Buster Sandbox Analyzer

Discussion in 'sandboxing & virtualization' started by Buster_BSA, May 4, 2020.

  1. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    About PEID: the program is obsolete. Skip it. Last update is from 2008 so it's totally useless nowadays.

    About report: program crashed so WerFault was loaded. In this case report is useless.

    The important question is: why did notepad crash? Obviously it happens because LOG_API is being injected.

    What beta version of BSA are you using? Beta 5 downloaded from the link provided above?

    What version of Windows are you using?
     
    Last edited: Jun 7, 2020
  2. dFosB

    dFosB Registered Member

    Joined:
    Jun 5, 2020
    Posts:
    14
    Location:
    HSH
    BSA is latest Beta.
    Windows 10 Pro x64 1909
     
  3. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Ok, nice. And what Sandboxie version are you using?
     
  4. dFosB

    dFosB Registered Member

    Joined:
    Jun 5, 2020
    Posts:
    14
    Location:
    HSH
    5.40.2.
    All is latest except Windows )
     
  5. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    I just installed Sandboxie 5.40.2 and BSA 1.89 Beta 5 on a Windows 10 Pro x64 1903 and everything worked fine: I sandboxed notepad, put some letters, save it and exit. Same process you did.

    You wrote: "When I opened notepad.exe, put some letters, saved it and tried to close - I've got an error:"

    At what point do you get the error?, when you save or when you close?

    I don't think it makes any difference, but let's try this... Run notepad sandboxed in the same sandbox you use within BSA. Put some letters, save and exit. But do all this by yourself, don't use BSA.

    Does notepad crash?

    Meanwhile you could ask to some members from russian forum (http://gallery.ru-board.com/topic.cgi?forum=5&topic=20992&start=0) to make the same test with notepad to see if they also get the same error or not.

    We need to know if it's a general problem or a problem specific in your PC.
     
    Last edited: Jun 8, 2020
  6. dFosB

    dFosB Registered Member

    Joined:
    Jun 5, 2020
    Posts:
    14
    Location:
    HSH
    Yeah, you're right, the crash happens even when BSA is not involved.
    But I have few sandboxes with different configurations. Notepad works OK in all of them except BSA.
    BSA config is as follows:
    [BSA]

    InjectDll=d:\Program Files\Sandboxie\Buster Sandbox Analyzer\lapi32.dll
    InjectDll64=d:\Program Files\Sandboxie\Buster Sandbox Analyzer\lapi64.dll
    OpenPipePath=\Device\NamedPipe\LogAPI
    Enabled=y
    ConfigLevel=7
    BoxNameTitle=n
    BorderColor=#0000FF
    NotifyInternetAccessDenied=y
    Template=BlockPorts
    NotifyDirectDiskAccess=y
    ProcessLimit1=20
    ProcessLimit2=30
    "lapi" is renamed logapi file for verbose log (the situation with normal log is the same).

    I would be happy to ask in Russian forum but I believe nobody uses BSA there :)
     
  7. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    "Yeah, you're right, the crash happens even when BSA is not involved."

    This was the expected because LOG_API is injected anyway.

    "But I have few sandboxes with different configurations. Notepad works OK in all of them except BSA."

    That's because in BSA sandbox you inject LOG_API dll.

    "I would be happy to ask in Russian forum but I believe nobody uses BSA there :)"

    Using BSA is not necessary for testing. You just need some users download Log_API (Build 1.0.5) from here:

    https://github.com/sandboxie-plus/LogApiDll/releases

    they create a new sandbox, add LOG_API to sandbox settings and test.

    Or if you can install the same Windows/Build you use in a virtual machine and do tests. That would be fine too.

    I'm afraid you have installed something in your system that it's interefering with LOG_API.
     
  8. dFosB

    dFosB Registered Member

    Joined:
    Jun 5, 2020
    Posts:
    14
    Location:
    HSH
    Tested in VM - and really something is linked with my system.
    OK, too bad, it was not so cranky before :(
    Looks like I am temporarily out of testing process.
     
  9. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    If you have Windows Defender, EMET (Enhanced Mitigation Experience Toolkit) or any other antivirus/security suite installed, disable it temporaly and test again.

    If you find out what is the software interfering with LOG_API, let us know, please.

    Edit: Run resource access monitor and post log, please:

