ID | #12091 |
MD5 hash value | a86ac0ad1f8928e8d4e1b728448f54f9 |
SHA1 hash value | 207a8b797fed46abbb72fe2555687887f36094bf |
File name | a86ac0ad1f8928e8d4e1b728448f54f9.exe |
File size | 1713664 |
File type | PE32 (gui) |
Creation Time | 2014-09-18 14:39 (UTC+2) |
Execution successful | |
Prescript | - |
Commandline parameters | - |
Number of processes | 33 |
Termination reason | Timeout |
Analyzer Version | 1.1.0 |
Analyzer Build Date | 2014-09-18 12:58 |
Guest Architecture | x86 64-bit |
Guest OS | Windows NT based |
Kernel Version | 6.1.7601.18409 (bf9e1903-5978-4c2d-8796-cf5537b238b4) |
Information |
---|
Data may be missing due to evasive loop detection |
Kernel code was executed |
ID | PID | Monitor Reason | CMD Line | Origin PID |
---|---|---|---|---|
#1 | 0xb6c | analysis_target | "C:\Users\user\Desktop\a86ac0ad1f8928e8d4e1b728448f54f9.exe" | - |
#2 | 0xb90 | child_process | "C:\Windows\$NtUninstallQ923283$\pxinsi64.exe" | 0xb6c |
#3 | 0x4 | kernel_analysis | - | - |
#4 | 0xf8 | child_process | \SystemRoot\System32\smss.exe | 0x4 |
#5 | 0x148 | child_process | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 | 0xf8 |
#6 | 0x16c | child_process | wininit.exe | 0xf8 |
#7 | 0x178 | child_process | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 | 0xf8 |
#8 | 0x1a0 | child_process | winlogon.exe | 0xf8 |
#9 | 0x1c4 | child_process | C:\Windows\system32\services.exe | 0x16c |
#10 | 0x1cc | child_process | C:\Windows\system32\lsass.exe | 0x16c |
#11 | 0x1d4 | child_process | C:\Windows\system32\lsm.exe | 0x16c |
#12 | 0x244 | child_process | C:\Windows\system32\svchost.exe -k DcomLaunch | 0x1c4 |
#13 | 0x288 | child_process | C:\Windows\system32\svchost.exe -k RPCSS | 0x1c4 |
#14 | 0x2b8 | child_process | C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted | 0x1c4 |
#15 | 0x314 | child_process | C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted | 0x1c4 |
#16 | 0x36c | child_process | C:\Windows\system32\svchost.exe -k LocalService | 0x1c4 |
#17 | 0x394 | child_process | C:\Windows\system32\svchost.exe -k netsvcs | 0x1c4 |
#18 | 0x3dc | child_process | C:\Windows\system32\svchost.exe -k GPSvcGroup | 0x1c4 |
#19 | 0x1d0 | child_process | C:\Windows\system32\svchost.exe -k NetworkService | 0x1c4 |
#20 | 0x464 | child_process | C:\Windows\System32\spoolsv.exe | 0x1c4 |
#21 | 0x48c | child_process | "taskhost.exe" | 0x1c4 |
#22 | 0x494 | child_process | C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork | 0x1c4 |
#23 | 0x4d8 | child_process | taskeng.exe {156F8AD7-825D-4321-B1E4-BA03D81FD813} S-1-5-21-272637189-1204002015-1709914517-1000:user-PC\user:Interactive:Highest[1] | 0x394 |
#24 | 0x558 | child_process | C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation | 0x1c4 |
#25 | 0x698 | child_process | C:\Windows\system32\sppsvc.exe | 0x1c4 |
#26 | 0x6cc | child_process | C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted | 0x1c4 |
#27 | 0x734 | child_process | C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding | 0x244 |
#28 | 0x688 | child_process | C:\Windows\system32\SearchIndexer.exe /Embedding | 0x1c4 |
#29 | 0x1b8 | child_process | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-272637189-1204002015-1709914517-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-272637189-1204002015-1709914517-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1" | 0x688 |
#30 | 0x5b0 | child_process | "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516 | 0x688 |
#31 | 0x790 | child_process | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | 0x688 |
#32 | 0x824 | child_process | "C:\Windows\system32\Dwm.exe" | 0x314 |
#33 | 0x830 | child_process | C:\Windows\Explorer.EXE | 0x1a0 |
ID | #1 |
OS PID | 0xb6c |
OS Parent PID | 0x830 |
Image Name | a86ac0ad1f8928e8d4e1b728448f54f9.exe |
Page Root | 0x7a19d000 |
Monitor Reason | analysis_target |
Unmonitor Reason | (still running) |
CMD Line | "C:\Users\user\Desktop\a86ac0ad1f8928e8d4e1b728448f54f9.exe" |
Current Directory | C:\Users\user\Desktop\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | private | |
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
private_0x0000000000020000 | 0x00020000 | 0x0002ffff | private | |
private_0x0000000000030000 | 0x00030000 | 0x00031fff | private | |
private_0x0000000000030000 | 0x00030000 | 0x00030fff | private | |
apisetschema.dll | 0x00040000 | 0x00040fff | mapped_file | |
private_0x0000000000050000 | 0x00050000 | 0x0008ffff | private | |
private_0x0000000000090000 | 0x00090000 | 0x0018ffff | private | |
pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | pagefile_backed | |
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | pagefile_backed | |
private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | private | |
locale.nls | 0x001c0000 | 0x00226fff | mapped_file | |
pagefile_0x0000000000230000 | 0x00230000 | 0x003b7fff | pagefile_backed | |
private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | private | |
oleaccrc.dll | 0x003d0000 | 0x003d0fff | mapped_file | |
private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | private | |
private_0x00000000003f0000 | 0x003f0000 | 0x003f4fff | private | |
a86ac0ad1f8928e8d4e1b728448f54f9.exe | 0x00400000 | 0x006d9fff | mapped_file | |
pagefile_0x00000000006e0000 | 0x006e0000 | 0x00860fff | pagefile_backed | |
private_0x0000000000870000 | 0x00870000 | 0x008affff | private | |
private_0x00000000008b0000 | 0x008b0000 | 0x0092ffff | private | |
private_0x0000000000930000 | 0x00930000 | 0x00acbfff | private | |
private_0x0000000000930000 | 0x00930000 | 0x00a2ffff | private | |
private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | private | |
private_0x0000000000a40000 | 0x00a40000 | 0x00a46fff | private | |
private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | private | |
private_0x0000000000a60000 | 0x00a60000 | 0x00a76fff | private | |
private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | private | |
private_0x0000000000a90000 | 0x00a90000 | 0x00a9efff | private | |
private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | private | |
private_0x0000000000b00000 | 0x00b00000 | 0x00bfffff | private | |
pagefile_0x0000000000c00000 | 0x00c00000 | 0x01ffffff | pagefile_backed | |
private_0x0000000002000000 | 0x02000000 | 0x0219bfff | private | |
private_0x0000000002000000 | 0x02000000 | 0x020fffff | private | |
private_0x0000000002000000 | 0x02000000 | 0x020fffff | private | |
private_0x00000000021a0000 | 0x021a0000 | 0x023abfff | private | |
private_0x00000000023b0000 | 0x023b0000 | 0x02471fff | private | |
apphelp.dll | 0x741d0000 | 0x7421bfff | mapped_file | |
secur32.dll | 0x74220000 | 0x74227fff | mapped_file | |
oleacc.dll | 0x74230000 | 0x7426bfff | mapped_file | |
wow64cpu.dll | 0x74270000 | 0x74277fff | mapped_file | |
wow64win.dll | 0x74280000 | 0x742dbfff | mapped_file | |
wow64.dll | 0x742e0000 | 0x7431efff | mapped_file | |
cryptbase.dll | 0x75240000 | 0x7524bfff | mapped_file | |
sspicli.dll | 0x75250000 | 0x752affff | mapped_file | |
imm32.dll | 0x752e0000 | 0x7533ffff | mapped_file | |
user32.dll | 0x754f0000 | 0x755effff | mapped_file | |
kernel32.dll | 0x755f0000 | 0x756fffff | mapped_file | |
msvcrt.dll | 0x75830000 | 0x758dbfff | mapped_file | |
advapi32.dll | 0x758f0000 | 0x7598ffff | mapped_file | |
msctf.dll | 0x75990000 | 0x75a5bfff | mapped_file | |
ole32.dll | 0x75a70000 | 0x75bcbfff | mapped_file | |
sechost.dll | 0x75f90000 | 0x75fa8fff | mapped_file | |
shlwapi.dll | 0x75fb0000 | 0x76006fff | mapped_file | |
shell32.dll | 0x76280000 | 0x76ec9fff | mapped_file | |
usp10.dll | 0x770a0000 | 0x7713cfff | mapped_file | |
KernelBase.dll | 0x77140000 | 0x77186fff | mapped_file | |
lpk.dll | 0x77190000 | 0x77199fff | mapped_file | |
gdi32.dll | 0x771a0000 | 0x7722ffff | mapped_file | |
rpcrt4.dll | 0x77360000 | 0x7744ffff | mapped_file | |
private_0x0000000077450000 | 0x77450000 | 0x77549fff | private | |
private_0x0000000077550000 | 0x77550000 | 0x7766efff | private | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
ntdll.dll | 0x77850000 | 0x779cffff | mapped_file | |
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | pagefile_backed | |
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | private | |
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | private | |
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | private | |
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | private | |
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | private |
OS TIDs |
---|
0xb70, 0xb74, 0xb78, 0xb7c |
Filename | MD5 | SHA1 |
---|---|---|
c:\windows\$ntuninstallq923283$\fdisk.sys | 921ad714e7fb01aaa8e9b960544e0d36 | 9e327408fedb128b5717cf0f0093756132624951 |
c:\windows\$ntuninstallq923283$\usbehub.sys | eaea9ccb40c82af8f3867cd0f4dd5e9d | 7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c |
c:\windows\$ntuninstallq923283$\pxinsi64.exe | f156ff2a1694f479a079f6777f0c5af0 | 1f55bdf960d70c0571e171c2c75701998552dc43 |
ID | #2 |
OS PID | 0xb90 |
OS Parent PID | 0xb6c |
Image Name | pxinsi64.exe |
Page Root | 0x08576000 |
Monitor Reason | child_process |
Unmonitor Reason | self_terminated |
CMD Line | "C:\Windows\$NtUninstallQ923283$\pxinsi64.exe" |
Current Directory | C:\Users\user\Desktop\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | private | |
private_0x0000000000030000 | 0x00030000 | 0x0012ffff | private | |
pagefile_0x0000000000130000 | 0x00130000 | 0x00133fff | pagefile_backed | |
private_0x0000000000140000 | 0x00140000 | 0x00140fff | private | |
locale.nls | 0x00150000 | 0x001b6fff | mapped_file | |
private_0x00000000001e0000 | 0x001e0000 | 0x002dffff | private | |
pxinsi64.exe | 0x00400000 | 0x00403fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
private_0x000000007fff1000 | 0x7fff1000 | 0x7fff1fff | private | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffd9fff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0xb94 |
ID | #3 |
OS PID | 0x4 |
OS Parent PID | 0xffffffffffffffff |
Image Name | SYSTEM |
Page Root | 0x00187000 |
Monitor Reason | kernel_analysis |
Unmonitor Reason | (still running) |
CMD Line | - |
Current Directory | - |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x00032fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x0005ffff | pagefile_backed | |
pagefile_0x0000000000060000 | 0x00060000 | 0x0007ffff | pagefile_backed | |
pagefile_0x0000000000080000 | 0x00080000 | 0x00080fff | pagefile_backed | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
ntdll.dll | 0x77850000 | 0x779cffff | mapped_file | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
pagefile_0x000007fffebd0000 | 0x7fffebd0000 | 0x7fffebfffff | pagefile_backed | |
