume3; PID: 15872
Pipe \Device\HarddiskVolume4; PID: 10168
Pipe \Device\HarddiskVolume4; PID: 15872
Pipe \Device\HarddiskVolume5; PID: 10168
Pipe \Device\HarddiskVolume5; PID: 15872
Pipe \Device\HarddiskVolume6; PID: 10168
Pipe \Device\HarddiskVolume6; PID: 15872
Pipe \Device\HarddiskVolume7; PID: 10168
Pipe \Device\HarddiskVolume7; PID: 15872
Pipe \Device\HarddiskVolume9; PID: 10168
Pipe \Device\HarddiskVolume9; PID: 1284
Pipe \Device\HarddiskVolume9; PID: 15872
Pipe \Device\IDMWFP; PID: 10168
Pipe \Device\KsecDD; PID: 10168
Pipe \Device\KsecDD; PID: 1284
Pipe \Device\KsecDD; PID: 14692
Pipe \Device\KsecDD; PID: 15872
Pipe \Device\KsecDD; PID: 19656
Pipe \Device\KsecDD; PID: 5296
Pipe \Device\KsecDD; PID: 7436
Pipe \Device\MountPointManager; PID: 10168
Pipe \Device\MountPointManager; PID: 1284
Pipe \Device\MountPointManager; PID: 15872
Pipe \Device\MountPointManager; PID: 5296
Pipe \Device\MountPointManager; PID: 7436
Pipe \Device\Mup; PID: 10168
Pipe \device\namedpipe\dav rpc service; PID: 10168
Pipe \Device\NamedPipe\IDMNetworkMonitor.1; PID: 10168
Pipe \device\namedpipe\idmnetworkmonitor.1; PID: 10168
Pipe \device\namedpipe\srvsvc; PID: 10168
Pipe \device\namedpipe\wkssvc; PID: 10168
Pipe \Device\Ndis; PID: 19656
Pipe \Device\NDMP10; PID: 19656
Pipe \Device\NDMP11; PID: 19656
Pipe \Device\NDMP12; PID: 19656
Pipe \Device\NDMP13; PID: 19656
Pipe \Device\NDMP14; PID: 19656
Pipe \Device\NDMP15; PID: 19656
Pipe \Device\NDMP16; PID: 19656
Pipe \Device\NDMP17; PID: 19656
Pipe \Device\NDMP7; PID: 19656
Pipe \Device\NDMP8; PID: 19656
Pipe \Device\NDMP9; PID: 19656
Pipe O \Device\Afd; PID: 10168
Pipe O \Device\Afd; PID: 5296
Pipe O \Device\Afd; PID: 7436
Pipe O \device\namedpipe\logapi; PID: 10168
Pipe O \device\namedpipe\logapi; PID: 18540
Pipe O \device\namedpipe\logapi; PID: 5296
Pipe O \device\namedpipe\logapi; PID: 7436
Pipe O \Device\Nsi; PID: 5296
Pipe O \Device\Nsi; PID: 7436
WinCls -------------------------------
WinCls O aim_MessengerServerWindow; PID: 10168
WinCls O aim_MessengerServerWindow; PID: 15872
WinCls O aim_MessengerServerWindow; PID: 19656
WinCls O aim_MessengerServerWindow; PID: 5296
WinCls O aim_MessengerServerWindow; PID: 7436
WinCls O Shell_TrayWnd; PID: 10168
WinCls O Shell_TrayWnd; PID: 15872
WinCls O Shell_TrayWnd; PID: 19656
WinCls O Shell_TrayWnd; PID: 5296
WinCls O Shell_TrayWnd; PID: 7436
WinCls X aim_MessengerShellServerWindow; PID: 10168
WinCls X aim_MessengerShellServerWindow; PID: 15872
WinCls X aim_MessengerShellServerWindow; PID: 19656
WinCls X aim_MessengerShellServerWindow; PID: 5296
WinCls X aim_MessengerShellServerWindow; PID: 7436
WinCls X ApplicationManager_DesktopShellWindow; PID: 10168
WinCls X Progman; PID: 10168
WinCls X Progman; PID: 15872
WinCls X Progman; PID: 19656
WinCls X Progman; PID: 5296
WinCls X Progman; PID: 7436
WinCls X TFirstForm; PID: 10168
WinCls X TFirstForm; PID: 15872

 

I don't see anything in the report that help me to identify the problem.

Make next test...

In the same VM you used to test notepad install Comodo and check if notepad crashes.

 

Released BSA 1.89 Beta 6.

- Fixed error message when BSA is executed for first time from a clean installation
- VirusTotal works again in all features using it

From this version Sandboxie 5.41.0 is the minimum required version.

 

DL link pls.

Thanks.

 

Sorry, saw it on website.

 

Could you please provide the download link to the last compatible BSA version with Sandboxie 5.33.3 ?

 

BSA 1.89 Beta 5 can be downloaded from here:

https://1fichier.com/?716fodhlg017ixhho4bs

 

Thank you very much @Buster_BSA

 

I had a Buster Sandbox Analyzer 1.89 version I never released. This unreleased version included a pair of new features. One of them was perceptual hashing support.