    https://www.sandboxie.com/ResourceAccessMonitor
     
    Last edited: Jun 9, 2020
  10. dFosB

    dFosB Registered Member

    Joined:
    Jun 5, 2020
    Posts:
    14
    Location:
    HSH
    I am using Comodo, anyway - putting both Sandboxie program and Sandboxes folder into exclusion did not help/ Total disabling of FW/HIPS/AV in Comodo didn't help also.
    (Drive) \Device\CdRom0; PID: 10168
    (Drive) \Device\CdRom0; PID: 1284
    (Drive) \Device\CdRom0; PID: 14692
    (Drive) \Device\CdRom0; PID: 15872
    (Drive) \Device\CdRom0; PID: 18540
    (Drive) \Device\CdRom0; PID: 19656
    (Drive) \Device\CdRom0; PID: 5296
    (Drive) \Device\CdRom0; PID: 7436
    (Drive) \Device\HarddiskVolume1; PID: 10168
    (Drive) \Device\HarddiskVolume1; PID: 1284
    (Drive) \Device\HarddiskVolume1; PID: 14692
    (Drive) \Device\HarddiskVolume1; PID: 15872
    (Drive) \Device\HarddiskVolume1; PID: 18540
    (Drive) \Device\HarddiskVolume1; PID: 19656
    (Drive) \Device\HarddiskVolume1; PID: 5296
    (Drive) \Device\HarddiskVolume1; PID: 7436
    (Drive) \Device\HarddiskVolume11; PID: 10168
    (Drive) \Device\HarddiskVolume11; PID: 1284
    (Drive) \Device\HarddiskVolume11; PID: 14692
    (Drive) \Device\HarddiskVolume11; PID: 15872
    (Drive) \Device\HarddiskVolume11; PID: 18540
    (Drive) \Device\HarddiskVolume11; PID: 19656
    (Drive) \Device\HarddiskVolume11; PID: 5296
    (Drive) \Device\HarddiskVolume11; PID: 7436
    (Drive) \Device\HarddiskVolume12; PID: 10168
    (Drive) \Device\HarddiskVolume12; PID: 1284
    (Drive) \Device\HarddiskVolume12; PID: 14692
    (Drive) \Device\HarddiskVolume12; PID: 15872
    (Drive) \Device\HarddiskVolume12; PID: 18540
    (Drive) \Device\HarddiskVolume12; PID: 19656
    (Drive) \Device\HarddiskVolume12; PID: 5296
    (Drive) \Device\HarddiskVolume12; PID: 7436
    (Drive) \Device\HarddiskVolume2; PID: 10168
    (Drive) \Device\HarddiskVolume2; PID: 1284
    (Drive) \Device\HarddiskVolume2; PID: 14692
    (Drive) \Device\HarddiskVolume2; PID: 15872
    (Drive) \Device\HarddiskVolume2; PID: 18540
    (Drive) \Device\HarddiskVolume2; PID: 19656
    (Drive) \Device\HarddiskVolume2; PID: 5296
    (Drive) \Device\HarddiskVolume2; PID: 7436
    (Drive) \Device\HarddiskVolume3; PID: 10168
    (Drive) \Device\HarddiskVolume3; PID: 1284
    (Drive) \Device\HarddiskVolume3; PID: 14692
    (Drive) \Device\HarddiskVolume3; PID: 15872
    (Drive) \Device\HarddiskVolume3; PID: 18540
    (Drive) \Device\HarddiskVolume3; PID: 19656
    (Drive) \Device\HarddiskVolume3; PID: 5296
    (Drive) \Device\HarddiskVolume3; PID: 7436
    (Drive) \Device\HarddiskVolume4; PID: 10168
    (Drive) \Device\HarddiskVolume4; PID: 1284
    (Drive) \Device\HarddiskVolume4; PID: 14692
    (Drive) \Device\HarddiskVolume4; PID: 15872
    (Drive) \Device\HarddiskVolume4; PID: 18540
    (Drive) \Device\HarddiskVolume4; PID: 19656
    (Drive) \Device\HarddiskVolume4; PID: 5296
    (Drive) \Device\HarddiskVolume4; PID: 7436
    (Drive) \Device\HarddiskVolume5; PID: 10168
    (Drive) \Device\HarddiskVolume5; PID: 1284
    (Drive) \Device\HarddiskVolume5; PID: 14692
    (Drive) \Device\HarddiskVolume5; PID: 15872
    (Drive) \Device\HarddiskVolume5; PID: 18540
    (Drive) \Device\HarddiskVolume5; PID: 19656
    (Drive) \Device\HarddiskVolume5; PID: 5296
    (Drive) \Device\HarddiskVolume5; PID: 7436
    (Drive) \Device\HarddiskVolume9; PID: 10168
    (Drive) \Device\HarddiskVolume9; PID: 1284
    (Drive) \Device\HarddiskVolume9; PID: 14692
    (Drive) \Device\HarddiskVolume9; PID: 15872
    (Drive) \Device\HarddiskVolume9; PID: 18540
    (Drive) \Device\HarddiskVolume9; PID: 19656
    (Drive) \Device\HarddiskVolume9; PID: 5296
    (Drive) \Device\HarddiskVolume9; PID: 7436
    Clsid -------------------------------
    Clsid {53BD6B4E-3780-4693-AFC3-7161C2F3EE9C} MruLongList; PID: 10168
    Clsid {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Thumbnail Cache Class Factory for Out of Proc Server; PID: 10168
    Clsid {BCDE0395-E52F-467C-8E3D-C4579291692E} MMDeviceEnumerator class; PID: 10168
    Clsid {C2F03A33-21F5-47FA-B4BB-156362A2F239} Immersive Shell; PID: 15872
    Clsid {DCB00C01-570F-4A9B-8D69-199FDBA5723B} NetworkListManager; PID: 5296
    Clsid {DCB00C01-570F-4A9B-8D69-199FDBA5723B} NetworkListManager; PID: 7436
    Clsid unknown; PID: 1284
    Clsid O {A47979D2-C419-11D9-A5B4-001185AD2B89} Network List Manager; PID: 5296
    Clsid O {A47979D2-C419-11D9-A5B4-001185AD2B89} Network List Manager; PID: 7436
    File/Key -------------------------------
    Image -------------------------------
    Ipc -------------------------------
    Ipc \BaseNamedObjects\[CoreUI]-PID(1016:cool:-TID(1720:cool: 10488836-a4b2-4019-9e5f-1527bad3c53e; PID: 10168
    Ipc \BaseNamedObjects\[CoreUI]-PID(15872)-TID(12160) 92fe20b0-a1b4-4d0b-a154-488ac5a2eaee; PID: 15872
    Ipc \BaseNamedObjects\[CoreUI]-PID(438:cool:-TID(4732) 655b42e1-7de4-4c26-b297-e6be530385cf; PID: 10168
    Ipc \BaseNamedObjects\[CoreUI]-PID(438:cool:-TID(4732) 655b42e1-7de4-4c26-b297-e6be530385cf; PID: 15872
    Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 10168
    Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 1284
    Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 14692
    Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 15872
    Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 18540
    Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 19656
    Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 5296
    Ipc \BaseNamedObjects\__ComCatalogCache__; PID: 7436
    Ipc \BaseNamedObjects\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}; PID: 14692
    Ipc \BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}; PID: 14692
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{32B0B91A-D239-4294-A516-355E12200F92}.2.ver0x0000000000000002.db; PID: 10168
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{4413C97E-7BC2-4440-8444-5F8F78ED4711}.2.ver0x0000000000000001.db; PID: 10168
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000091.db; PID: 10168
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000091.db; PID: 15872
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6D5609CF-7BFB-4C0B-A5B0-F33627D02ED9}.2.ver0x0000000000000001.db; PID: 10168
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000003.db; PID: 10168
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000003.db; PID: 15872
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{ED06CBD3-DA15-42F0-8481-950F75DDBEDD}.2.ver0x0000000000000001.db; PID: 10168
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro; PID: 10168
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro; PID: 15872
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2; PID: 10168
    Ipc \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2; PID: 15872
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_1280.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_16.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_1920.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_32.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_48.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_768.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterEvent; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_sr.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide_alternate.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1280.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_16.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1920.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_2560.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_48.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_768.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_custom_stream.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_exif.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_wide.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_wide_alternate.db!dfMaintainer; PID: 10168