pagefile_0x000007ffff0d0000 | 0x7ffff0d0000 | 0x7ffff0fffff | pagefile_backed | |
pagefile_0x000007ffff5d0000 | 0x7ffff5d0000 | 0x7ffff5fffff | pagefile_backed | |
pagefile_0x000007ffffad0000 | 0x7ffffad0000 | 0x7ffffafffff | pagefile_backed |
OS TIDs |
---|
0xa28, 0x9ac, 0x7c, 0x60, 0x434, 0x8a4, 0xec, 0x458, 0x50, 0x45c, 0x530, 0x18, 0x20, 0x7c8, 0x760, 0x1c, 0x620, 0x610, 0x600, 0x5f0, 0x5e0, 0x5d4, 0x598, 0x78, 0x52c, 0x4e8, 0x10, 0x454, 0xc4, 0xc8, 0x138, 0xac, 0x3ec, 0x84, 0x80, 0x88, 0x2fc, 0x280, 0x74, 0x94, 0x90, 0x128, 0x8c, 0x118, 0xf4, 0x24, 0x18c, 0x5c, 0x130, 0x4c, 0x2c, 0x124, 0xb8, 0x120, 0xa4, 0x11c, 0x38, 0x3c, 0x48, 0x68, 0x10c, 0x28, 0x9c, 0x40, 0xb4, 0x44, 0x8, 0x0, 0xb9c, 0xba0, 0xba4, 0xba8, 0xbac, 0xbb0, 0xbb4, 0xbb8, 0xbbc, 0xbc0, 0xbc4, 0xbc8 |
ID | #4 |
OS PID | 0xf8 |
OS Parent PID | 0x4 |
Image Name | smss.exe |
Page Root | 0x220db000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | \SystemRoot\System32\smss.exe |
Current Directory | C:\Windows |
Name | Start VA | End VA | Type | Monitored |
---|
OS TIDs |
---|
0x174, 0x13c, 0x100, 0xfc |
ID | #5 |
OS PID | 0x148 |
OS Parent PID | 0xffffffffffffffff |
Image Name | csrss.exe |
Page Root | 0x1b918000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 |
Current Directory | C:\Windows\system32 |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
locale.nls | 0x00010000 | 0x00076fff | mapped_file | |
csrss.exe.mui | 0x00080000 | 0x00080fff | mapped_file | |
winsrv.dll.mui | 0x00090000 | 0x00091fff | mapped_file | |
private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | private | |
pagefile_0x00000000000b0000 | 0x000b0000 | 0x000bffff | pagefile_backed | |
marlett.ttf | 0x000c0000 | 0x000c6fff | mapped_file | |
pagefile_0x00000000000d0000 | 0x000d0000 | 0x000e7fff | pagefile_backed | |
private_0x00000000000f0000 | 0x000f0000 | 0x001effff | private | |
vgasys.fon | 0x001f0000 | 0x001f1fff | mapped_file | |
private_0x0000000000200000 | 0x00200000 | 0x00200fff | private | |
pagefile_0x0000000000210000 | 0x00210000 | 0x0021ffff | pagefile_backed | |
private_0x0000000000220000 | 0x00220000 | 0x0025ffff | private | |
private_0x0000000000260000 | 0x00260000 | 0x0035ffff | private | |
private_0x0000000000360000 | 0x00360000 | 0x0039ffff | private | |
segoeui.ttf | 0x003a0000 | 0x0041efff | mapped_file | |
pagefile_0x0000000000420000 | 0x00420000 | 0x0042ffff | pagefile_backed | |
pagefile_0x0000000000430000 | 0x00430000 | 0x0043ffff | pagefile_backed | |
private_0x0000000000440000 | 0x00440000 | 0x0047ffff | private | |
pagefile_0x0000000000480000 | 0x00480000 | 0x004affff | pagefile_backed | |
pagefile_0x00000000004b0000 | 0x004b0000 | 0x004bffff | pagefile_backed | |
pagefile_0x00000000004c0000 | 0x004c0000 | 0x004cffff | pagefile_backed | |
private_0x00000000004d0000 | 0x004d0000 | 0x004dffff | private | |
pagefile_0x00000000004e0000 | 0x004e0000 | 0x00660fff | pagefile_backed | |
pagefile_0x0000000000670000 | 0x00670000 | 0x0067ffff | pagefile_backed | |
private_0x0000000000680000 | 0x00680000 | 0x006bffff | private | |
pagefile_0x00000000006c0000 | 0x006c0000 | 0x006c1fff | pagefile_backed | |
pagefile_0x00000000006d0000 | 0x006d0000 | 0x006dffff | pagefile_backed | |
pagefile_0x00000000006e0000 | 0x006e0000 | 0x006effff | pagefile_backed | |
pagefile_0x00000000006f0000 | 0x006f0000 | 0x006fffff | pagefile_backed | |
pagefile_0x0000000000700000 | 0x00700000 | 0x0070ffff | pagefile_backed | |
pagefile_0x0000000000710000 | 0x00710000 | 0x0071ffff | pagefile_backed | |
pagefile_0x0000000000720000 | 0x00720000 | 0x0072ffff | pagefile_backed | |
pagefile_0x0000000000730000 | 0x00730000 | 0x0073ffff | pagefile_backed | |
pagefile_0x0000000000740000 | 0x00740000 | 0x0074ffff | pagefile_backed | |
pagefile_0x0000000000750000 | 0x00750000 | 0x0075ffff | pagefile_backed | |
private_0x0000000000760000 | 0x00760000 | 0x0079ffff | private | |
private_0x00000000007a0000 | 0x007a0000 | 0x007dffff | private | |
pagefile_0x00000000007e0000 | 0x007e0000 | 0x00967fff | pagefile_backed | |
private_0x0000000000970000 | 0x00970000 | 0x009affff | private | |
pagefile_0x00000000009b0000 | 0x009b0000 | 0x01daffff | pagefile_backed | |
pagefile_0x0000000001db0000 | 0x01db0000 | 0x01dbffff | pagefile_backed | |
pagefile_0x0000000001dc0000 | 0x01dc0000 | 0x01dcffff | pagefile_backed | |
pagefile_0x0000000001dd0000 | 0x01dd0000 | 0x01ddffff | pagefile_backed | |
pagefile_0x0000000001de0000 | 0x01de0000 | 0x01deffff | pagefile_backed | |
private_0x0000000001e50000 | 0x01e50000 | 0x01e8ffff | private | |
pagefile_0x0000000001e90000 | 0x01e90000 | 0x01f4ffff | pagefile_backed | |
pagefile_0x0000000001f50000 | 0x01f50000 | 0x0200ffff | pagefile_backed | |
pagefile_0x0000000002010000 | 0x02010000 | 0x020cffff | pagefile_backed | |
pagefile_0x00000000020d0000 | 0x020d0000 | 0x0218ffff | pagefile_backed | |
csrss.exe | 0x49c60000 | 0x49c65fff | mapped_file | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
sxs.dll | 0x7fefd2f0000 | 0x7fefd380fff | mapped_file | |
sxssrv.dll | 0x7fefd3f0000 | 0x7fefd3fbfff | mapped_file | |
winsrv.dll | 0x7fefd400000 | 0x7fefd437fff | mapped_file | |
basesrv.dll | 0x7fefd440000 | 0x7fefd450fff | mapped_file | |
csrsrv.dll | 0x7fefd460000 | 0x7fefd472fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdafff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x1e8, 0x1ac, 0x1a8, 0x180, 0x160, 0x15c, 0x158, 0x154, 0x14c |
ID | #6 |
OS PID | 0x16c |
OS Parent PID | 0xffffffffffffffff |
Image Name | wininit.exe |
Page Root | 0x1b51e000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | wininit.exe |
Current Directory | C:\Windows\system32 |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
locale.nls | 0x00020000 | 0x00086fff | mapped_file | |
user32.dll.mui | 0x00090000 | 0x00094fff | mapped_file | |
private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | private | |
private_0x00000000000b0000 | 0x000b0000 | 0x000b0fff | private | |
private_0x00000000000c0000 | 0x000c0000 | 0x0013ffff | private | |
private_0x0000000000140000 | 0x00140000 | 0x0023ffff | private | |
private_0x0000000000240000 | 0x00240000 | 0x00240fff | private | |
private_0x0000000000250000 | 0x00250000 | 0x0025ffff | private | |
pagefile_0x0000000000270000 | 0x00270000 | 0x0029ffff | pagefile_backed | |
private_0x00000000002c0000 | 0x002c0000 | 0x003bffff | private | |
pagefile_0x00000000003c0000 | 0x003c0000 | 0x00547fff | pagefile_backed | |
pagefile_0x0000000000550000 | 0x00550000 | 0x006d0fff | pagefile_backed | |
private_0x0000000000750000 | 0x00750000 | 0x007cffff | private | |
private_0x00000000007d0000 | 0x007d0000 | 0x0084ffff | private | |
private_0x00000000008a0000 | 0x008a0000 | 0x0091ffff | private | |
private_0x0000000000a70000 | 0x00a70000 | 0x00aeffff | private | |
private_0x0000000000b00000 | 0x00b00000 | 0x00b7ffff | private | |
private_0x0000000000c80000 | 0x00c80000 | 0x00cfffff | private | |
private_0x0000000000d30000 | 0x00d30000 | 0x00daffff | private | |
pagefile_0x0000000000db0000 | 0x00db0000 | 0x021affff | pagefile_backed | |
private_0x0000000002210000 | 0x02210000 | 0x0228ffff | private | |
SortDefault.nls | 0x02290000 | 0x0255efff | mapped_file | |
private_0x0000000002580000 | 0x02580000 | 0x025fffff | private | |
private_0x0000000002680000 | 0x02680000 | 0x026fffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
wininit.exe | 0xfff40000 | 0xfff62fff | mapped_file | |
WSHTCPIP.DLL | 0x7fefc640000 | 0x7fefc646fff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
wship6.dll | 0x7fefcc10000 | 0x7fefcc16fff | mapped_file | |
mswsock.dll | 0x7fefcc20000 | 0x7fefcc74fff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
apphelp.dll | 0x7fefd280000 | 0x7fefd2d6fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
ws2_32.dll | 0x7fefdda0000 | 0x7fefddecfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | private | |
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | private | |
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | private | |
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | private | |
private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | private | |
private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x2c0, 0x200, 0x1dc, 0x1bc, 0x1b8, 0x188, 0x184, 0x170 |
ID | #7 |
OS PID | 0x178 |
OS Parent PID | 0xffffffffffffffff |
Image Name | csrss.exe |
Page Root | 0x1b681000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 |
Current Directory | C:\Windows\system32 |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
locale.nls | 0x00010000 | 0x00076fff | mapped_file | |
winsrv.dll.mui | 0x00080000 | 0x00081fff | mapped_file | |
pagefile_0x0000000000090000 | 0x00090000 | 0x0009ffff | pagefile_backed | |
private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | private | |
vgasys.fon | 0x000b0000 | 0x000b1fff | mapped_file | |
private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | private | |
pagefile_0x00000000000d0000 | 0x000d0000 | 0x000dffff | pagefile_backed | |
marlett.ttf | 0x000e0000 | 0x000e6fff | mapped_file | |
pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f1fff | pagefile_backed | |
private_0x0000000000100000 | 0x00100000 | 0x0013ffff | private | |
pagefile_0x0000000000140000 | 0x00140000 | 0x0014ffff | pagefile_backed | |
private_0x0000000000150000 | 0x00150000 | 0x0024ffff | private | |
private_0x0000000000250000 | 0x00250000 | 0x0034ffff | private | |
pagefile_0x0000000000350000 | 0x00350000 | 0x00367fff | pagefile_backed | |
private_0x0000000000370000 | 0x00370000 | 0x0037ffff | private | |
pagefile_0x0000000000380000 | 0x00380000 | 0x00500fff | pagefile_backed | |
pagefile_0x0000000000510000 | 0x00510000 | 0x0053ffff | pagefile_backed | |
pagefile_0x0000000000540000 | 0x00540000 | 0x0054ffff | pagefile_backed | |
pagefile_0x0000000000550000 | 0x00550000 | 0x0055ffff | pagefile_backed | |
private_0x0000000000560000 | 0x00560000 | 0x0059ffff | private | |
pagefile_0x00000000005a0000 | 0x005a0000 | 0x005affff | pagefile_backed | |
pagefile_0x00000000005b0000 | 0x005b0000 | 0x005bffff | pagefile_backed | |
pagefile_0x00000000005c0000 | 0x005c0000 | 0x005cffff | pagefile_backed | |
vga850.fon | 0x005d0000 | 0x005d1fff | mapped_file | |
private_0x00000000005e0000 | 0x005e0000 | 0x0061ffff | private | |
segoeui.ttf | 0x00620000 | 0x0069efff | mapped_file | |
private_0x00000000006a0000 | 0x006a0000 | 0x006dffff | private | |
app850.fon | 0x006e0000 | 0x006e8fff | mapped_file | |
cga40850.fon | 0x006f0000 | 0x006f1fff | mapped_file | |
private_0x0000000000700000 | 0x00700000 | 0x0073ffff | private | |
pagefile_0x0000000000740000 | 0x00740000 | 0x008c7fff | pagefile_backed | |