You can read about perceptual hashing at wikipedia: https://en.wikipedia.org/wiki/Perceptual_hashing

The feature is supported using pHash from pHash.org: https://www.phash.org/

I will include this feature in BSA 1.89 Beta 7.

The other feature is related to the analysis of the screenshots using OCR technology. This feature can be useful to identify malwares for the messages showed on screen, like ransomwares.

I don't know if I'll include this feature yet.

 

Released Buster Sandbox Analyzer 1.89 Beta 7. If no new features are requested and no bugs are found probably this will be the last version.

Beta 7 contains the last two unreleased features:

- Perceptual hashing support
- Screenshot OCR verification

Perceptual hashing feature works this way:

Go to "Utilities > Perceptual Hash Manager".

In "File to process" you can select an EXE or a JPG file.

When an EXE file is selected, program's icon will be processed.
When an JPG file is selected, the JPG will be processed.

You must associate the EXE's icon or the JPG file to a behavior.

The JPG should be a screenshot from a malware analyzed previously.

Screenshot OCR verification works this way:

When the required options are enabled ("Options > Automatic Analysis Options > Take Screenshots" and "Options > Report Options > Information > Screenshots > Include Screenshot OCR Information") Buster Sandbox Analyzer will save screenshots and it will create OCR text files containing OCR information from screenshots.

When you have identified a malware showing a message on screen you can open the OCR text file and copy part of the message. Then you go to "Editor > Configuration Files > Edit OCR.DAT".

Then you must copy the string you got from OCR text file, paste it and then include "<->Behaviour". Something like this:

Any attempt to remove or damage this software will lead to the immediate<->Traces of ransomware

You can add a OCR string/behavior per line.

Perceptual hashing support and screenshot OCR verification are features that will work only in automatic mode, not in manual. In manual mode only the perceptual hashing of EXE's icon will be performed when the required option is enabled.

 

Did you test using new LOG_API?

https://github.com/sandboxie-plus/LogApiDll/releases/download/1.0.5/LogApiDll.zip

 

Old Buster Sandbox Analyzer thread in Sandboxie's forum can be accessed through archive.org:

https://web.archive.org/web/2016030...andboxie.com/phpBB3/viewtopic.php?f=22&t=6557

It may be useful to have it handy as it contains 64 pages with information about the tool, questions and answers, ...

 

Ok i tested lates version 1.89 Beta 7
And looks like working https://imgur.com/DHBSjvw

 

There will be a Buster Sandbox Analyzer Beta 8 version with new stuff.

Minor change:

In previous version I forgot to include "Perceptual Hash Information for Dropped Files". Beta 8 will include this option.

Major change:

Some malwares inject code to system processes. As Sandboxie doesn't allow that, these malwares will not show all its functionalities due code injection failure.

I requested David a feature to hide processes running outside the sandbox. He added this feature in version 5.42.0. This new feature will allow BSA to trick simple malwares into thinking they are injecting code to system processes.

Here you can see the analysis of "Kronos" malware done with old Sandboxie version:

Detailed report of suspicious malware actions:

Checked for debuggers
Defined file type created: C:\Users\Buster\AppData\Roaming\Mozilla\Firefox\Profiles\8g6qu7uj.default-1529203837497\user.js
Detected Anti-Malware Analyzer routine: Disk information query
Error reporting dialog change: machine\software\microsoft\windows\windows error reporting\dontshowui = 00000001
Got volume information
Removed Zone.Identifier information
Traces of Max++

And here you can see the analysis done with new Sandboxie version, hiding "svchost" process outside the sandbox and running a dummy "svchost" inside the sandbox:

Detailed report of suspicious malware actions:

Checked for Chrome browser software presence
Checked for debuggers
Checked for The Hacker security software presence
Created a mutex named: Global\bd3218050904dd2793b510303491bac9
Created an event named: Global\bd321805R
Created process: C:\Windows\system32\svchost.exe, null, null
Defined code injection in process: C:\Windows\SysWOW64\svchost.exe
Defined file type created: C:\Users\Buster\AppData\Roaming\Mozilla\Firefox\Profiles\8g6qu7uj.default-1529203837497\user.js
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\bd321805 = C:\Users\Buster\AppData\Roaming\Microsoft\{47DAAAF6-EEA7-41C2-9318-B37374016982}\bd321805.exe
Detected Anti-Malware Analyzer routine: Disk information query
Detected privilege modification
Detected process privilege elevation
Enumerated running processes
Error reporting dialog change: machine\software\microsoft\windows\windows error reporting\dontshowui = 00000001
Got volume information
Queried DNS: api.real-debrid.com
Removed Zone.Identifier information
Traces of Max++

Now the analyzed file shows more activity, being easy to identify it as malware.

 

Awesome news! I'm still elated that you've resumed BSA. It's a fantastic tool, and Sandboxie should've incorporated it into its abilities long ago.

Any chance BSA will work with Sandboxie Plus? Referring to David's releases here: https://github.com/sandboxie-plus/Sandboxie

 

yes it does work perfectly with it