    Ipc \BaseNamedObjects\RotHintTable; PID: 14692
    Ipc \BaseNamedObjects\SC_AutoStartComplete; PID: 19656
    Ipc \BaseNamedObjects\windows_shell_global_counters; PID: 10168
    Ipc \BaseNamedObjects\windows_shell_global_counters; PID: 15872
    Ipc \PdcPort; PID: 5296
    Ipc \PdcPort; PID: 7436
    Ipc \RPC Control\actkernel; PID: 14692
    Ipc \RPC Control\actkernel; PID: 19656
    Ipc \RPC Control\epmapper; PID: 10168
    Ipc \RPC Control\epmapper; PID: 1284
    Ipc \RPC Control\epmapper; PID: 14692
    Ipc \RPC Control\epmapper; PID: 15872
    Ipc \RPC Control\epmapper; PID: 18540
    Ipc \RPC Control\epmapper; PID: 19656
    Ipc \RPC Control\epmapper; PID: 5296
    Ipc \RPC Control\epmapper; PID: 7436
    Ipc \RPC Control\keysvc; PID: 1284
    Ipc \RPC Control\OLE6EE136B88D492D2C2A9955166FC0; PID: 15872
    Ipc \RPC Control\OLE756D2AA51A48D7EFA771169806ED; PID: 7436
    Ipc \RPC Control\OLE79ABE116A102706202979D1EB785; PID: 5296
    Ipc \RPC Control\OLEF372054F63E17B27CE2FD7002EF6; PID: 10168
    Ipc \RPC Control\OLEF372054F63E17B27CE2FD7002EF6; PID: 18540
    Ipc \RPC Control\OLEFC7FD81B0DC5BD5DF474257C4D32; PID: 10168
    Ipc \RPC Control\protected_storage; PID: 5296
    Ipc \RPC Control\protected_storage; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 1284
    Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 18540
    Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\__ComCatalogCache__; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_EALocalStorageV8131_000014B0; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_EALocalStorageV8131_00001D0C; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_EALocalStorageV8131_000027B8; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_EALocalStorageV8131_00003E00; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_EALocalStorageV8131_00004CC8; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\1ebe3030-8051-4ac9-a704-5ad83ef25cb3; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\27b8HWNDInterface:361020; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\27b8HWNDInterface:3c0d2c; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\27b8HWNDInterface:3f0faa; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\27b8HWNDInterface:5f0fde; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\43d1985f-61ea-4df9-bba1-e4f7e75997f3; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{32B0B91A-D239-4294-A516-355E12200F92}.2.ver0x0000000000000002.db; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{4413C97E-7BC2-4440-8444-5F8F78ED4711}.2.ver0x0000000000000001.db; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000091.db; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000091.db; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6D5609CF-7BFB-4C0B-A5B0-F33627D02ED9}.2.ver0x0000000000000001.db; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000003.db; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000003.db; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{ED06CBD3-DA15-42F0-8481-950F75DDBEDD}.2.ver0x0000000000000001.db; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000072f.db; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000231.db; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000231.db; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*cversions.1.ro; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*cversions.1.ro; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\C:*Users****AppData*Local*Microsoft*Windows*Caches*cversions.3.ro; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_1280.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_16.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_1920.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_32.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_48.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_768.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!036028; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0416d8; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0425a8; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!042a98; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!042f88; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!043478; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!043968; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!043e58; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!044348; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!044838; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!044d28; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!045218; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!045708; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!045bf8; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!074588; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!074a78; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!074f68; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!075458; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!07de98; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!11242d8; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!11253c8; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!11264b8; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!11275a8; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!1128698; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!1129788; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!112a878; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!112b968; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!112ca58; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!112db48; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!25a0a8; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!28a858; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!2a8888; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!2cfc78; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!2d2168; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterEvent; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_sr.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide_alternate.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1280.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_16.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1920.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_2560.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_48.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_768.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_custom_stream.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_exif.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!2174f450; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!21872970; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!21e540; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!28370; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!41fe6d4a; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!4268c5ca; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!426a44e8; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!4960; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!4b74; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!4e8c; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterEvent; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_wide.