cga80850.fon | 0x008d0000 | 0x008d1fff | mapped_file | |
ega40850.fon | 0x008e0000 | 0x008e2fff | mapped_file | |
pagefile_0x00000000008f0000 | 0x008f0000 | 0x008fffff | pagefile_backed | |
private_0x0000000000960000 | 0x00960000 | 0x0099ffff | private | |
private_0x00000000009d0000 | 0x009d0000 | 0x00a0ffff | private | |
pagefile_0x0000000000a10000 | 0x00a10000 | 0x01e0ffff | pagefile_backed | |
micross.ttf | 0x01e10000 | 0x01eaffff | mapped_file | |
segoeuii.ttf | 0x01eb0000 | 0x01f0efff | mapped_file | |
segoeuib.ttf | 0x01f10000 | 0x01f89fff | mapped_file | |
csrss.exe | 0x49c60000 | 0x49c65fff | mapped_file | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
sxs.dll | 0x7fefd2f0000 | 0x7fefd380fff | mapped_file | |
sxssrv.dll | 0x7fefd3f0000 | 0x7fefd3fbfff | mapped_file | |
winsrv.dll | 0x7fefd400000 | 0x7fefd437fff | mapped_file | |
basesrv.dll | 0x7fefd440000 | 0x7fefd450fff | mapped_file | |
csrsrv.dll | 0x7fefd460000 | 0x7fefd472fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | private | |
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | private | |
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | private | |
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | private | |
private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | private | |
private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | private | |
private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x1e0, 0x1b0, 0x19c, 0x198, 0x194, 0x190, 0x17c, 0x1e4 |
ID | #8 |
OS PID | 0x1a0 |
OS Parent PID | 0xffffffffffffffff |
Image Name | winlogon.exe |
Page Root | 0x1ad47000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | winlogon.exe |
Current Directory | C:\Windows\system32 |
Name | Start VA | End VA | Type | Monitored |
---|
OS TIDs |
---|
0x38c, 0x330, 0x2d4, 0x1c0, 0x1b4, 0x1a4 |
ID | #9 |
OS PID | 0x1c4 |
OS Parent PID | 0x16c |
Image Name | services.exe |
Page Root | 0x1e87f000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\services.exe |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
services.exe.mui | 0x00020000 | 0x00024fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
locale.nls | 0x00060000 | 0x000c6fff | mapped_file | |
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | private | |
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | private | |
private_0x0000000000100000 | 0x00100000 | 0x00100fff | private | |
private_0x0000000000110000 | 0x00110000 | 0x00110fff | private | |
private_0x0000000000200000 | 0x00200000 | 0x002fffff | private | |
pagefile_0x0000000000300000 | 0x00300000 | 0x003bffff | pagefile_backed | |
private_0x00000000003d0000 | 0x003d0000 | 0x003dffff | private | |
private_0x00000000003e0000 | 0x003e0000 | 0x004dffff | private | |
pagefile_0x00000000004e0000 | 0x004e0000 | 0x00667fff | pagefile_backed | |
pagefile_0x0000000000670000 | 0x00670000 | 0x007f0fff | pagefile_backed | |
private_0x0000000000800000 | 0x00800000 | 0x0087ffff | private | |
private_0x00000000008e0000 | 0x008e0000 | 0x0091ffff | private | |
private_0x00000000009c0000 | 0x009c0000 | 0x00a3ffff | private | |
private_0x0000000000a80000 | 0x00a80000 | 0x00afffff | private | |
private_0x0000000000b00000 | 0x00b00000 | 0x00b7ffff | private | |
private_0x0000000000b80000 | 0x00b80000 | 0x00bfffff | private | |
private_0x0000000000c20000 | 0x00c20000 | 0x00c9ffff | private | |
private_0x0000000000ca0000 | 0x00ca0000 | 0x00d1ffff | private | |
private_0x0000000000d70000 | 0x00d70000 | 0x00deffff | private | |
private_0x0000000000ec0000 | 0x00ec0000 | 0x00f3ffff | private | |
private_0x0000000000f50000 | 0x00f50000 | 0x00fcffff | private | |
private_0x0000000000fd0000 | 0x00fd0000 | 0x0104ffff | private | |
private_0x0000000001090000 | 0x01090000 | 0x0110ffff | private | |
private_0x0000000001190000 | 0x01190000 | 0x0120ffff | private | |
private_0x0000000001240000 | 0x01240000 | 0x012bffff | private | |
private_0x00000000012c0000 | 0x012c0000 | 0x013bffff | private | |
private_0x0000000001420000 | 0x01420000 | 0x0149ffff | private | |
private_0x00000000014a0000 | 0x014a0000 | 0x0151ffff | private | |
SortDefault.nls | 0x01520000 | 0x017eefff | mapped_file | |
private_0x00000000017f0000 | 0x017f0000 | 0x018effff | private | |
private_0x00000000018f0000 | 0x018f0000 | 0x01aeffff | private | |
private_0x0000000001af0000 | 0x01af0000 | 0x01ceffff | private | |
private_0x0000000001d30000 | 0x01d30000 | 0x01daffff | private | |
private_0x0000000001de0000 | 0x01de0000 | 0x01e5ffff | private | |
private_0x0000000001f40000 | 0x01f40000 | 0x01fbffff | private | |
private_0x0000000001fc0000 | 0x01fc0000 | 0x0203ffff | private | |
private_0x0000000002060000 | 0x02060000 | 0x020dffff | private | |
private_0x0000000002100000 | 0x02100000 | 0x0217ffff | private | |
private_0x0000000002230000 | 0x02230000 | 0x022affff | private | |
private_0x0000000002320000 | 0x02320000 | 0x0239ffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
services.exe | 0xffff0000 | 0x100042fff | mapped_file | |
wtsapi32.dll | 0x7fefb6c0000 | 0x7fefb6d0fff | mapped_file | |
WSHTCPIP.DLL | 0x7fefc640000 | 0x7fefc646fff | mapped_file | |
ubpm.dll | 0x7fefc840000 | 0x7fefc878fff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
wship6.dll | 0x7fefcc10000 | 0x7fefcc16fff | mapped_file | |
mswsock.dll | 0x7fefcc20000 | 0x7fefcc74fff | mapped_file | |
authz.dll | 0x7fefce70000 | 0x7fefce9efff | mapped_file | |
srvcli.dll | 0x7fefd180000 | 0x7fefd1a2fff | mapped_file | |
scesrv.dll | 0x7fefd1b0000 | 0x7fefd216fff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
scext.dll | 0x7fefd230000 | 0x7fefd248fff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
apphelp.dll | 0x7fefd280000 | 0x7fefd2d6fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
winsta.dll | 0x7fefd390000 | 0x7fefd3ccfff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
ws2_32.dll | 0x7fefdda0000 | 0x7fefddecfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffff8a000 | 0x7fffff8a000 | 0x7fffff8bfff | private | |
private_0x000007fffff8c000 | 0x7fffff8c000 | 0x7fffff8dfff | private | |
private_0x000007fffff8e000 | 0x7fffff8e000 | 0x7fffff8ffff | private | |
private_0x000007fffff90000 | 0x7fffff90000 | 0x7fffff91fff | private | |
private_0x000007fffff92000 | 0x7fffff92000 | 0x7fffff93fff | private | |
private_0x000007fffff94000 | 0x7fffff94000 | 0x7fffff95fff | private | |
private_0x000007fffff96000 | 0x7fffff96000 | 0x7fffff97fff | private | |
private_0x000007fffff98000 | 0x7fffff98000 | 0x7fffff99fff | private | |
private_0x000007fffff9a000 | 0x7fffff9a000 | 0x7fffff9bfff | private | |
private_0x000007fffff9c000 | 0x7fffff9c000 | 0x7fffff9dfff | private | |
private_0x000007fffff9e000 | 0x7fffff9e000 | 0x7fffff9ffff | private | |
private_0x000007fffffa0000 | 0x7fffffa0000 | 0x7fffffa1fff | private | |
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | private | |
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | private | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffdcfff | private |
OS TIDs |
---|
0x21c, 0x218, 0x214, 0x210, 0x684, 0x67c, 0x678, 0x674, 0x670, 0x66c, 0x668, 0x664, 0x49c, 0x478, 0x390, 0x27c, 0x240, 0x23c, 0x238, 0x234, 0x230, 0x22c, 0x228 |
ID | #10 |
OS PID | 0x1cc |
OS Parent PID | 0x16c |
Image Name | lsass.exe |
Page Root | 0x1a9df000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\lsass.exe |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
pagefile_0x0000000000020000 | 0x00020000 | 0x00020fff | pagefile_backed | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
private_0x0000000000060000 | 0x00060000 | 0x00060fff | private | |
private_0x0000000000070000 | 0x00070000 | 0x00070fff | private | |
pagefile_0x0000000000080000 | 0x00080000 | 0x0008ffff | pagefile_backed | |
pagefile_0x0000000000090000 | 0x00090000 | 0x0009ffff | pagefile_backed | |
locale.nls | 0x00120000 | 0x00186fff | mapped_file | |
lsasrv.dll.mui | 0x00190000 | 0x0019bfff | mapped_file | |
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001affff | pagefile_backed | |
private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | private | |
private_0x00000000001c0000 | 0x001c0000 | 0x0023ffff | private | |
private_0x0000000000240000 | 0x00240000 | 0x0033ffff | private | |
private_0x0000000000340000 | 0x00340000 | 0x0043ffff | private | |
C_28591.NLS | 0x00440000 | 0x00450fff | mapped_file | |
private_0x0000000000460000 | 0x00460000 | 0x00460fff | private | |
private_0x0000000000470000 | 0x00470000 | 0x00470fff | private | |
private_0x0000000000480000 | 0x00480000 | 0x00480fff | private | |
private_0x0000000000490000 | 0x00490000 | 0x00490fff | private | |
private_0x00000000004a0000 | 0x004a0000 | 0x004affff | private | |
pagefile_0x00000000004b0000 | 0x004b0000 | 0x00637fff | pagefile_backed | |
private_0x0000000000640000 | 0x00640000 | 0x006bffff | private | |
pagefile_0x00000000006c0000 | 0x006c0000 | 0x00840fff | pagefile_backed | |
pagefile_0x0000000000850000 | 0x00850000 | 0x0090ffff | pagefile_backed | |
private_0x0000000000910000 | 0x00910000 | 0x00910fff | private | |
private_0x0000000000920000 | 0x00920000 | 0x00920fff | private | |
private_0x0000000000930000 | 0x00930000 | 0x00930fff | private | |
private_0x0000000000940000 | 0x00940000 | 0x00940fff | private | |
private_0x0000000000990000 | 0x00990000 | 0x00a0ffff | private | |
private_0x0000000000a30000 | 0x00a30000 | 0x00aaffff | private | |
private_0x0000000000af0000 | 0x00af0000 | 0x00b6ffff | private | |
private_0x0000000000bf0000 | 0x00bf0000 | 0x00c6ffff | private | |
SortDefault.nls | 0x00c70000 | 0x00f3efff | mapped_file | |
private_0x0000000000f90000 | 0x00f90000 | 0x0100ffff | private | |
private_0x0000000001090000 | 0x01090000 | 0x0110ffff | private | |
private_0x0000000001110000 | 0x01110000 | 0x0118ffff | private | |
private_0x00000000011f0000 | 0x011f0000 | 0x0126ffff | private | |
private_0x0000000001270000 | 0x01270000 | 0x0136ffff | private | |
private_0x0000000001370000 | 0x01370000 | 0x0146ffff | private | |
msprivs.dll | 0x75230000 | 0x75231fff | mapped_file | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
lsass.exe | 0xff6d0000 | 0xff6dbfff | mapped_file | |
winnsi.dll | 0x7fefabc0000 | 0x7fefabcafff | mapped_file | |
IPHLPAPI.DLL | 0x7fefabd0000 | 0x7fefabf6fff | mapped_file | |
wkscli.dll | 0x7fefb560000 | 0x7fefb574fff | mapped_file | |
netutils.dll | 0x7fefb580000 | 0x7fefb58bfff | mapped_file | |
WSHTCPIP.DLL | 0x7fefc640000 | 0x7fefc646fff | mapped_file | |
scecli.dll | 0x7fefc800000 | 0x7fefc83dfff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
efslsaext.dll | 0x7fefc8a0000 | 0x7fefc8b1fff | mapped_file | |
bcryptprimitives.dll | 0x7fefc8c0000 | 0x7fefc90bfff | mapped_file | |
pku2u.dll | 0x7fefc910000 | 0x7fefc954fff | mapped_file | |