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\C::Users:**:AppData:Local:Microsoft:Windows:Explorer:thumbcache_wide_alternate.db!dfMaintainer; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\ComPlusCOMRegTable; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\Cor_Private_IPCBlock_v4_10168; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\CPFATE_10168_v4.0.30319; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\f01b4d95cf55d32a.automaticDestinations-ms; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00002f80_00000000_000005fc; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00002f80_00000000_000006ca; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00004338_00000000_00002f9a; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00004338_00000000_0000498e; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00004338_00000000_000050bc; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\HOOK_SHMEM_00000000_00004338_00000000_000050ed; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\IDMEventMonitor; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\Lv16_HoverWithCtrlAllowed; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\Lv16_HoverWithCtrlAllowed; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\Lv16_LeftMouseClickWithAltAllowed; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\Lv16_LeftMouseClickWithAltAllowed; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\Mutexf01b4d95cf55d32a.automaticDestinations-ms; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\OleDfRoot15B8CE56CC137065; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\OleDfRoot48C5B78795676E20; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\RotHintTable; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_10168; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_1284; PID: 1284
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_14692; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_15872; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_18540; PID: 18540
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_19656; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_5296; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_7436; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_RPCSS_SXS_READY; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_RPCSS_SXS_READY; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceCrypto_Mutex1; PID: 1284
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 1284
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 1284
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 18540
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_Mutex1; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcEptMapper; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 1284
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 18540
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\SBIE_ProtectedStorage_Mutex; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SBIE_ProtectedStorage_Section; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 1284
    Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 18540
    Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\SboxSession; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\SC_AutoStartComplete; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\ScmCreatedEvent; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SessionImmersiveColorMutex; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SessionImmersiveColorPreference; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\Shell.CMruPidlList; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SM0:10168:120:WilError_02; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SM0:10168:120:WilError_02_p0; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SM0:10168:120:WilError_02_p0h; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SM0:10168:304:WilStaging_02; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SM0:10168:304:WilStaging_02_p0; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SM0:10168:304:WilStaging_02_p0h; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SM0:1284:304:WilStaging_02; PID: 1284
    Ipc \Sessions\1\BaseNamedObjects\SM0:1284:304:WilStaging_02_p0; PID: 1284
    Ipc \Sessions\1\BaseNamedObjects\SM0:1284:304:WilStaging_02_p0h; PID: 1284
    Ipc \Sessions\1\BaseNamedObjects\SM0:14692:120:WilError_02; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\SM0:14692:120:WilError_02_p0; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\SM0:14692:120:WilError_02_p0h; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\SM0:14692:304:WilStaging_02; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\SM0:14692:304:WilStaging_02_p0; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\SM0:14692:304:WilStaging_02_p0h; PID: 14692
    Ipc \Sessions\1\BaseNamedObjects\SM0:15872:120:WilError_02; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SM0:15872:120:WilError_02_p0; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SM0:15872:120:WilError_02_p0h; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SM0:15872:304:WilStaging_02; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SM0:15872:304:WilStaging_02_p0; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SM0:15872:304:WilStaging_02_p0h; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\SM0:18540:304:WilStaging_02; PID: 18540
    Ipc \Sessions\1\BaseNamedObjects\SM0:18540:304:WilStaging_02_p0; PID: 18540
    Ipc \Sessions\1\BaseNamedObjects\SM0:18540:304:WilStaging_02_p0h; PID: 18540
    Ipc \Sessions\1\BaseNamedObjects\SM0:19656:120:WilError_02; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SM0:19656:120:WilError_02_p0; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SM0:19656:120:WilError_02_p0h; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SM0:19656:304:WilStaging_02; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SM0:19656:304:WilStaging_02_p0; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SM0:19656:304:WilStaging_02_p0h; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\SM0:5296:120:WilError_02; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\SM0:5296:120:WilError_02_p0; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\SM0:5296:120:WilError_02_p0h; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\SM0:5296:304:WilStaging_02; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\SM0:5296:304:WilStaging_02_p0; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\SM0:5296:304:WilStaging_02_p0h; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\SM0:7436:120:WilError_02; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\SM0:7436:120:WilError_02_p0; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\SM0:7436:120:WilError_02_p0h; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\SM0:7436:304:WilStaging_02; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\SM0:7436:304:WilStaging_02_p0; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\SM0:7436:304:WilStaging_02_p0h; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\SyncRootManager; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\SyncRootManager; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\ThumbnailCache.SimultaneousExtractions.{66526bdc-5216-40c2-b496-d1eb7c2223a4}; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\UrlZonesSM_**; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\WERReportingForProcess10168; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\WERReportingForProcess10168; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\WERReportingForProcessComplete10168; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\WERReportingForProcessComplete10168; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 15872
    Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 18540
    Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 19656
    Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 5296
    Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters; PID: 7436
    Ipc \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex; PID: 10168
    Ipc \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex; PID: 10168
    Ipc \WindowsErrorReportingServicePort; PID: 10168
    Ipc \WindowsErrorReportingServicePort; PID: 5296
    Ipc \WindowsErrorReportingServicePort; PID: 7436
    Ipc O \...\Cor_SxSPublic_IPCBlock; PID: 10168
    Ipc O \BaseNamedObjects\CoreMessagingRegistrar; PID: 10168
    Ipc O \BaseNamedObjects\CoreMessagingRegistrar; PID: 15872
    Ipc O \BaseNamedObjects\msctf.serverDefault1; PID: 10168
    Ipc O \BaseNamedObjects\msctf.serverDefault1; PID: 15872
    Ipc O \BaseNamedObjects\TabletHardwarePresent; PID: 10168
    Ipc O \KernelObjects\LowMemoryCondition; PID: 10168
    Ipc O \KernelObjects\LowMemoryCondition; PID: 1284
    Ipc O \KernelObjects\MaximumCommitCondition; PID: 10168
    Ipc O \KernelObjects\MaximumCommitCondition; PID: 1284
    Ipc O \KernelObjects\MaximumCommitCondition; PID: 14692
    Ipc O \KernelObjects\MaximumCommitCondition; PID: 15872
    Ipc O \KernelObjects\MaximumCommitCondition; PID: 18540
    Ipc O \KernelObjects\MaximumCommitCondition; PID: 19656
    Ipc O \KernelObjects\MaximumCommitCondition; PID: 5296
    Ipc O \KernelObjects\MaximumCommitCondition; PID: 7436
    Ipc O \KernelObjects\MemoryErrors; PID: 5296
    Ipc O \KernelObjects\MemoryErrors; PID: 7436
    Ipc O \KernelObjects\SystemErrorPortReady; PID: 10168
    Ipc O \KernelObjects\SystemErrorPortReady; PID: 5296
    Ipc O \KernelObjects\SystemErrorPortReady; PID: 7436
    Ipc O \KnownDlls\advapi32.dll; PID: 10168
    Ipc O \KnownDlls\advapi32.dll; PID: 1284
    Ipc O \KnownDlls\advapi32.dll; PID: 14692
    Ipc O \KnownDlls\advapi32.dll; PID: 15872
    Ipc O \KnownDlls\advapi32.dll; PID: 18540
    Ipc O \KnownDlls\advapi32.dll; PID: 19656
    Ipc O \KnownDlls\advapi32.dll; PID: 5296
    Ipc O \KnownDlls\advapi32.dll; PID: 7436
    Ipc O \KnownDlls\bcrypt.dll; PID: 10168
    Ipc O \KnownDlls\bcrypt.dll; PID: 1284
    Ipc O \KnownDlls\bcrypt.dll; PID: 14692
    Ipc O \KnownDlls\bcrypt.dll; PID: 15872
    Ipc O \KnownDlls\bcrypt.dll; PID: 19656
    Ipc O \KnownDlls\bcrypt.dll; PID: 5296
    Ipc O \KnownDlls\bcrypt.dll; PID: 7436
    Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 10168
    Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 1284
    Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 14692
    Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 15872
    Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 18540
    Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 19656
    Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 5296
    Ipc O \KnownDlls\bcryptPrimitives.dll; PID: 7436
    Ipc O \KnownDlls\cfgmgr32.dll; PID: 10168
    Ipc O \KnownDlls\cfgmgr32.dll; PID: 1284
    Ipc O \KnownDlls\cfgmgr32.dll; PID: 15872
    Ipc O \KnownDlls\cfgmgr32.dll; PID: 18540
    Ipc O \KnownDlls\cfgmgr32.dll; PID: 19656
    Ipc O \KnownDlls\cfgmgr32.dll; PID: 5296
    Ipc O \KnownDlls\cfgmgr32.dll; PID: 7436
    Ipc O \KnownDlls\clbcatq.dll; PID: 10168
    Ipc O \KnownDlls\clbcatq.dll; PID: 1284
    Ipc O \KnownDlls\clbcatq.dll; PID: 14692
    Ipc O \KnownDlls\clbcatq.dll; PID: 15872
    Ipc O \KnownDlls\clbcatq.dll; PID: 18540
    Ipc O \KnownDlls\clbcatq.dll; PID: 19656
    Ipc O \KnownDlls\clbcatq.dll; PID: 5296
    Ipc O \KnownDlls\clbcatq.dll; PID: 7436
    Ipc O \KnownDlls\combase.dll; PID: 10168
    Ipc O \KnownDlls\combase.dll; PID: 1284
    Ipc O \KnownDlls\combase.dll; PID: 14692
    Ipc O \KnownDlls\combase.dll; PID: 15872
    Ipc O \KnownDlls\combase.dll; PID: 18540
    Ipc O \KnownDlls\combase.dll; PID: 19656
    Ipc O \KnownDlls\combase.dll; PID: 5296
    Ipc O \KnownDlls\combase.dll; PID: 7436
    Ipc O \KnownDlls\COMDLG32.dll; PID: 10168
    Ipc O \KnownDlls\COMDLG32.dll; PID: 15872
    Ipc O \KnownDlls\coml2.dll; PID: 10168
    Ipc O \KnownDlls\CRYPT32.dll; PID: 10168
    Ipc O \KnownDlls\CRYPT32.dll; PID: 1284
    Ipc O \KnownDlls\CRYPT32.dll; PID: 15872
    Ipc O \KnownDlls\CRYPT32.dll; PID: 19656
    Ipc O \KnownDlls\CRYPT32.dll; PID: 5296
    Ipc O \KnownDlls\CRYPT32.dll; PID: 7436
    Ipc O \KnownDlls\cryptsp.dll; PID: 10168
    Ipc O \KnownDlls\cryptsp.dll; PID: 15872
    Ipc O \KnownDlls\cryptsp.dll; PID: 18540
    Ipc O \KnownDlls\cryptsp.dll; PID: 19656
    Ipc O \KnownDlls\cryptsp.dll; PID: 5296
    Ipc O \KnownDlls\cryptsp.dll; PID: 7436
    Ipc O \KnownDlls\gdi32.dll; PID: 10168
    Ipc O \KnownDlls\gdi32.dll; PID: 1284
    Ipc O \KnownDlls\gdi32.dll; PID: 14692
    Ipc O \KnownDlls\gdi32.dll; PID: 15872
    Ipc O \KnownDlls\gdi32.dll; PID: 18540
    Ipc O \KnownDlls\gdi32.dll; PID: 19656
    Ipc O \KnownDlls\gdi32.dll; PID: 5296
    Ipc O \KnownDlls\gdi32.dll; PID: 7436
    Ipc O \KnownDlls\gdi32full.dll; PID: 10168
    Ipc O \KnownDlls\gdi32full.dll; PID: 1284
    Ipc O \KnownDlls\gdi32full.dll; PID: 14692
    Ipc O \KnownDlls\gdi32full.dll; PID: 15872
    Ipc O \KnownDlls\gdi32full.dll; PID: 18540
    Ipc O \KnownDlls\gdi32full.dll; PID: 19656
    Ipc O \KnownDlls\gdi32full.dll; PID: 5296
    Ipc O \KnownDlls\gdi32full.dll; PID: 7436
    Ipc O \KnownDlls\IMAGEHLP.dll; PID: 10168
    Ipc O \KnownDlls\IMAGEHLP.dll; PID: 15872
    Ipc O \KnownDlls\IMAGEHLP.dll; PID: 19656
    Ipc O \KnownDlls\IMAGEHLP.dll; PID: 5296
    Ipc O \KnownDlls\IMAGEHLP.dll; PID: 7436
    Ipc O \KnownDlls\IMM32.dll; PID: 10168
    Ipc O \KnownDlls\IMM32.dll; PID: 1284
    Ipc O \KnownDlls\IMM32.dll; PID: 14692
    Ipc O \KnownDlls\IMM32.dll; PID: 15872
    Ipc O \KnownDlls\IMM32.dll; PID: 18540
    Ipc O \KnownDlls\IMM32.dll; PID: 19656
    Ipc O \KnownDlls\IMM32.dll; PID: 5296
    Ipc O \KnownDlls\IMM32.dll; PID: 7436
    Ipc O \KnownDlls\kernel.appcore.dll; PID: 10168
    Ipc O \KnownDlls\kernel.appcore.dll; PID: 1284
    Ipc O \KnownDlls\kernel.appcore.dll; PID: 15872
    Ipc O \KnownDlls\kernel.appcore.dll; PID: 18540
    Ipc O \KnownDlls\kernel.appcore.dll; PID: 19656
    Ipc O \KnownDlls\kernel.appcore.dll; PID: 5296
    Ipc O \KnownDlls\kernel.appcore.dll; PID: 7436
    Ipc O \KnownDlls\kernel32.dll; PID: 10168
    Ipc O \KnownDlls\kernel32.dll; PID: 1284
    Ipc O \KnownDlls\kernel32.dll; PID: 14692
    Ipc O \KnownDlls\kernel32.dll; PID: 15872
    Ipc O \KnownDlls\kernel32.dll; PID: 18540
    Ipc O \KnownDlls\kernel32.dll; PID: 19656
    Ipc O \KnownDlls\kernel32.dll; PID: 5296
    Ipc O \KnownDlls\kernel32.dll; PID: 7436
    Ipc O \KnownDlls\KERNELBASE.dll; PID: 10168
    Ipc O \KnownDlls\KERNELBASE.dll; PID: 1284
    Ipc O \KnownDlls\KERNELBASE.dll; PID: 14692
    Ipc O \KnownDlls\KERNELBASE.dll; PID: 15872
    Ipc O \KnownDlls\KERNELBASE.dll; PID: 18540
    Ipc O \KnownDlls\KERNELBASE.dll; PID: 19656
    Ipc O \KnownDlls\KERNELBASE.dll; PID: 5296
    Ipc O \KnownDlls\KERNELBASE.dll; PID: 7436
    Ipc O \KnownDlls\MSASN1.dll; PID: 10168
    Ipc O \KnownDlls\MSASN1.dll; PID: 1284
    Ipc O \KnownDlls\MSASN1.dll; PID: 15872
    Ipc O \KnownDlls\MSASN1.dll; PID: 19656
    Ipc O \KnownDlls\MSASN1.dll; PID: 5296
    Ipc O \KnownDlls\MSASN1.dll; PID: 7436
    Ipc O \KnownDlls\MSCTF.dll; PID: 10168
    Ipc O \KnownDlls\MSCTF.dll; PID: 15872
    Ipc O \KnownDlls\MSCTF.dll; PID: 19656
    Ipc O \KnownDlls\MSCTF.dll; PID: 5296
    Ipc O \KnownDlls\MSCTF.dll; PID: 7436
    Ipc O \KnownDlls\msvcp_win.dll; PID: 10168
    Ipc O \KnownDlls\msvcp_win.dll; PID: 1284
    Ipc O \KnownDlls\msvcp_win.dll; PID: 14692
    Ipc O \KnownDlls\msvcp_win.dll; PID: 15872
    Ipc O \KnownDlls\msvcp_win.dll; PID: 18540
    Ipc O \KnownDlls\msvcp_win.dll; PID: 19656
    Ipc O \KnownDlls\msvcp_win.dll; PID: 5296
    Ipc O \KnownDlls\msvcp_win.dll; PID: 7436
    Ipc O \KnownDlls\MSVCRT.dll; PID: 10168
    Ipc O \KnownDlls\MSVCRT.dll; PID: 1284
    Ipc O \KnownDlls\MSVCRT.dll; PID: 14692
    Ipc O \KnownDlls\MSVCRT.dll; PID: 15872
    Ipc O \KnownDlls\MSVCRT.dll; PID: 18540
    Ipc O \KnownDlls\MSVCRT.dll; PID: 19656
    Ipc O \KnownDlls\MSVCRT.dll; PID: 5296
    Ipc O \KnownDlls\MSVCRT.dll; PID: 7436
    Ipc O \KnownDlls\NSI.dll; PID: 5296
    Ipc O \KnownDlls\NSI.dll; PID: 7436
    Ipc O \KnownDlls\ole32.dll; PID: 10168
    Ipc O \KnownDlls\ole32.dll; PID: 15872
    Ipc O \KnownDlls\ole32.dll; PID: 19656
    Ipc O \KnownDlls\ole32.dll; PID: 5296
    Ipc O \KnownDlls\ole32.dll; PID: 7436
    Ipc O \KnownDlls\OLEAUT32.dll; PID: 10168
    Ipc O \KnownDlls\OLEAUT32.dll; PID: 1284
    Ipc O \KnownDlls\OLEAUT32.dll; PID: 14692
    Ipc O \KnownDlls\OLEAUT32.dll; PID: 15872
    Ipc O \KnownDlls\OLEAUT32.dll; PID: 18540
    Ipc O \KnownDlls\OLEAUT32.dll; PID: 19656
    Ipc O \KnownDlls\OLEAUT32.dll; PID: 5296
    Ipc O \KnownDlls\OLEAUT32.dll; PID: 7436
    Ipc O \KnownDlls\powrprof.dll; PID: 10168
    Ipc O \KnownDlls\powrprof.dll; PID: 14692
    Ipc O \KnownDlls\powrprof.dll; PID: 15872
    Ipc O \KnownDlls\powrprof.dll; PID: 18540
    Ipc O \KnownDlls\powrprof.dll; PID: 19656
    Ipc O \KnownDlls\powrprof.dll; PID: 5296
    Ipc O \KnownDlls\powrprof.dll; PID: 7436
    Ipc O \KnownDlls\profapi.dll; PID: 10168
    Ipc O \KnownDlls\profapi.dll; PID: 15872
    Ipc O \KnownDlls\profapi.dll; PID: 18540
    Ipc O \KnownDlls\profapi.dll; PID: 19656
    Ipc O \KnownDlls\profapi.dll; PID: 5296
    Ipc O \KnownDlls\profapi.dll; PID: 7436
    Ipc O \KnownDlls\PSAPI.DLL; PID: 10168
    Ipc O \KnownDlls\PSAPI.DLL; PID: 1284
    Ipc O \KnownDlls\PSAPI.DLL; PID: 14692
    Ipc O \KnownDlls\PSAPI.DLL; PID: 15872
    Ipc O \KnownDlls\PSAPI.DLL; PID: 18540
    Ipc O \KnownDlls\PSAPI.DLL; PID: 19656
    Ipc O \KnownDlls\PSAPI.DLL; PID: 5296
    Ipc O \KnownDlls\PSAPI.DLL; PID: 7436
    Ipc O \KnownDlls\rpcrt4.dll; PID: 10168
    Ipc O \KnownDlls\rpcrt4.dll; PID: 1284
    Ipc O \KnownDlls\rpcrt4.dll; PID: 14692
    Ipc O \KnownDlls\rpcrt4.dll; PID: 15872
    Ipc O \KnownDlls\rpcrt4.dll; PID: 18540
    Ipc O \KnownDlls\rpcrt4.dll; PID: 19656
    Ipc O \KnownDlls\rpcrt4.dll; PID: 5296
    Ipc O \KnownDlls\rpcrt4.dll; PID: 7436
    Ipc O \KnownDlls\sechost.dll; PID: 10168
    Ipc O \KnownDlls\sechost.dll; PID: 1284
    Ipc O \KnownDlls\sechost.dll; PID: 14692
    Ipc O \KnownDlls\sechost.dll; PID: 15872
    Ipc O \KnownDlls\sechost.dll; PID: 18540
    Ipc O \KnownDlls\sechost.dll; PID: 19656
    Ipc O \KnownDlls\sechost.dll; PID: 5296
    Ipc O \KnownDlls\sechost.dll; PID: 7436
    Ipc O \KnownDlls\Setupapi.dll; PID: 10168
    Ipc O \KnownDlls\SHCORE.dll; PID: 10168
    Ipc O \KnownDlls\SHCORE.dll; PID: 15872
    Ipc O \KnownDlls\SHCORE.dll; PID: 18540
    Ipc O \KnownDlls\SHCORE.dll; PID: 19656
    Ipc O \KnownDlls\SHCORE.dll; PID: 5296
    Ipc O \KnownDlls\SHCORE.dll; PID: 7436
    Ipc O \KnownDlls\SHELL32.dll; PID: 10168
    Ipc O \KnownDlls\SHELL32.dll; PID: 15872
    Ipc O \KnownDlls\SHELL32.dll; PID: 18540
    Ipc O \KnownDlls\SHELL32.dll; PID: 19656
    Ipc O \KnownDlls\SHELL32.dll; PID: 5296
    Ipc O \KnownDlls\SHELL32.dll; PID: 7436
    Ipc O \KnownDlls\SHLWAPI.dll; PID: 10168
    Ipc O \KnownDlls\SHLWAPI.dll; PID: 15872
    Ipc O \KnownDlls\SHLWAPI.dll; PID: 18540
    Ipc O \KnownDlls\SHLWAPI.dll; PID: 19656
    Ipc O \KnownDlls\SHLWAPI.dll; PID: 5296
    Ipc O \KnownDlls\SHLWAPI.dll; PID: 7436
    Ipc O \KnownDlls\ucrtbase.dll; PID: 10168
    Ipc O \KnownDlls\ucrtbase.dll; PID: 1284
    Ipc O \KnownDlls\ucrtbase.dll; PID: 14692
    Ipc O \KnownDlls\ucrtbase.dll; PID: 15872
    Ipc O \KnownDlls\ucrtbase.dll; PID: 18540
    Ipc O \KnownDlls\ucrtbase.dll; PID: 19656
    Ipc O \KnownDlls\ucrtbase.dll; PID: 5296
    Ipc O \KnownDlls\ucrtbase.dll; PID: 7436
    Ipc O \KnownDlls\UMPDC.dll; PID: 10168
    Ipc O \KnownDlls\UMPDC.dll; PID: 14692
    Ipc O \KnownDlls\UMPDC.dll; PID: 15872
    Ipc O \KnownDlls\UMPDC.dll; PID: 18540
    Ipc O \KnownDlls\UMPDC.dll; PID: 19656
    Ipc O \KnownDlls\UMPDC.dll; PID: 5296
    Ipc O \KnownDlls\UMPDC.dll; PID: 7436
    Ipc O \KnownDlls\user32.dll; PID: 10168
    Ipc O \KnownDlls\user32.dll; PID: 1284
    Ipc O \KnownDlls\user32.dll; PID: 14692
    Ipc O \KnownDlls\user32.dll; PID: 15872
    Ipc O \KnownDlls\user32.dll; PID: 18540
    Ipc O \KnownDlls\user32.dll; PID: 19656
    Ipc O \KnownDlls\user32.dll; PID: 5296
    Ipc O \KnownDlls\user32.dll; PID: 7436
    Ipc O \KnownDlls\win32u.dll; PID: 10168
    Ipc O \KnownDlls\win32u.dll; PID: 1284
    Ipc O \KnownDlls\win32u.dll; PID: 14692
    Ipc O \KnownDlls\win32u.dll; PID: 15872
    Ipc O \KnownDlls\win32u.dll; PID: 18540
    Ipc O \KnownDlls\win32u.dll; PID: 19656
    Ipc O \KnownDlls\win32u.dll; PID: 5296
    Ipc O \KnownDlls\win32u.dll; PID: 7436
    Ipc O \KnownDlls\windows.storage.dll; PID: 10168
    Ipc O \KnownDlls\windows.storage.dll; PID: 15872
    Ipc O \KnownDlls\windows.storage.dll; PID: 18540
    Ipc O \KnownDlls\windows.storage.dll; PID: 19656
    Ipc O \KnownDlls\windows.storage.dll; PID: 5296
    Ipc O \KnownDlls\windows.storage.dll; PID: 7436
    Ipc O \KnownDlls\WINTRUST.dll; PID: 10168
    Ipc O \KnownDlls\WINTRUST.dll; PID: 15872
    Ipc O \KnownDlls\WINTRUST.dll; PID: 19656
    Ipc O \KnownDlls\WINTRUST.dll; PID: 5296
    Ipc O \KnownDlls\WINTRUST.dll; PID: 7436
    Ipc O \KnownDlls\WS2_32.dll; PID: 10168
    Ipc O \KnownDlls\WS2_32.dll; PID: 1284
    Ipc O \KnownDlls\WS2_32.dll; PID: 19656
    Ipc O \KnownDlls\WS2_32.dll; PID: 5296
    Ipc O \KnownDlls\WS2_32.dll; PID: 7436
    Ipc O \RPC Control\Audiosrv; PID: 10168
    Ipc O \RPC Control\lsapolicylookup; PID: 10168
    Ipc O \RPC Control\lsapolicylookup; PID: 1284
    Ipc O \RPC Control\lsapolicylookup; PID: 14692
    Ipc O \RPC Control\lsapolicylookup; PID: 15872
    Ipc O \RPC Control\lsapolicylookup; PID: 18540
    Ipc O \RPC Control\lsapolicylookup; PID: 19656
    Ipc O \RPC Control\lsapolicylookup; PID: 5296
    Ipc O \RPC Control\lsapolicylookup; PID: 7436
    Ipc O \RPC Control\LSARPC_ENDPOINT; PID: 10168
    Ipc O \RPC Control\lsasspirpc; PID: 10168
    Ipc O \RPC Control\lsasspirpc; PID: 14692
    Ipc O \RPC Control\lsasspirpc; PID: 15872
    Ipc O \RPC Control\lsasspirpc; PID: 19656
    Ipc O \RPC Control\samss lpc; PID: 10168
    Ipc O \RPC Control\samss lpc; PID: 1284
    Ipc O \RPC Control\SbieSvcPort; PID: 10168
    Ipc O \RPC Control\SbieSvcPort; PID: 1284
    Ipc O \RPC Control\SbieSvcPort; PID: 14692
    Ipc O \RPC Control\SbieSvcPort; PID: 15872
    Ipc O \RPC Control\SbieSvcPort; PID: 18540
    Ipc O \RPC Control\SbieSvcPort; PID: 19656
    Ipc O \RPC Control\SbieSvcPort; PID: 5296
    Ipc O \RPC Control\SbieSvcPort; PID: 7436
    Ipc O \Security\LSA_AUTHENTICATION_INITIALIZED; PID: 10168
    Ipc O \Security\LSA_AUTHENTICATION_INITIALIZED; PID: 14692
    Ipc O \Security\LSA_AUTHENTICATION_INITIALIZED; PID: 15872
    Ipc O \Security\LSA_AUTHENTICATION_INITIALIZED; PID: 19656
    Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ParamStrings_0E9FC193; PID: 10168
    Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ParamStrings_0E9FC193; PID: 15872
    Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ServiceMapping; PID: 10168
    Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ServiceMapping; PID: 15872
    Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ServiceMapping; PID: 19656
    Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ServiceMapping; PID: 5296