TSpkg.dll | 0x7fefc960000 | 0x7fefc978fff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
wdigest.dll | 0x7fefc9d0000 | 0x7fefca05fff | mapped_file | |
schannel.dll | 0x7fefca10000 | 0x7fefca66fff | mapped_file | |
logoncli.dll | 0x7fefca70000 | 0x7fefca9ffff | mapped_file | |
dnsapi.dll | 0x7fefcaa0000 | 0x7fefcafafff | mapped_file | |
netlogon.dll | 0x7fefcb00000 | 0x7fefcbadfff | mapped_file | |
msv1_0.dll | 0x7fefcbb0000 | 0x7fefcc01fff | mapped_file | |
wship6.dll | 0x7fefcc10000 | 0x7fefcc16fff | mapped_file | |
mswsock.dll | 0x7fefcc20000 | 0x7fefcc74fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
kerberos.dll | 0x7fefcca0000 | 0x7fefcd57fff | mapped_file | |
negoexts.dll | 0x7fefcd60000 | 0x7fefcd83fff | mapped_file | |
netjoin.dll | 0x7fefcd90000 | 0x7fefcdc1fff | mapped_file | |
bcrypt.dll | 0x7fefcdf0000 | 0x7fefce11fff | mapped_file | |
ncrypt.dll | 0x7fefce20000 | 0x7fefce6cfff | mapped_file | |
authz.dll | 0x7fefce70000 | 0x7fefce9efff | mapped_file | |
cngaudit.dll | 0x7fefcea0000 | 0x7fefcea8fff | mapped_file | |
wevtapi.dll | 0x7fefceb0000 | 0x7fefcf1cfff | mapped_file | |
cryptdll.dll | 0x7fefcf20000 | 0x7fefcf33fff | mapped_file | |
samsrv.dll | 0x7fefcf40000 | 0x7fefcffcfff | mapped_file | |
lsasrv.dll | 0x7fefd000000 | 0x7fefd169fff | mapped_file | |
sspisrv.dll | 0x7fefd170000 | 0x7fefd17afff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
winsta.dll | 0x7fefd390000 | 0x7fefd3ccfff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
msasn1.dll | 0x7fefd480000 | 0x7fefd48efff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
userenv.dll | 0x7fefd4e0000 | 0x7fefd4fdfff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
crypt32.dll | 0x7fefd610000 | 0x7fefd77bfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
ws2_32.dll | 0x7fefdda0000 | 0x7fefddecfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | private | |
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | private | |
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x3b4, 0x310, 0x224, 0x204, 0x1fc, 0x1f8, 0x1f4, 0x1f0, 0x1ec |
ID | #11 |
OS PID | 0x1d4 |
OS Parent PID | 0x16c |
Image Name | lsm.exe |
Page Root | 0x1ea25000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\lsm.exe |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
private_0x0000000000020000 | 0x00020000 | 0x00020fff | private | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
private_0x0000000000040000 | 0x00040000 | 0x000bffff | private | |
pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | pagefile_backed | |
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | private | |
locale.nls | 0x000e0000 | 0x00146fff | mapped_file | |
pagefile_0x0000000000150000 | 0x00150000 | 0x00151fff | pagefile_backed | |
private_0x0000000000160000 | 0x00160000 | 0x001dffff | private | |
pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e1fff | pagefile_backed | |
lsm.exe.mui | 0x001f0000 | 0x001f1fff | mapped_file | |
private_0x0000000000200000 | 0x00200000 | 0x00200fff | private | |
private_0x0000000000210000 | 0x00210000 | 0x00210fff | private | |
private_0x0000000000220000 | 0x00220000 | 0x0031ffff | private | |
private_0x0000000000320000 | 0x00320000 | 0x0041ffff | private | |
pagefile_0x0000000000420000 | 0x00420000 | 0x00420fff | pagefile_backed | |
pagefile_0x0000000000430000 | 0x00430000 | 0x00430fff | pagefile_backed | |
private_0x0000000000440000 | 0x00440000 | 0x004bffff | private | |
private_0x00000000004c0000 | 0x004c0000 | 0x004cffff | private | |
private_0x0000000000540000 | 0x00540000 | 0x005bffff | private | |
private_0x00000000005f0000 | 0x005f0000 | 0x0066ffff | private | |
SortDefault.nls | 0x00670000 | 0x0093efff | mapped_file | |
private_0x00000000009b0000 | 0x009b0000 | 0x00a2ffff | private | |
pagefile_0x0000000000a30000 | 0x00a30000 | 0x00aeffff | pagefile_backed | |
private_0x0000000000b10000 | 0x00b10000 | 0x00b8ffff | private | |
private_0x0000000000c20000 | 0x00c20000 | 0x00c9ffff | private | |
private_0x0000000000cf0000 | 0x00cf0000 | 0x00d6ffff | private | |
private_0x0000000000db0000 | 0x00db0000 | 0x00e2ffff | private | |
private_0x0000000000e70000 | 0x00e70000 | 0x00eeffff | private | |
pagefile_0x0000000000ef0000 | 0x00ef0000 | 0x01077fff | pagefile_backed | |
pagefile_0x0000000001080000 | 0x01080000 | 0x01200fff | pagefile_backed | |
private_0x0000000001230000 | 0x01230000 | 0x012affff | private | |
private_0x0000000001310000 | 0x01310000 | 0x0138ffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
lsm.exe | 0xff790000 | 0xff7e6fff | mapped_file | |
lsmproxy.dll | 0x7fef84f0000 | 0x7fef8500fff | mapped_file | |
ntmarta.dll | 0x7fefc370000 | 0x7fefc39cfff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
pcwum.dll | 0x7fefc890000 | 0x7fefc89cfff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
wmsgapi.dll | 0x7fefcdd0000 | 0x7fefcdd7fff | mapped_file | |
sysntfy.dll | 0x7fefcde0000 | 0x7fefcde9fff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
Wldap32.dll | 0x7fefe0c0000 | 0x7fefe111fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | private | |
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | private | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd6fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x818, 0x340, 0x308, 0x2f8, 0x2f4, 0x2e8, 0x2e4, 0x2e0, 0x2cc, 0x2c4, 0x24c, 0x1d8 |
ID | #12 |
OS PID | 0x244 |
OS Parent PID | 0x1c4 |
Image Name | svchost.exe |
Page Root | 0x19d94000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\svchost.exe -k DcomLaunch |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
svchost.exe.mui | 0x00020000 | 0x00020fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
locale.nls | 0x00060000 | 0x000c6fff | mapped_file | |
private_0x00000000000d0000 | 0x000d0000 | 0x0014ffff | private | |
private_0x0000000000150000 | 0x00150000 | 0x0024ffff | private | |
private_0x0000000000250000 | 0x00250000 | 0x0034ffff | private | |
pagefile_0x0000000000350000 | 0x00350000 | 0x0040ffff | pagefile_backed | |
private_0x0000000000410000 | 0x00410000 | 0x0048ffff | private | |
private_0x0000000000490000 | 0x00490000 | 0x00490fff | private | |
private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | private | |
setupapi.dll.mui | 0x004b0000 | 0x004bcfff | mapped_file | |
pagefile_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | pagefile_backed | |
private_0x00000000004d0000 | 0x004d0000 | 0x004dffff | private | |
pagefile_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | pagefile_backed | |
pagefile_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | pagefile_backed | |
pagefile_0x0000000000500000 | 0x00500000 | 0x00500fff | pagefile_backed | |
pagefile_0x0000000000510000 | 0x00510000 | 0x00510fff | pagefile_backed | |
private_0x00000000005b0000 | 0x005b0000 | 0x0062ffff | private | |
private_0x0000000000650000 | 0x00650000 | 0x006cffff | private | |
SortDefault.nls | 0x00700000 | 0x009cefff | mapped_file | |
pagefile_0x00000000009d0000 | 0x009d0000 | 0x00b57fff | pagefile_backed | |
pagefile_0x0000000000b60000 | 0x00b60000 | 0x00ce0fff | pagefile_backed | |
private_0x0000000000d60000 | 0x00d60000 | 0x00ddffff | private | |
private_0x0000000000e00000 | 0x00e00000 | 0x00e0ffff | private | |
private_0x0000000000e60000 | 0x00e60000 | 0x00edffff | private | |
private_0x0000000000f90000 | 0x00f90000 | 0x0100ffff | private | |
private_0x00000000010b0000 | 0x010b0000 | 0x011affff | private | |
private_0x00000000011b0000 | 0x011b0000 | 0x0122ffff | private | |
private_0x0000000001250000 | 0x01250000 | 0x012cffff | private | |
private_0x00000000012e0000 | 0x012e0000 | 0x0135ffff | private | |
private_0x0000000001370000 | 0x01370000 | 0x013effff | private | |
private_0x00000000013f0000 | 0x013f0000 | 0x0146ffff | private | |
private_0x0000000001470000 | 0x01470000 | 0x014effff | private | |
private_0x00000000014f0000 | 0x014f0000 | 0x0156ffff | private | |
private_0x00000000015a0000 | 0x015a0000 | 0x0161ffff | private | |
private_0x0000000001710000 | 0x01710000 | 0x0178ffff | private | |
private_0x0000000001790000 | 0x01790000 | 0x0188ffff | private | |
private_0x0000000001960000 | 0x01960000 | 0x019dffff | private | |
private_0x0000000001a20000 | 0x01a20000 | 0x01a9ffff | private | |
private_0x0000000001aa0000 | 0x01aa0000 | 0x01b9ffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
svchost.exe | 0xff920000 | 0xff92afff | mapped_file | |
wmiutils.dll | 0x7fef8de0000 | 0x7fef8e05fff | mapped_file | |
wbemsvc.dll | 0x7fef8e80000 | 0x7fef8e93fff | mapped_file | |
wbemprox.dll | 0x7fef90f0000 | 0x7fef90fefff | mapped_file | |
ntdsapi.dll | 0x7fef9100000 | 0x7fef9126fff | mapped_file | |
fastprox.dll | 0x7fef9130000 | 0x7fef9211fff | mapped_file | |
WmiDcPrv.dll | 0x7fef9220000 | 0x7fef9251fff | mapped_file | |
wbemcomn.dll | 0x7fef9490000 | 0x7fef9515fff | mapped_file | |
wtsapi32.dll | 0x7fefb6c0000 | 0x7fefb6d0fff | mapped_file | |
ntmarta.dll | 0x7fefc370000 | 0x7fefc39cfff | mapped_file | |
rpcss.dll | 0x7fefc670000 | 0x7fefc6f0fff | mapped_file | |
umpo.dll | 0x7fefc700000 | 0x7fefc72bfff | mapped_file | |
gpapi.dll | 0x7fefc730000 | 0x7fefc74afff | mapped_file | |
devrtl.dll | 0x7fefc750000 | 0x7fefc761fff | mapped_file | |
SPInf.dll | 0x7fefc770000 | 0x7fefc78efff | mapped_file | |
umpnpmgr.dll | 0x7fefc790000 | 0x7fefc7f6fff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
pcwum.dll | 0x7fefc890000 | 0x7fefc89cfff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
apphelp.dll | 0x7fefd280000 | 0x7fefd2d6fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
winsta.dll | 0x7fefd390000 | 0x7fefd3ccfff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
msasn1.dll | 0x7fefd480000 | 0x7fefd48efff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
cfgmgr32.dll | 0x7fefd4a0000 | 0x7fefd4d5fff | mapped_file | |
userenv.dll | 0x7fefd4e0000 | 0x7fefd4fdfff | mapped_file | |
devobj.dll | 0x7fefd520000 | 0x7fefd539fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
wintrust.dll | 0x7fefd5b0000 | 0x7fefd5e9fff | mapped_file | |
crypt32.dll | 0x7fefd610000 | 0x7fefd77bfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
ws2_32.dll | 0x7fefdda0000 | 0x7fefddecfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
Wldap32.dll | 0x7fefe0c0000 | 0x7fefe111fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
setupapi.dll | 0x7fefe430000 | 0x7fefe606fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffff98000 | 0x7fffff98000 | 0x7fffff99fff | private | |
private_0x000007fffff9a000 | 0x7fffff9a000 | 0x7fffff9bfff | private | |
private_0x000007fffff9c000 | 0x7fffff9c000 | 0x7fffff9dfff | private | |
private_0x000007fffff9e000 | 0x7fffff9e000 | 0x7fffff9ffff | private | |
private_0x000007fffffa0000 | 0x7fffffa0000 | 0x7fffffa1fff | private | |
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | private | |
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | private | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffdcfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x278, 0x274, 0x270, 0x26c, 0x268, 0x25c, 0x254, 0x250, 0x248, 0x5e4, 0x5cc, 0x5c8, 0x30c, 0x29c, 0x294, 0x290 |
ID | #13 |
OS PID | 0x288 |
OS Parent PID | 0x1c4 |
Image Name | svchost.exe |
Page Root | 0x1968c000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\svchost.exe -k RPCSS |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
svchost.exe.mui | 0x00020000 | 0x00020fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x000cffff | private | |
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | private | |
locale.nls | 0x000e0000 | 0x00146fff | mapped_file | |
private_0x0000000000150000 | 0x00150000 | 0x00150fff | private | |
private_0x0000000000160000 | 0x00160000 | 0x00160fff | private | |
wshtcpip.dll.mui | 0x00170000 | 0x00170fff | mapped_file | |
wship6.dll.mui | 0x00180000 | 0x00180fff | mapped_file | |
pagefile_0x0000000000190000 | 0x00190000 | 0x00190fff | pagefile_backed | |
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | pagefile_backed | |
private_0x00000000001c0000 | 0x001c0000 | 0x002bffff | private | |
private_0x00000000002c0000 | 0x002c0000 | 0x0033ffff | private | |
private_0x0000000000370000 | 0x00370000 | 0x0037ffff | private | |
private_0x0000000000380000 | 0x00380000 | 0x0047ffff | private | |
private_0x00000000004c0000 | 0x004c0000 | 0x0053ffff | private | |
private_0x0000000000580000 | 0x00580000 | 0x005fffff | private | |
private_0x0000000000640000 | 0x00640000 | 0x006bffff | private | |
pagefile_0x00000000006c0000 | 0x006c0000 | 0x0077ffff | pagefile_backed | |
SortDefault.nls | 0x007b0000 | 0x00a7efff | mapped_file | |
private_0x0000000000a90000 | 0x00a90000 | 0x00b0ffff | private | |
private_0x0000000000b20000 | 0x00b20000 | 0x00b9ffff | private | |
pagefile_0x0000000000ba0000 | 0x00ba0000 | 0x00d27fff | pagefile_backed | |
pagefile_0x0000000000d30000 | 0x00d30000 | 0x00eb0fff | pagefile_backed | |
private_0x0000000000ed0000 | 0x00ed0000 | 0x00f4ffff | private | |
private_0x0000000000f80000 | 0x00f80000 | 0x00ffffff | private | |
private_0x0000000001040000 | 0x01040000 | 0x010bffff | private | |
private_0x00000000010c0000 | 0x010c0000 | 0x011bffff | private | |
private_0x0000000001360000 | 0x01360000 | 0x013dffff | private | |
private_0x0000000001430000 | 0x01430000 | 0x014affff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
svchost.exe | 0xff920000 | 0xff92afff | mapped_file | |
FWPUCLNT.DLL | 0x7fefaa60000 | 0x7fefaab2fff | mapped_file | |
wtsapi32.dll | 0x7fefb6c0000 | 0x7fefb6d0fff | mapped_file | |
version.dll | 0x7fefc570000 | 0x7fefc57bfff | mapped_file | |
FirewallAPI.dll | 0x7fefc580000 | 0x7fefc63afff | mapped_file | |
WSHTCPIP.DLL | 0x7fefc640000 | 0x7fefc646fff | mapped_file | |
RpcEpMap.dll | 0x7fefc650000 | 0x7fefc663fff | mapped_file | |
rpcss.dll | 0x7fefc670000 | 0x7fefc6f0fff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
wship6.dll | 0x7fefcc10000 | 0x7fefcc16fff | mapped_file | |
mswsock.dll | 0x7fefcc20000 | 0x7fefcc74fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
winsta.dll | 0x7fefd390000 | 0x7fefd3ccfff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
ws2_32.dll | 0x7fefdda0000 | 0x7fefddecfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | private | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdefff | private |
OS TIDs |
---|
0x6ac, 0x644, 0x408, 0x34c, 0x2b4, 0x2b0, 0x2ac, 0x2a8, 0x2a0, 0x298, 0x28c |
ID | #14 |
OS PID | 0x2b8 |
OS Parent PID | 0x1c4 |
Image Name | svchost.exe |
Page Root | 0x19457000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|
OS TIDs |
---|
0x2f0, 0x2ec, 0x2d8, 0x2d0, 0x2c8, 0x2bc, 0x9c4, 0x89c, 0x6bc, 0x544, 0x53c, 0x538, 0x258, 0x128, 0x20c, 0x118, 0x3d4, 0x3d0 |
ID | #15 |
OS PID | 0x314 |
OS Parent PID | 0x1c4 |
Image Name | svchost.exe |
Page Root | 0x1d2e2000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
svchost.exe.mui | 0x00020000 | 0x00020fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
private_0x0000000000040000 | 0x00040000 | 0x000bffff | private | |
pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | pagefile_backed | |
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | private | |
locale.nls | 0x000e0000 | 0x00146fff | mapped_file | |
private_0x0000000000150000 | 0x00150000 | 0x00150fff | private | |
private_0x0000000000160000 | 0x00160000 | 0x00160fff | private | |
setupapi.dll.mui | 0x00170000 | 0x0017cfff | mapped_file | |
pagefile_0x0000000000180000 | 0x00180000 | 0x00180fff | pagefile_backed | |
pagefile_0x0000000000190000 | 0x00190000 | 0x00190fff | pagefile_backed | |
private_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | private | |
private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | private | |
pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c1fff | pagefile_backed | |
pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d1fff | pagefile_backed | |
private_0x00000000001e0000 | 0x001e0000 | 0x001effff | private | |
pagefile_0x00000000001f0000 | 0x001f0000 | 0x001f1fff | pagefile_backed | |
private_0x0000000000200000 | 0x00200000 | 0x002fffff | private | |
private_0x0000000000300000 | 0x00300000 | 0x003fffff | private | |
pagefile_0x0000000000400000 | 0x00400000 | 0x00587fff | pagefile_backed | |
pagefile_0x0000000000590000 | 0x00590000 | 0x00710fff | pagefile_backed | |
pagefile_0x0000000000720000 | 0x00720000 | 0x007dffff | pagefile_backed | |
umrdp.dll.mui | 0x007e0000 | 0x007e2fff | mapped_file | |
private_0x00000000007f0000 | 0x007f0000 | 0x0086ffff | private | |
sysmain.dll.mui | 0x00870000 | 0x00874fff | mapped_file | |
pagefile_0x0000000000880000 | 0x00880000 | 0x00880fff | pagefile_backed | |
rasdlg.dll.mui | 0x00890000 | 0x008affff | mapped_file | |
private_0x00000000008b0000 | 0x008b0000 | 0x0092ffff | private | |
pagefile_0x0000000000930000 | 0x00930000 | 0x00930fff | pagefile_backed | |
private_0x0000000000940000 | 0x00940000 | 0x009bffff | private | |
private_0x00000000009e0000 | 0x009e0000 | 0x00a5ffff | private | |
private_0x0000000000a60000 | 0x00a60000 | 0x00adffff | private | |
private_0x0000000000b00000 | 0x00b00000 | 0x00b0ffff | private | |
private_0x0000000000b50000 | 0x00b50000 | 0x00b5ffff | private | |
SortDefault.nls | 0x00bc0000 | 0x00e8efff | mapped_file | |
private_0x0000000000ec0000 | 0x00ec0000 | 0x00f3ffff | private | |
private_0x0000000000f80000 | 0x00f80000 | 0x00ffffff | private | |
private_0x0000000001010000 | 0x01010000 | 0x0108ffff | private | |
private_0x00000000010c0000 | 0x010c0000 | 0x0113ffff | private | |
private_0x0000000001150000 | 0x01150000 | 0x011cffff | private | |
private_0x00000000011f0000 | 0x011f0000 | 0x0126ffff | private | |
private_0x0000000001270000 | 0x01270000 | 0x012effff | private | |
private_0x0000000001320000 | 0x01320000 | 0x0139ffff | private | |
private_0x0000000001410000 | 0x01410000 | 0x0141ffff | private | |
private_0x0000000001420000 | 0x01420000 | 0x0149ffff | private | |
private_0x00000000014d0000 | 0x014d0000 | 0x0154ffff | private | |
private_0x0000000001590000 | 0x01590000 | 0x0159ffff | private | |
private_0x00000000015a0000 | 0x015a0000 | 0x0169ffff | private | |
private_0x00000000016b0000 | 0x016b0000 | 0x0172ffff | private | |
private_0x00000000017a0000 | 0x017a0000 | 0x017affff | private | |
private_0x0000000001800000 | 0x01800000 | 0x018fffff | private | |
private_0x0000000001930000 | 0x01930000 | 0x019affff | private | |
private_0x00000000019c0000 | 0x019c0000 | 0x019cffff | private | |
private_0x0000000001a00000 | 0x01a00000 | 0x01a7ffff | private | |
private_0x0000000001a80000 | 0x01a80000 | 0x01afffff | private | |
private_0x0000000001bd0000 | 0x01bd0000 | 0x01bdffff | private | |
private_0x0000000001be0000 | 0x01be0000 | 0x01beffff | private | |
private_0x0000000001c10000 | 0x01c10000 | 0x01c8ffff | private | |
private_0x0000000001c90000 | 0x01c90000 | 0x01d8ffff | private | |
private_0x0000000001d90000 | 0x01d90000 | 0x01e8ffff | private | |
private_0x0000000001ed0000 | 0x01ed0000 | 0x01edffff | private | |
private_0x0000000001fd0000 | 0x01fd0000 | 0x01fdffff | private | |
private_0x0000000001fe0000 | 0x01fe0000 | 0x020dffff | private | |
private_0x00000000020e0000 | 0x020e0000 | 0x021dffff | private | |
private_0x00000000021e0000 | 0x021e0000 | 0x0225ffff | private | |
private_0x0000000002310000 | 0x02310000 | 0x0240ffff | private | |
private_0x0000000002410000 | 0x02410000 | 0x0250ffff | private | |
private_0x0000000002510000 | 0x02510000 | 0x0270ffff | private | |
private_0x0000000002710000 | 0x02710000 | 0x02f0ffff | private | |
private_0x0000000002f40000 | 0x02f40000 | 0x02fbffff | private | |
private_0x0000000002fc0000 | 0x02fc0000 | 0x03177fff | private | |
private_0x00000000038a0000 | 0x038a0000 | 0x03c9ffff | private | |
private_0x0000000003ca0000 | 0x03ca0000 | 0x0449ffff | private | |
private_0x00000000044a0000 | 0x044a0000 | 0x0546ffff | private | |
sfc.dll | 0x73ec0000 | 0x73ec2fff | mapped_file | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
svchost.exe | 0xff920000 | 0xff92afff | mapped_file | |
rasapi32.dll | 0x7fef47b0000 | 0x7fef4811fff | mapped_file | |
mprapi.dll | 0x7fef4820000 | 0x7fef4859fff | mapped_file | |
rasdlg.dll | 0x7fef4860000 | 0x7fef4937fff | mapped_file | |
netman.dll | 0x7fef4940000 | 0x7fef499bfff | mapped_file | |
netshell.dll | 0x7fef4b60000 | 0x7fef4deafff | mapped_file | |
winspool.drv | 0x7fef7d00000 | 0x7fef7d70fff | mapped_file | |
umrdp.dll | 0x7fef7d80000 | 0x7fef7db8fff | mapped_file | |
Apphlpdm.dll | 0x7fef84a0000 | 0x7fef84abfff | mapped_file | |
wer.dll | 0x7fef87c0000 | 0x7fef883bfff | mapped_file | |
wdi.dll | 0x7fef8930000 | 0x7fef8948fff | mapped_file | |
hnetcfg.dll | 0x7fef8e10000 | 0x7fef8e7afff | mapped_file | |
wbemsvc.dll | 0x7fef8e80000 | 0x7fef8e93fff | mapped_file | |
netcfgx.dll | 0x7fef9060000 | 0x7fef90e3fff | mapped_file | |
wbemprox.dll | 0x7fef90f0000 | 0x7fef90fefff | mapped_file | |
ntdsapi.dll | 0x7fef9100000 | 0x7fef9126fff | mapped_file | |
fastprox.dll | 0x7fef9130000 | 0x7fef9211fff | mapped_file | |
wbemcomn.dll | 0x7fef9490000 | 0x7fef9515fff | mapped_file | |
trkwks.dll | 0x7fef9560000 | 0x7fef9581fff | mapped_file | |
sysmain.dll | 0x7fef9590000 | 0x7fef973dfff | mapped_file | |
sfc_os.dll | 0x7fef9740000 | 0x7fef974ffff | mapped_file | |
aepic.dll | 0x7fef9750000 | 0x7fef9761fff | mapped_file | |
pcasvc.dll | 0x7fef9770000 | 0x7fef97a1fff | mapped_file | |