    Ipc O \Sessions\1\BaseNamedObjects\{FC4C2F7F-35C0-4ED5-8794-172E38F8D816}_ServiceMapping; PID: 7436
    Ipc O \Sessions\1\BaseNamedObjects\ActualTools_LockMonitor; PID: 10168
    Ipc O \Sessions\1\BaseNamedObjects\ActualTools_LockMonitor; PID: 15872
    Ipc O \Sessions\1\BaseNamedObjects\ActualTools_LockMonitor; PID: 19656
    Ipc O \Sessions\1\BaseNamedObjects\ActualTools_LockMonitor; PID: 5296
    Ipc O \Sessions\1\BaseNamedObjects\ActualTools_LockMonitor; PID: 7436
    Ipc O \Sessions\1\BaseNamedObjects\ActualTools_UnlockMonitor; PID: 10168
    Ipc O \Sessions\1\BaseNamedObjects\ActualTools_UnlockMonitor; PID: 15872
    Ipc O \Sessions\1\BaseNamedObjects\ActualTools_UnlockMonitor; PID: 19656
    Ipc O \Sessions\1\BaseNamedObjects\ActualTools_UnlockMonitor; PID: 5296
    Ipc O \Sessions\1\BaseNamedObjects\ActualTools_UnlockMonitor; PID: 7436
    Ipc O \Sessions\1\BaseNamedObjects\CicLoadWinStaWinSta0; PID: 10168
    Ipc O \Sessions\1\BaseNamedObjects\CicLoadWinStaWinSta0; PID: 15872
    Ipc O \Sessions\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault1; PID: 10168
    Ipc O \Sessions\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault1; PID: 15872
    Ipc O \Sessions\1\BaseNamedObjects\MSCTF.Asm.MutexDefault1; PID: 10168
    Ipc O \Sessions\1\BaseNamedObjects\MSCTF.Asm.MutexDefault1; PID: 15872
    Ipc O \Sessions\1\BaseNamedObjects\MSCTF.CtfMonitorInstMutexDefault1; PID: 10168
    Ipc O \Sessions\1\BaseNamedObjects\MSCTF.CtfMonitorInstMutexDefault1; PID: 15872
    Ipc O \Sessions\1\Windows\ApiPort; PID: 10168
    Ipc O \Sessions\1\Windows\ApiPort; PID: 1284
    Ipc O \Sessions\1\Windows\ApiPort; PID: 14692
    Ipc O \Sessions\1\Windows\ApiPort; PID: 15872
    Ipc O \Sessions\1\Windows\ApiPort; PID: 18540
    Ipc O \Sessions\1\Windows\ApiPort; PID: 19656
    Ipc O \Sessions\1\Windows\ApiPort; PID: 5296
    Ipc O \Sessions\1\Windows\ApiPort; PID: 7436
    Ipc O \Sessions\1\Windows\SharedSection; PID: 10168
    Ipc O \Sessions\1\Windows\SharedSection; PID: 1284
    Ipc O \Sessions\1\Windows\SharedSection; PID: 14692
    Ipc O \Sessions\1\Windows\SharedSection; PID: 15872
    Ipc O \Sessions\1\Windows\SharedSection; PID: 18540
    Ipc O \Sessions\1\Windows\SharedSection; PID: 19656
    Ipc O \Sessions\1\Windows\SharedSection; PID: 5296
    Ipc O \Sessions\1\Windows\SharedSection; PID: 7436
    Ipc O \Sessions\1\Windows\Theme4049804192; PID: 10168
    Ipc O \Sessions\1\Windows\Theme4049804192; PID: 15872
    Ipc O \Sessions\1\Windows\Theme4049804192; PID: 19656
    Ipc O \Sessions\1\Windows\Theme4049804192; PID: 5296
    Ipc O \Sessions\1\Windows\Theme4049804192; PID: 7436
    Ipc O \Sessions\1\Windows\ThemeSection; PID: 10168
    Ipc O \Sessions\1\Windows\ThemeSection; PID: 15872
    Ipc O \Sessions\1\Windows\ThemeSection; PID: 19656
    Ipc O \Sessions\1\Windows\ThemeSection; PID: 5296
    Ipc O \Sessions\1\Windows\ThemeSection; PID: 7436
    Ipc O \ThemeApiPort; PID: 10168
    Ipc O \ThemeApiPort; PID: 15872
    Ipc O \ThemeApiPort; PID: 18540
    Ipc O \ThemeApiPort; PID: 19656
    Ipc O \ThemeApiPort; PID: 5296
    Ipc O \ThemeApiPort; PID: 7436
    Ipc O \Windows\Theme2718350742; PID: 10168
    Ipc O \Windows\Theme2718350742; PID: 15872
    Ipc O \Windows\Theme2718350742; PID: 19656
    Ipc O \Windows\Theme2718350742; PID: 5296
    Ipc O \Windows\Theme2718350742; PID: 7436
    Ipc X $:notepad.exe; PID: 7436
    Pipe -------------------------------
    Pipe ?; PID: 10168
    Pipe ?; PID: 1284
    Pipe ?; PID: 15872
    Pipe ?; PID: 18540
    Pipe ?; PID: 19656
    Pipe ?; PID: 5296
    Pipe ?; PID: 7436
    Pipe \Device\000000c7; PID: 10168
    Pipe \Device\000000c7; PID: 15872
    Pipe \Device\CNG; PID: 10168
    Pipe \Device\CNG; PID: 1284
    Pipe \Device\CNG; PID: 14692
    Pipe \Device\CNG; PID: 15872
    Pipe \Device\CNG; PID: 18540
    Pipe \Device\CNG; PID: 19656
    Pipe \Device\CNG; PID: 5296
    Pipe \Device\CNG; PID: 7436
    Pipe \Device\DfsClient; PID: 10168
    Pipe \Device\Harddisk0\DR0; PID: 1284
    Pipe \Device\HarddiskVolume1; PID: 10168
    Pipe \Device\HarddiskVolume1; PID: 15872
    Pipe \Device\HarddiskVolume10; PID: 10168
    Pipe \Device\HarddiskVolume10; PID: 15872
    Pipe \Device\HarddiskVolume11; PID: 10168
    Pipe \Device\HarddiskVolume11; PID: 15872
    Pipe \Device\HarddiskVolume12; PID: 10168
    Pipe \Device\HarddiskVolume12; PID: 15872
    Pipe \Device\HarddiskVolume2; PID: 10168
    Pipe \Device\HarddiskVolume2; PID: 15872
    Pipe \Device\HarddiskVolume3; PID: 10168
    Pipe \Device\HarddiskVolume3; PID: 15872
    Pipe \Device\HarddiskVolume4; PID: 10168
    Pipe \Device\HarddiskVolume4; PID: 15872
    Pipe \Device\HarddiskVolume5; PID: 10168
    Pipe \Device\HarddiskVolume5; PID: 15872
    Pipe \Device\HarddiskVolume6; PID: 10168
    Pipe \Device\HarddiskVolume6; PID: 15872
    Pipe \Device\HarddiskVolume7; PID: 10168
    Pipe \Device\HarddiskVolume7; PID: 15872
    Pipe \Device\HarddiskVolume9; PID: 10168
    Pipe \Device\HarddiskVolume9; PID: 1284
    Pipe \Device\HarddiskVolume9; PID: 15872
    Pipe \Device\IDMWFP; PID: 10168
    Pipe \Device\KsecDD; PID: 10168
    Pipe \Device\KsecDD; PID: 1284
    Pipe \Device\KsecDD; PID: 14692
    Pipe \Device\KsecDD; PID: 15872
    Pipe \Device\KsecDD; PID: 19656
    Pipe \Device\KsecDD; PID: 5296
    Pipe \Device\KsecDD; PID: 7436
    Pipe \Device\MountPointManager; PID: 10168
    Pipe \Device\MountPointManager; PID: 1284
    Pipe \Device\MountPointManager; PID: 15872
    Pipe \Device\MountPointManager; PID: 5296
    Pipe \Device\MountPointManager; PID: 7436
    Pipe \Device\Mup; PID: 10168
    Pipe \device\namedpipe\dav rpc service; PID: 10168
    Pipe \Device\NamedPipe\IDMNetworkMonitor.1; PID: 10168
    Pipe \device\namedpipe\idmnetworkmonitor.1; PID: 10168
    Pipe \device\namedpipe\srvsvc; PID: 10168
    Pipe \device\namedpipe\wkssvc; PID: 10168
    Pipe \Device\Ndis; PID: 19656
    Pipe \Device\NDMP10; PID: 19656
    Pipe \Device\NDMP11; PID: 19656
    Pipe \Device\NDMP12; PID: 19656
    Pipe \Device\NDMP13; PID: 19656
    Pipe \Device\NDMP14; PID: 19656
    Pipe \Device\NDMP15; PID: 19656
    Pipe \Device\NDMP16; PID: 19656
    Pipe \Device\NDMP17; PID: 19656
    Pipe \Device\NDMP7; PID: 19656
    Pipe \Device\NDMP8; PID: 19656
    Pipe \Device\NDMP9; PID: 19656
    Pipe O \Device\Afd; PID: 10168
    Pipe O \Device\Afd; PID: 5296
    Pipe O \Device\Afd; PID: 7436
    Pipe O \device\namedpipe\logapi; PID: 10168
    Pipe O \device\namedpipe\logapi; PID: 18540
    Pipe O \device\namedpipe\logapi; PID: 5296
    Pipe O \device\namedpipe\logapi; PID: 7436
    Pipe O \Device\Nsi; PID: 5296
    Pipe O \Device\Nsi; PID: 7436
    WinCls -------------------------------
    WinCls O aim_MessengerServerWindow; PID: 10168
    WinCls O aim_MessengerServerWindow; PID: 15872
    WinCls O aim_MessengerServerWindow; PID: 19656
    WinCls O aim_MessengerServerWindow; PID: 5296
    WinCls O aim_MessengerServerWindow; PID: 7436
    WinCls O Shell_TrayWnd; PID: 10168
    WinCls O Shell_TrayWnd; PID: 15872
    WinCls O Shell_TrayWnd; PID: 19656
    WinCls O Shell_TrayWnd; PID: 5296
    WinCls O Shell_TrayWnd; PID: 7436
    WinCls X aim_MessengerShellServerWindow; PID: 10168
    WinCls X aim_MessengerShellServerWindow; PID: 15872
    WinCls X aim_MessengerShellServerWindow; PID: 19656
    WinCls X aim_MessengerShellServerWindow; PID: 5296
    WinCls X aim_MessengerShellServerWindow; PID: 7436
    WinCls X ApplicationManager_DesktopShellWindow; PID: 10168
    WinCls X Progman; PID: 10168
    WinCls X Progman; PID: 15872
    WinCls X Progman; PID: 19656
    WinCls X Progman; PID: 5296
    WinCls X Progman; PID: 7436
    WinCls X TFirstForm; PID: 10168
    WinCls X TFirstForm; PID: 15872
     