rasman.dll | 0x7fefa4a0000 | 0x7fefa4bbfff | mapped_file | |
winnsi.dll | 0x7fefabc0000 | 0x7fefabcafff | mapped_file | |
IPHLPAPI.DLL | 0x7fefabd0000 | 0x7fefabf6fff | mapped_file | |
uxsms.dll | 0x7fefac10000 | 0x7fefac1ffff | mapped_file | |
atl.dll | 0x7fefacc0000 | 0x7fefacd8fff | mapped_file | |
slc.dll | 0x7fefad20000 | 0x7fefad2afff | mapped_file | |
dsrole.dll | 0x7fefad30000 | 0x7fefad3bfff | mapped_file | |
nlaapi.dll | 0x7fefad40000 | 0x7fefad54fff | mapped_file | |
mstask.dll | 0x7fefae30000 | 0x7fefae6cfff | mapped_file | |
taskschd.dll | 0x7fefae70000 | 0x7fefaf96fff | mapped_file | |
PeerDist.dll | 0x7fefafa0000 | 0x7fefafcffff | mapped_file | |
cscsvc.dll | 0x7fefafd0000 | 0x7fefb07bfff | mapped_file | |
avrt.dll | 0x7fefb1d0000 | 0x7fefb1d8fff | mapped_file | |
powrprof.dll | 0x7fefb1e0000 | 0x7fefb20bfff | mapped_file | |
audiosrv.dll | 0x7fefb210000 | 0x7fefb2bbfff | mapped_file | |
rtutils.dll | 0x7fefb3f0000 | 0x7fefb400fff | mapped_file | |
wtsapi32.dll | 0x7fefb6c0000 | 0x7fefb6d0fff | mapped_file | |
xmllite.dll | 0x7fefb860000 | 0x7fefb894fff | mapped_file | |
MMDevAPI.dll | 0x7fefb8c0000 | 0x7fefb90afff | mapped_file | |
cscobj.dll | 0x7fefba70000 | 0x7fefbaaefff | mapped_file | |
propsys.dll | 0x7fefbd30000 | 0x7fefbe5bfff | mapped_file | |
comctl32.dll | 0x7fefbe80000 | 0x7fefc073fff | mapped_file | |
ntmarta.dll | 0x7fefc370000 | 0x7fefc39cfff | mapped_file | |
version.dll | 0x7fefc570000 | 0x7fefc57bfff | mapped_file | |
gpapi.dll | 0x7fefc730000 | 0x7fefc74afff | mapped_file | |
devrtl.dll | 0x7fefc750000 | 0x7fefc761fff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
pcwum.dll | 0x7fefc890000 | 0x7fefc89cfff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
authz.dll | 0x7fefce70000 | 0x7fefce9efff | mapped_file | |
wevtapi.dll | 0x7fefceb0000 | 0x7fefcf1cfff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
apphelp.dll | 0x7fefd280000 | 0x7fefd2d6fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
winsta.dll | 0x7fefd390000 | 0x7fefd3ccfff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
msasn1.dll | 0x7fefd480000 | 0x7fefd48efff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
cfgmgr32.dll | 0x7fefd4a0000 | 0x7fefd4d5fff | mapped_file | |
userenv.dll | 0x7fefd4e0000 | 0x7fefd4fdfff | mapped_file | |
devobj.dll | 0x7fefd520000 | 0x7fefd539fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
wintrust.dll | 0x7fefd5b0000 | 0x7fefd5e9fff | mapped_file | |
crypt32.dll | 0x7fefd610000 | 0x7fefd77bfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
ws2_32.dll | 0x7fefdda0000 | 0x7fefddecfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
Wldap32.dll | 0x7fefe0c0000 | 0x7fefe111fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
setupapi.dll | 0x7fefe430000 | 0x7fefe606fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
shell32.dll | 0x7fefe930000 | 0x7feff6b7fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffff92000 | 0x7fffff92000 | 0x7fffff93fff | private | |
private_0x000007fffff94000 | 0x7fffff94000 | 0x7fffff95fff | private | |
private_0x000007fffff96000 | 0x7fffff96000 | 0x7fffff97fff | private | |
private_0x000007fffff98000 | 0x7fffff98000 | 0x7fffff99fff | private | |
private_0x000007fffff9a000 | 0x7fffff9a000 | 0x7fffff9bfff | private | |
private_0x000007fffff9c000 | 0x7fffff9c000 | 0x7fffff9dfff | private | |
private_0x000007fffff9e000 | 0x7fffff9e000 | 0x7fffff9ffff | private | |
private_0x000007fffffa0000 | 0x7fffffa0000 | 0x7fffffa1fff | private | |
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | private | |
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | private | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | private | |
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | private | |
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | private | |
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | private | |
private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | private | |
private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0xa2c, 0x9a8, 0x8e8, 0x6ec, 0x5b4, 0x5a4, 0x59c, 0x168, 0x114, 0x110, 0xbc, 0x64, 0x3f8, 0x3f4, 0x3e4, 0x3d8, 0x37c, 0x364, 0x360, 0x334, 0x318, 0xbcc, 0xbd0 |
ID | #16 |
OS PID | 0x36c |
OS Parent PID | 0x1c4 |
Image Name | svchost.exe |
Page Root | 0x1b0e9000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\svchost.exe -k LocalService |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
svchost.exe.mui | 0x00020000 | 0x00020fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
locale.nls | 0x00060000 | 0x000c6fff | mapped_file | |
pagefile_0x00000000000d0000 | 0x000d0000 | 0x0018ffff | pagefile_backed | |
private_0x0000000000190000 | 0x00190000 | 0x00190fff | private | |
private_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | private | |
private_0x00000000001b0000 | 0x001b0000 | 0x0022ffff | private | |
private_0x0000000000230000 | 0x00230000 | 0x0032ffff | private | |
~FontCache-System.dat | 0x00330000 | 0x0037efff | mapped_file | |
pagefile_0x0000000000380000 | 0x00380000 | 0x00380fff | pagefile_backed | |
es.dll | 0x00390000 | 0x003a0fff | mapped_file | |
stdole2.tlb | 0x003b0000 | 0x003b3fff | mapped_file | |
netprofm.dll.mui | 0x003c0000 | 0x003c1fff | mapped_file | |
pagefile_0x00000000003d0000 | 0x003d0000 | 0x003d1fff | pagefile_backed | |
private_0x00000000003e0000 | 0x003e0000 | 0x003effff | private | |
private_0x0000000000400000 | 0x00400000 | 0x004fffff | private | |
pagefile_0x0000000000500000 | 0x00500000 | 0x00687fff | pagefile_backed | |
pagefile_0x0000000000690000 | 0x00690000 | 0x00810fff | pagefile_backed | |
private_0x0000000000820000 | 0x00820000 | 0x0091ffff | private | |
private_0x0000000000930000 | 0x00930000 | 0x009affff | private | |
private_0x00000000009d0000 | 0x009d0000 | 0x00a4ffff | private | |
private_0x0000000000a80000 | 0x00a80000 | 0x00a8ffff | private | |
private_0x0000000000ac0000 | 0x00ac0000 | 0x00b3ffff | private | |
private_0x0000000000b50000 | 0x00b50000 | 0x00bcffff | private | |
SortDefault.nls | 0x00c00000 | 0x00ecefff | mapped_file | |
private_0x0000000000f20000 | 0x00f20000 | 0x00f9ffff | private | |
private_0x0000000001010000 | 0x01010000 | 0x0108ffff | private | |
~FontCache-FontFace.dat | 0x01090000 | 0x0208ffff | mapped_file | |
private_0x00000000020e0000 | 0x020e0000 | 0x0215ffff | private | |
private_0x0000000002160000 | 0x02160000 | 0x021dffff | private | |
private_0x0000000002270000 | 0x02270000 | 0x022effff | private | |
private_0x00000000022f0000 | 0x022f0000 | 0x023effff | private | |
private_0x0000000002490000 | 0x02490000 | 0x0250ffff | private | |
private_0x0000000002530000 | 0x02530000 | 0x0253ffff | private | |
private_0x0000000002560000 | 0x02560000 | 0x025dffff | private | |
private_0x0000000002610000 | 0x02610000 | 0x0268ffff | private | |
private_0x0000000002690000 | 0x02690000 | 0x0270ffff | private | |
private_0x0000000002790000 | 0x02790000 | 0x0280ffff | private | |
private_0x00000000028c0000 | 0x028c0000 | 0x0293ffff | private | |
private_0x0000000002940000 | 0x02940000 | 0x029bffff | private | |
private_0x00000000029c0000 | 0x029c0000 | 0x02a3ffff | private | |
private_0x0000000002a80000 | 0x02a80000 | 0x02a8ffff | private | |
private_0x0000000002a90000 | 0x02a90000 | 0x02b0ffff | private | |
private_0x0000000002bc0000 | 0x02bc0000 | 0x02c3ffff | private | |
private_0x0000000002c40000 | 0x02c40000 | 0x02d3ffff | private | |
KernelBase.dll.mui | 0x02d40000 | 0x02dfffff | mapped_file | |
private_0x0000000002fa0000 | 0x02fa0000 | 0x0301ffff | private | |
private_0x0000000003020000 | 0x03020000 | 0x0321ffff | private | |
sfc.dll | 0x73ec0000 | 0x73ec2fff | mapped_file | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
svchost.exe | 0xff920000 | 0xff92afff | mapped_file | |
winrnr.dll | 0x7fef7c60000 | 0x7fef7c6afff | mapped_file | |
pnrpnsp.dll | 0x7fef7c70000 | 0x7fef7c88fff | mapped_file | |
NapiNSP.dll | 0x7fef7c90000 | 0x7fef7ca4fff | mapped_file | |
wer.dll | 0x7fef87c0000 | 0x7fef883bfff | mapped_file | |
perftrack.dll | 0x7fef8840000 | 0x7fef8917fff | mapped_file | |
npmproxy.dll | 0x7fef8920000 | 0x7fef892bfff | mapped_file | |
wdi.dll | 0x7fef8930000 | 0x7fef8948fff | mapped_file | |
rasadhlp.dll | 0x7fef8b70000 | 0x7fef8b77fff | mapped_file | |
netprofm.dll | 0x7fef8b80000 | 0x7fef8bf3fff | mapped_file | |
sfc_os.dll | 0x7fef9740000 | 0x7fef974ffff | mapped_file | |
aepic.dll | 0x7fef9750000 | 0x7fef9761fff | mapped_file | |
webio.dll | 0x7fefa370000 | 0x7fefa3d3fff | mapped_file | |
winhttp.dll | 0x7fefa3e0000 | 0x7fefa450fff | mapped_file | |
dhcpcsvc.dll | 0x7fefaa10000 | 0x7fefaa27fff | mapped_file | |
dhcpcsvc6.dll | 0x7fefaa30000 | 0x7fefaa40fff | mapped_file | |
FWPUCLNT.DLL | 0x7fefaa60000 | 0x7fefaab2fff | mapped_file | |
nsisvc.dll | 0x7fefaba0000 | 0x7fefaba9fff | mapped_file | |
winnsi.dll | 0x7fefabc0000 | 0x7fefabcafff | mapped_file | |
IPHLPAPI.DLL | 0x7fefabd0000 | 0x7fefabf6fff | mapped_file | |
es.dll | 0x7fefac40000 | 0x7fefaca6fff | mapped_file | |
nlaapi.dll | 0x7fefad40000 | 0x7fefad54fff | mapped_file | |
FntCache.dll | 0x7fefb0a0000 | 0x7fefb1c3fff | mapped_file | |
dwmapi.dll | 0x7fefb8a0000 | 0x7fefb8b7fff | mapped_file | |
version.dll | 0x7fefc570000 | 0x7fefc57bfff | mapped_file | |
WSHTCPIP.DLL | 0x7fefc640000 | 0x7fefc646fff | mapped_file | |
gpapi.dll | 0x7fefc730000 | 0x7fefc74afff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
dnsapi.dll | 0x7fefcaa0000 | 0x7fefcafafff | mapped_file | |
wship6.dll | 0x7fefcc10000 | 0x7fefcc16fff | mapped_file | |
mswsock.dll | 0x7fefcc20000 | 0x7fefcc74fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
sxs.dll | 0x7fefd2f0000 | 0x7fefd380fff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
ws2_32.dll | 0x7fefdda0000 | 0x7fefddecfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffff96000 | 0x7fffff96000 | 0x7fffff97fff | private | |
private_0x000007fffff98000 | 0x7fffff98000 | 0x7fffff99fff | private | |
private_0x000007fffff9a000 | 0x7fffff9a000 | 0x7fffff9bfff | private | |
private_0x000007fffff9c000 | 0x7fffff9c000 | 0x7fffff9dfff | private | |
private_0x000007fffff9e000 | 0x7fffff9e000 | 0x7fffff9ffff | private | |
private_0x000007fffffa0000 | 0x7fffffa0000 | 0x7fffffa1fff | private | |
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | private | |
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | private | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdafff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x6a8, 0x6a4, 0x690, 0x68c, 0x568, 0x140, 0x144, 0x3a4, 0x3a0, 0x388, 0x384, 0x378, 0x370, 0x814, 0x720, 0x704, 0x6f4, 0x6b0 |
ID | #17 |
OS PID | 0x394 |
OS Parent PID | 0x1c4 |
Image Name | svchost.exe |
Page Root | 0x1b3f5000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\svchost.exe -k netsvcs |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
svchost.exe.mui | 0x00020000 | 0x00020fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
locale.nls | 0x00060000 | 0x000c6fff | mapped_file | |
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | private | |
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | private | |
pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | pagefile_backed | |
pagefile_0x0000000000100000 | 0x00100000 | 0x00100fff | pagefile_backed | |
pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | pagefile_backed | |
setupapi.dll.mui | 0x00120000 | 0x0012cfff | mapped_file | |
taskcomp.dll.mui | 0x00130000 | 0x00133fff | mapped_file | |
schedsvc.dll.mui | 0x00140000 | 0x00149fff | mapped_file | |
private_0x0000000000150000 | 0x00150000 | 0x0015ffff | private | |
private_0x0000000000160000 | 0x00160000 | 0x00160fff | private | |
private_0x0000000000170000 | 0x00170000 | 0x001effff | private | |
private_0x00000000001f0000 | 0x001f0000 | 0x0026ffff | private | |
private_0x0000000000270000 | 0x00270000 | 0x0036ffff | private | |
pagefile_0x0000000000370000 | 0x00370000 | 0x0042ffff | pagefile_backed | |
pagefile_0x0000000000430000 | 0x00430000 | 0x00431fff | pagefile_backed | |
private_0x0000000000440000 | 0x00440000 | 0x0053ffff | private | |
pagefile_0x0000000000540000 | 0x00540000 | 0x006c7fff | pagefile_backed | |
pagefile_0x00000000006d0000 | 0x006d0000 | 0x00850fff | pagefile_backed | |
cversions.2.db | 0x00860000 | 0x00863fff | mapped_file | |
pagefile_0x0000000000870000 | 0x00870000 | 0x00871fff | pagefile_backed | |
private_0x0000000000880000 | 0x00880000 | 0x008fffff | private | |
cversions.2.db | 0x00900000 | 0x00903fff | mapped_file | |
propsys.dll.mui | 0x00910000 | 0x0091dfff | mapped_file | |
private_0x0000000000920000 | 0x00920000 | 0x0099ffff | private | |
private_0x00000000009a0000 | 0x009a0000 | 0x00a1ffff | private | |
wshtcpip.dll.mui | 0x00a20000 | 0x00a20fff | mapped_file | |
private_0x0000000000a30000 | 0x00a30000 | 0x00aaffff | private | |
wship6.dll.mui | 0x00ab0000 | 0x00ab0fff | mapped_file | |
private_0x0000000000ac0000 | 0x00ac0000 | 0x00b3ffff | private | |
{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000013.db | 0x00b40000 | 0x00b6ffff | mapped_file | |
vsstrace.dll.mui | 0x00b70000 | 0x00b77fff | mapped_file | |
pagefile_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | pagefile_backed | |
pagefile_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | pagefile_backed | |
certprop.dll.mui | 0x00ba0000 | 0x00ba1fff | mapped_file | |
pagefile_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | pagefile_backed | |
private_0x0000000000bc0000 | 0x00bc0000 | 0x00c3ffff | private | |
SortDefault.nls | 0x00c40000 | 0x00f0efff | mapped_file | |
{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | 0x00f10000 | 0x00f75fff | mapped_file | |
crypt32.dll.mui | 0x00f80000 | 0x00f88fff | mapped_file | |
private_0x0000000000f90000 | 0x00f90000 | 0x0100ffff | private | |
FirewallAPI.dll.mui | 0x01010000 | 0x0102bfff | mapped_file | |
netcfgx.dll.mui | 0x01030000 | 0x01035fff | mapped_file | |
private_0x0000000001070000 | 0x01070000 | 0x010effff | private | |
private_0x0000000001130000 | 0x01130000 | 0x011affff | private | |
private_0x0000000001210000 | 0x01210000 | 0x0128ffff | private | |
private_0x00000000012f0000 | 0x012f0000 | 0x0136ffff | private | |
private_0x0000000001370000 | 0x01370000 | 0x013effff | private | |
private_0x0000000001400000 | 0x01400000 | 0x0147ffff | private | |
private_0x0000000001480000 | 0x01480000 | 0x014fffff | private | |
private_0x0000000001510000 | 0x01510000 | 0x0158ffff | private | |
private_0x00000000015f0000 | 0x015f0000 | 0x0166ffff | private | |
private_0x0000000001670000 | 0x01670000 | 0x0176ffff | private | |
private_0x0000000001780000 | 0x01780000 | 0x017fffff | private | |
private_0x0000000001810000 | 0x01810000 | 0x0188ffff | private | |
private_0x0000000001900000 | 0x01900000 | 0x0197ffff | private | |
private_0x0000000001990000 | 0x01990000 | 0x01a0ffff | private | |
private_0x0000000001a10000 | 0x01a10000 | 0x01a8ffff | private | |
private_0x0000000001a90000 | 0x01a90000 | 0x01b0ffff | private | |
private_0x0000000001b10000 | 0x01b10000 | 0x01c0ffff | private | |
private_0x0000000001c40000 | 0x01c40000 | 0x01cbffff | private | |
private_0x0000000001cc0000 | 0x01cc0000 | 0x01d3ffff | private | |
private_0x0000000001d80000 | 0x01d80000 | 0x01dfffff | private | |
private_0x0000000001e00000 | 0x01e00000 | 0x01e7ffff | private | |
private_0x0000000001e90000 | 0x01e90000 | 0x01f0ffff | private | |
private_0x0000000001f10000 | 0x01f10000 | 0x0200ffff | private | |
private_0x0000000002070000 | 0x02070000 | 0x020effff | private | |
private_0x0000000002120000 | 0x02120000 | 0x0219ffff | private | |
pagefile_0x00000000021a0000 | 0x021a0000 | 0x0229ffff | pagefile_backed | |
private_0x00000000022b0000 | 0x022b0000 | 0x0232ffff | private | |
private_0x0000000002390000 | 0x02390000 | 0x0240ffff | private | |
private_0x0000000002450000 | 0x02450000 | 0x024cffff | private | |
private_0x00000000024e0000 | 0x024e0000 | 0x0255ffff | private | |
private_0x0000000002580000 | 0x02580000 | 0x0258ffff | private | |
private_0x00000000025e0000 | 0x025e0000 | 0x0265ffff | private | |
private_0x0000000002660000 | 0x02660000 | 0x026dffff | private | |
private_0x0000000002700000 | 0x02700000 | 0x0277ffff | private | |
private_0x00000000027a0000 | 0x027a0000 | 0x0281ffff | private | |
private_0x0000000002870000 | 0x02870000 | 0x0287ffff | private | |
private_0x00000000028c0000 | 0x028c0000 | 0x0293ffff | private | |
private_0x0000000002940000 | 0x02940000 | 0x02a3ffff | private | |
private_0x0000000002aa0000 | 0x02aa0000 | 0x02b1ffff | private | |
private_0x0000000002b30000 | 0x02b30000 | 0x02baffff | private | |
private_0x0000000002bb0000 | 0x02bb0000 | 0x02caffff | private | |
private_0x0000000002d00000 | 0x02d00000 | 0x02d7ffff | private | |
private_0x0000000002d90000 | 0x02d90000 | 0x02d9ffff | private | |
private_0x0000000002da0000 | 0x02da0000 | 0x02e1ffff | private | |
private_0x0000000002e20000 | 0x02e20000 | 0x02f1ffff | private | |
private_0x0000000002f80000 | 0x02f80000 | 0x02ffffff | private | |
private_0x0000000003000000 | 0x03000000 | 0x0307ffff | private | |
private_0x00000000030c0000 | 0x030c0000 | 0x0313ffff | private | |
private_0x00000000031b0000 | 0x031b0000 | 0x0322ffff | private | |
private_0x0000000003250000 | 0x03250000 | 0x032cffff | private | |
private_0x00000000032e0000 | 0x032e0000 | 0x0335ffff | private | |
private_0x00000000033a0000 | 0x033a0000 | 0x033affff | private | |
private_0x00000000033b0000 | 0x033b0000 | 0x0342ffff | private | |
private_0x0000000003430000 | 0x03430000 | 0x034affff | private | |
private_0x00000000034b0000 | 0x034b0000 | 0x0352ffff | private | |
private_0x0000000003580000 | 0x03580000 | 0x0358ffff | private | |
private_0x00000000035a0000 | 0x035a0000 | 0x0361ffff | private | |
private_0x00000000036b0000 | 0x036b0000 | 0x038affff | private | |
private_0x00000000038b0000 | 0x038b0000 | 0x0392ffff | private | |
private_0x0000000003940000 | 0x03940000 | 0x039bffff | private | |
private_0x00000000039d0000 | 0x039d0000 | 0x03a4ffff | private | |
private_0x0000000003a80000 | 0x03a80000 | 0x03afffff | private | |
private_0x0000000003b20000 | 0x03b20000 | 0x03b9ffff | private | |
private_0x0000000003bf0000 | 0x03bf0000 | 0x03c6ffff | private | |
private_0x0000000003c80000 | 0x03c80000 | 0x03cfffff | private | |
private_0x0000000003dd0000 | 0x03dd0000 | 0x03e4ffff | private | |
private_0x0000000003f00000 | 0x03f00000 | 0x03f7ffff | private | |
private_0x0000000003fd0000 | 0x03fd0000 | 0x0404ffff | private | |
private_0x0000000004070000 | 0x04070000 | 0x040effff | private | |
private_0x0000000004130000 | 0x04130000 | 0x0422ffff | private | |
private_0x0000000004240000 | 0x04240000 | 0x042bffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
svchost.exe | 0xff920000 | 0xff92afff | mapped_file | |
tcpipcfg.dll | 0x7fef3f20000 | 0x7fef3f61fff | mapped_file | |
rascfg.dll | 0x7fef3f70000 | 0x7fef3f89fff | mapped_file | |
aelupsvc.dll | 0x7fef3fa0000 | 0x7fef3fb4fff | mapped_file | |
ndiscapCfg.dll | 0x7fef3fc0000 | 0x7fef3fcefff | mapped_file | |
appinfo.dll | 0x7fef4790000 | 0x7fef47a4fff | mapped_file | |
mprapi.dll | 0x7fef4820000 | 0x7fef4859fff | mapped_file | |
SessEnv.dll | 0x7fef7cb0000 | 0x7fef7cd3fff | mapped_file | |
certprop.dll | 0x7fef7ce0000 | 0x7fef7cf6fff | mapped_file | |
actxprxy.dll | 0x7fef7dc0000 | 0x7fef7eadfff | mapped_file | |
npmproxy.dll | 0x7fef8920000 | 0x7fef892bfff | mapped_file | |
rasadhlp.dll | 0x7fef8b70000 | 0x7fef8b77fff | mapped_file | |
netprofm.dll | 0x7fef8b80000 | 0x7fef8bf3fff | mapped_file | |
wbemess.dll | 0x7fef8c00000 | 0x7fef8c7dfff | mapped_file | |
ncobjapi.dll | 0x7fef8c80000 | 0x7fef8c95fff | mapped_file | |
WmiPrvSD.dll | 0x7fef8ca0000 | 0x7fef8d5bfff | mapped_file | |
repdrvfs.dll | 0x7fef8d60000 | 0x7fef8dd2fff | mapped_file | |
wmiutils.dll | 0x7fef8de0000 | 0x7fef8e05fff | mapped_file | |
hnetcfg.dll | 0x7fef8e10000 | 0x7fef8e7afff | mapped_file | |
wbemsvc.dll | 0x7fef8e80000 | 0x7fef8e93fff | mapped_file | |
esscli.dll | 0x7fef8ea0000 | 0x7fef8f0efff | mapped_file | |
wbemcore.dll | 0x7fef8f10000 | 0x7fef903efff | mapped_file | |
nci.dll | 0x7fef9040000 | 0x7fef9059fff | mapped_file | |
netcfgx.dll | 0x7fef9060000 | 0x7fef90e3fff | mapped_file | |
wbemprox.dll | 0x7fef90f0000 | 0x7fef90fefff | mapped_file | |
ntdsapi.dll | 0x7fef9100000 | 0x7fef9126fff | mapped_file | |
fastprox.dll | 0x7fef9130000 | 0x7fef9211fff | mapped_file | |
resutils.dll | 0x7fef9260000 | 0x7fef9278fff | mapped_file | |
clusapi.dll | 0x7fef9280000 | 0x7fef92cffff | mapped_file | |
sscore.dll | 0x7fef92d0000 | 0x7fef92d7fff | mapped_file | |
browser.dll | 0x7fef92e0000 | 0x7fef9304fff | mapped_file | |
srvsvc.dll | 0x7fef9310000 | 0x7fef934cfff | mapped_file | |
wdscore.dll | 0x7fef9350000 | 0x7fef9396fff | mapped_file | |
sqmapi.dll | 0x7fef93a0000 | 0x7fef93e1fff | mapped_file | |
iphlpsvc.dll | 0x7fef93f0000 | 0x7fef9481fff | mapped_file | |
wbemcomn.dll | 0x7fef9490000 | 0x7fef9515fff | mapped_file | |
wbemcomn.dll | 0x7fef9490000 | 0x7fef9515fff | mapped_file | |
WMIsvc.dll | 0x7fef9520000 | 0x7fef955ffff | mapped_file | |
WMIsvc.dll | 0x7fef9520000 | 0x7fef955ffff | mapped_file | |
IKEEXT.DLL | 0x7fef9860000 | 0x7fef9936fff | mapped_file | |
vsstrace.dll | 0x7fef9b90000 | 0x7fef9ba6fff | mapped_file | |
vssapi.dll | 0x7fef9bb0000 | 0x7fef9d5ffff | mapped_file | |
TSChannel.dll | 0x7fef9df0000 | 0x7fef9df8fff | mapped_file | |