  11. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    I don't see anything in the report that help me to identify the problem.

    Make next test...

    In the same VM you used to test notepad install Comodo and check if notepad crashes.
     
  12. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Released BSA 1.89 Beta 6.

    - Fixed error message when BSA is executed for first time from a clean installation
    - VirusTotal works again in all features using it

    From this version Sandboxie 5.41.0 is the minimum required version.
     
    Last edited: Jun 16, 2020
  13. revant

    revant Registered Member

    Joined:
    May 22, 2020
    Posts:
    2
    Location:
    canada
    DL link pls.

    Thanks.
     
  14. revant

    revant Registered Member

    Joined:
    May 22, 2020
    Posts:
    2
    Location:
    canada
    Sorry, saw it on website.
     
  15. syrog

    syrog Registered Member

    Joined:
    Jul 13, 2013
    Posts:
    32
    Could you please provide the download link to the last compatible BSA version with Sandboxie 5.33.3 ?
     
  16. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    BSA 1.89 Beta 5 can be downloaded from here:

    https://1fichier.com/?716fodhlg017ixhho4bs
     
  17. syrog

    syrog Registered Member

    Joined:
    Jul 13, 2013
    Posts:
    32
  18. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    I had a Buster Sandbox Analyzer 1.89 version I never released. This unreleased version included a pair of new features. One of them was perceptual hashing support.

    You can read about perceptual hashing at wikipedia: https://en.wikipedia.org/wiki/Perceptual_hashing

    The feature is supported using pHash from pHash.org: https://www.phash.org/

    I will include this feature in BSA 1.89 Beta 7.

    The other feature is related to the analysis of the screenshots using OCR technology. This feature can be useful to identify malwares for the messages showed on screen, like ransomwares.

    I don't know if I'll include this feature yet.
     
  19. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Released Buster Sandbox Analyzer 1.89 Beta 7. If no new features are requested and no bugs are found probably this will be the last version.

    Beta 7 contains the last two unreleased features:

    - Perceptual hashing support
    - Screenshot OCR verification

    Perceptual hashing feature works this way:

    Go to "Utilities > Perceptual Hash Manager".

    In "File to process" you can select an EXE or a JPG file.

    When an EXE file is selected, program's icon will be processed.
    When an JPG file is selected, the JPG will be processed.

    You must associate the EXE's icon or the JPG file to a behavior.

    The JPG should be a screenshot from a malware analyzed previously.

    Screenshot OCR verification works this way:

    When the required options are enabled ("Options > Automatic Analysis Options > Take Screenshots" and "Options > Report Options > Information > Screenshots > Include Screenshot OCR Information") Buster Sandbox Analyzer will save screenshots and it will create OCR text files containing OCR information from screenshots.

    When you have identified a malware showing a message on screen you can open the OCR text file and copy part of the message. Then you go to "Editor > Configuration Files > Edit OCR.DAT".

    Then you must copy the string you got from OCR text file, paste it and then include "<->Behaviour". Something like this:

    Any attempt to remove or damage this software will lead to the immediate<->Traces of ransomware

    You can add a OCR string/behavior per line.

    Perceptual hashing support and screenshot OCR verification are features that will work only in automatic mode, not in manual. In manual mode only the perceptual hashing of EXE's icon will be performed when the required option is enabled.
     
  20. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Did you test using new LOG_API?

    https://github.com/sandboxie-plus/LogApiDll/releases/download/1.0.5/LogApiDll.zip
     
  21. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
  22. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    254
    Location:
    Poland
  23. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    There will be a Buster Sandbox Analyzer Beta 8 version with new stuff.

    Minor change:

    In previous version I forgot to include "Perceptual Hash Information for Dropped Files". Beta 8 will include this option.

    Major change:

    Some malwares inject code to system processes. As Sandboxie doesn't allow that, these malwares will not show all its functionalities due code injection failure.

    I requested David a feature to hide processes running outside the sandbox. He added this feature in version 5.42.0. This new feature will allow BSA to trick simple malwares into thinking they are injecting code to system processes.

    Here you can see the analysis of "Kronos" malware done with old Sandboxie version:

    Detailed report of suspicious malware actions:

    Checked for debuggers
    Defined file type created: C:\Users\Buster\AppData\Roaming\Mozilla\Firefox\Profiles\8g6qu7uj.default-1529203837497\user.js
    Detected Anti-Malware Analyzer routine: Disk information query
    Error reporting dialog change: machine\software\microsoft\windows\windows error reporting\dontshowui = 00000001
    Got volume information
    Removed Zone.Identifier information
    Traces of Max++

    And here you can see the analysis done with new Sandboxie version, hiding "svchost" process outside the sandbox and running a dummy "svchost" inside the sandbox:

    Detailed report of suspicious malware actions:

    Checked for Chrome browser software presence
    Checked for debuggers
    Checked for The Hacker security software presence
    Created a mutex named: Global\bd3218050904dd2793b510303491bac9
    Created an event named: Global\bd321805R
    Created process: C:\Windows\system32\svchost.exe, null, null
    Defined code injection in process: C:\Windows\SysWOW64\svchost.exe
    Defined file type created: C:\Users\Buster\AppData\Roaming\Mozilla\Firefox\Profiles\8g6qu7uj.default-1529203837497\user.js
    Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\bd321805 = C:\Users\Buster\AppData\Roaming\Microsoft\{47DAAAF6-EEA7-41C2-9318-B37374016982}\bd321805.exe
    Detected Anti-Malware Analyzer routine: Disk information query
    Detected privilege modification
    Detected process privilege elevation
    Enumerated running processes
    Error reporting dialog change: machine\software\microsoft\windows\windows error reporting\dontshowui = 00000001
    Got volume information
    Queried DNS: api.real-debrid.com
    Removed Zone.Identifier information
    Traces of Max++

    Now the analyzed file shows more activity, being easy to identify it as malware.
     
  24. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    65
    Awesome news! I'm still elated that you've resumed BSA. It's a fantastic tool, and Sandboxie should've incorporated it into its abilities long ago.

    Any chance BSA will work with Sandboxie Plus? Referring to David's releases here: https://github.com/sandboxie-plus/Sandboxie
     
  25. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    yes it does work perfectly with it
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.