WinSCard.dll | 0x7fefa460000 | 0x7fefa497fff | mapped_file | |
taskcomp.dll | 0x7fefa610000 | 0x7fefa686fff | mapped_file | |
ktmw32.dll | 0x7fefa750000 | 0x7fefa759fff | mapped_file | |
schedsvc.dll | 0x7fefa760000 | 0x7fefa871fff | mapped_file | |
wiarpc.dll | 0x7fefa920000 | 0x7fefa92efff | mapped_file | |
fvecerts.dll | 0x7fefa930000 | 0x7fefa938fff | mapped_file | |
tbs.dll | 0x7fefa940000 | 0x7fefa948fff | mapped_file | |
fveapi.dll | 0x7fefa950000 | 0x7fefa9a5fff | mapped_file | |
shsvcs.dll | 0x7fefa9b0000 | 0x7fefaa0dfff | mapped_file | |
dhcpcsvc.dll | 0x7fefaa10000 | 0x7fefaa27fff | mapped_file | |
dhcpcsvc6.dll | 0x7fefaa30000 | 0x7fefaa40fff | mapped_file | |
FWPUCLNT.DLL | 0x7fefaa60000 | 0x7fefaab2fff | mapped_file | |
winnsi.dll | 0x7fefabc0000 | 0x7fefabcafff | mapped_file | |
IPHLPAPI.DLL | 0x7fefabd0000 | 0x7fefabf6fff | mapped_file | |
Sens.dll | 0x7fefac20000 | 0x7fefac33fff | mapped_file | |
es.dll | 0x7fefac40000 | 0x7fefaca6fff | mapped_file | |
themeservice.dll | 0x7fefacb0000 | 0x7fefacbffff | mapped_file | |
atl.dll | 0x7fefacc0000 | 0x7fefacd8fff | mapped_file | |
profsvc.dll | 0x7feface0000 | 0x7fefad16fff | mapped_file | |
slc.dll | 0x7fefad20000 | 0x7fefad2afff | mapped_file | |
dsrole.dll | 0x7fefad30000 | 0x7fefad3bfff | mapped_file | |
nlaapi.dll | 0x7fefad40000 | 0x7fefad54fff | mapped_file | |
mmcss.dll | 0x7fefb080000 | 0x7fefb09cfff | mapped_file | |
avrt.dll | 0x7fefb1d0000 | 0x7fefb1d8fff | mapped_file | |
rtutils.dll | 0x7fefb3f0000 | 0x7fefb400fff | mapped_file | |
samcli.dll | 0x7fefb540000 | 0x7fefb553fff | mapped_file | |
wkscli.dll | 0x7fefb560000 | 0x7fefb574fff | mapped_file | |
netutils.dll | 0x7fefb580000 | 0x7fefb58bfff | mapped_file | |
netapi32.dll | 0x7fefb590000 | 0x7fefb5a5fff | mapped_file | |
wtsapi32.dll | 0x7fefb6c0000 | 0x7fefb6d0fff | mapped_file | |
xmllite.dll | 0x7fefb860000 | 0x7fefb894fff | mapped_file | |
uxtheme.dll | 0x7fefbcd0000 | 0x7fefbd25fff | mapped_file | |
propsys.dll | 0x7fefbd30000 | 0x7fefbe5bfff | mapped_file | |
samlib.dll | 0x7fefbe60000 | 0x7fefbe7cfff | mapped_file | |
comctl32.dll | 0x7fefbe80000 | 0x7fefc073fff | mapped_file | |
ntmarta.dll | 0x7fefc370000 | 0x7fefc39cfff | mapped_file | |
version.dll | 0x7fefc570000 | 0x7fefc57bfff | mapped_file | |
FirewallAPI.dll | 0x7fefc580000 | 0x7fefc63afff | mapped_file | |
WSHTCPIP.DLL | 0x7fefc640000 | 0x7fefc646fff | mapped_file | |
gpapi.dll | 0x7fefc730000 | 0x7fefc74afff | mapped_file | |
devrtl.dll | 0x7fefc750000 | 0x7fefc761fff | mapped_file | |
SPInf.dll | 0x7fefc770000 | 0x7fefc78efff | mapped_file | |
ubpm.dll | 0x7fefc840000 | 0x7fefc878fff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
pcwum.dll | 0x7fefc890000 | 0x7fefc89cfff | mapped_file | |
bcryptprimitives.dll | 0x7fefc8c0000 | 0x7fefc90bfff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
logoncli.dll | 0x7fefca70000 | 0x7fefca9ffff | mapped_file | |
dnsapi.dll | 0x7fefcaa0000 | 0x7fefcafafff | mapped_file | |
wship6.dll | 0x7fefcc10000 | 0x7fefcc16fff | mapped_file | |
mswsock.dll | 0x7fefcc20000 | 0x7fefcc74fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
netjoin.dll | 0x7fefcd90000 | 0x7fefcdc1fff | mapped_file | |
wmsgapi.dll | 0x7fefcdd0000 | 0x7fefcdd7fff | mapped_file | |
sysntfy.dll | 0x7fefcde0000 | 0x7fefcde9fff | mapped_file | |
bcrypt.dll | 0x7fefcdf0000 | 0x7fefce11fff | mapped_file | |
ncrypt.dll | 0x7fefce20000 | 0x7fefce6cfff | mapped_file | |
authz.dll | 0x7fefce70000 | 0x7fefce9efff | mapped_file | |
wevtapi.dll | 0x7fefceb0000 | 0x7fefcf1cfff | mapped_file | |
cryptdll.dll | 0x7fefcf20000 | 0x7fefcf33fff | mapped_file | |
srvcli.dll | 0x7fefd180000 | 0x7fefd1a2fff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
apphelp.dll | 0x7fefd280000 | 0x7fefd2d6fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
sxs.dll | 0x7fefd2f0000 | 0x7fefd380fff | mapped_file | |
winsta.dll | 0x7fefd390000 | 0x7fefd3ccfff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
msasn1.dll | 0x7fefd480000 | 0x7fefd48efff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
cfgmgr32.dll | 0x7fefd4a0000 | 0x7fefd4d5fff | mapped_file | |
userenv.dll | 0x7fefd4e0000 | 0x7fefd4fdfff | mapped_file | |
devobj.dll | 0x7fefd520000 | 0x7fefd539fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
wintrust.dll | 0x7fefd5b0000 | 0x7fefd5e9fff | mapped_file | |
crypt32.dll | 0x7fefd610000 | 0x7fefd77bfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
ws2_32.dll | 0x7fefdda0000 | 0x7fefddecfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
Wldap32.dll | 0x7fefe0c0000 | 0x7fefe111fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
setupapi.dll | 0x7fefe430000 | 0x7fefe606fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
shell32.dll | 0x7fefe930000 | 0x7feff6b7fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffff50000 | 0x7fffff50000 | 0x7fffff51fff | private | |
private_0x000007fffff52000 | 0x7fffff52000 | 0x7fffff53fff | private | |
private_0x000007fffff54000 | 0x7fffff54000 | 0x7fffff55fff | private | |
private_0x000007fffff56000 | 0x7fffff56000 | 0x7fffff57fff | private | |
private_0x000007fffff58000 | 0x7fffff58000 | 0x7fffff59fff | private | |
private_0x000007fffff5a000 | 0x7fffff5a000 | 0x7fffff5bfff | private | |
private_0x000007fffff5c000 | 0x7fffff5c000 | 0x7fffff5dfff | private | |
private_0x000007fffff5e000 | 0x7fffff5e000 | 0x7fffff5ffff | private | |
private_0x000007fffff60000 | 0x7fffff60000 | 0x7fffff61fff | private | |
private_0x000007fffff62000 | 0x7fffff62000 | 0x7fffff63fff | private | |
private_0x000007fffff64000 | 0x7fffff64000 | 0x7fffff65fff | private | |
private_0x000007fffff66000 | 0x7fffff66000 | 0x7fffff67fff | private | |
private_0x000007fffff68000 | 0x7fffff68000 | 0x7fffff69fff | private | |
private_0x000007fffff6a000 | 0x7fffff6a000 | 0x7fffff6bfff | private | |
private_0x000007fffff6c000 | 0x7fffff6c000 | 0x7fffff6dfff | private | |
private_0x000007fffff6e000 | 0x7fffff6e000 | 0x7fffff6ffff | private | |
private_0x000007fffff70000 | 0x7fffff70000 | 0x7fffff71fff | private | |
private_0x000007fffff74000 | 0x7fffff74000 | 0x7fffff75fff | private | |
private_0x000007fffff76000 | 0x7fffff76000 | 0x7fffff77fff | private | |
private_0x000007fffff78000 | 0x7fffff78000 | 0x7fffff79fff | private | |
private_0x000007fffff7a000 | 0x7fffff7a000 | 0x7fffff7bfff | private | |
private_0x000007fffff7c000 | 0x7fffff7c000 | 0x7fffff7dfff | private | |
private_0x000007fffff7e000 | 0x7fffff7e000 | 0x7fffff7ffff | private | |
private_0x000007fffff80000 | 0x7fffff80000 | 0x7fffff81fff | private | |
private_0x000007fffff82000 | 0x7fffff82000 | 0x7fffff83fff | private | |
private_0x000007fffff84000 | 0x7fffff84000 | 0x7fffff85fff | private | |
private_0x000007fffff86000 | 0x7fffff86000 | 0x7fffff87fff | private | |
private_0x000007fffff88000 | 0x7fffff88000 | 0x7fffff89fff | private | |
private_0x000007fffff8a000 | 0x7fffff8a000 | 0x7fffff8bfff | private | |
private_0x000007fffff8c000 | 0x7fffff8c000 | 0x7fffff8dfff | private | |
private_0x000007fffff8e000 | 0x7fffff8e000 | 0x7fffff8ffff | private | |
private_0x000007fffff90000 | 0x7fffff90000 | 0x7fffff91fff | private | |
private_0x000007fffff92000 | 0x7fffff92000 | 0x7fffff93fff | private | |
private_0x000007fffff94000 | 0x7fffff94000 | 0x7fffff95fff | private | |
private_0x000007fffff96000 | 0x7fffff96000 | 0x7fffff97fff | private | |
private_0x000007fffff98000 | 0x7fffff98000 | 0x7fffff99fff | private | |
private_0x000007fffff9a000 | 0x7fffff9a000 | 0x7fffff9bfff | private | |
private_0x000007fffff9c000 | 0x7fffff9c000 | 0x7fffff9dfff | private | |
private_0x000007fffff9e000 | 0x7fffff9e000 | 0x7fffff9ffff | private | |
private_0x000007fffffa0000 | 0x7fffffa0000 | 0x7fffffa1fff | private | |
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | private | |
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | private | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdafff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x628, 0x61c, 0x618, 0x614, 0x608, 0x604, 0x5fc, 0x5f4, 0x5ec, 0x5e8, 0x5d8, 0x5c4, 0x5bc, 0x5ac, 0x58c, 0x470, 0x44c, 0x43c, 0x418, 0x414, 0x410, 0x3ac, 0x14c, 0x3c8, 0x124, 0x11c, 0x120, 0x3c0, 0x3bc, 0x3b8, 0x3b0, 0x3a8, 0x398, 0xab4, 0xab0, 0xaac, 0xaa8, 0x768, 0x7fc, 0x78c, 0x788, 0x778, 0x774, 0x770, 0x724, 0x71c, 0x6f8, 0x6f0, 0x6c8, 0x638, 0x630, 0x62c |
ID | #18 |
OS PID | 0x3dc |
OS Parent PID | 0x1c4 |
Image Name | svchost.exe |
Page Root | 0x1af3b000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\svchost.exe -k GPSvcGroup |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
svchost.exe.mui | 0x00020000 | 0x00020fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
locale.nls | 0x00060000 | 0x000c6fff | mapped_file | |
pagefile_0x00000000000d0000 | 0x000d0000 | 0x0018ffff | pagefile_backed | |
private_0x0000000000190000 | 0x00190000 | 0x0020ffff | private | |
private_0x0000000000210000 | 0x00210000 | 0x0030ffff | private | |
private_0x0000000000310000 | 0x00310000 | 0x00310fff | private | |
private_0x0000000000320000 | 0x00320000 | 0x0041ffff | private | |
pagefile_0x0000000000420000 | 0x00420000 | 0x005a7fff | pagefile_backed | |
private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | private | |
private_0x00000000005c0000 | 0x005c0000 | 0x005cffff | private | |
pagefile_0x00000000005d0000 | 0x005d0000 | 0x00750fff | pagefile_backed | |
private_0x0000000000760000 | 0x00760000 | 0x007dffff | private | |
gpsvc.dll.mui | 0x007e0000 | 0x007eafff | mapped_file | |
private_0x0000000000810000 | 0x00810000 | 0x0088ffff | private | |
private_0x0000000000970000 | 0x00970000 | 0x009effff | private | |
private_0x0000000000a50000 | 0x00a50000 | 0x00acffff | private | |
SortDefault.nls | 0x00ad0000 | 0x00d9efff | mapped_file | |
private_0x0000000000e00000 | 0x00e00000 | 0x00e7ffff | private | |
private_0x0000000000e80000 | 0x00e80000 | 0x00e8ffff | private | |
private_0x0000000001010000 | 0x01010000 | 0x0108ffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
svchost.exe | 0xff920000 | 0xff92afff | mapped_file | |
slc.dll | 0x7fefad20000 | 0x7fefad2afff | mapped_file | |
dsrole.dll | 0x7fefad30000 | 0x7fefad3bfff | mapped_file | |
nlaapi.dll | 0x7fefad40000 | 0x7fefad54fff | mapped_file | |
gpsvc.dll | 0x7fefad60000 | 0x7fefae21fff | mapped_file | |
samlib.dll | 0x7fefbe60000 | 0x7fefbe7cfff | mapped_file | |
gpapi.dll | 0x7fefc730000 | 0x7fefc74afff | mapped_file | |
sysntfy.dll | 0x7fefcde0000 | 0x7fefcde9fff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
Wldap32.dll | 0x7fefe0c0000 | 0x7fefe111fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | private | |
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | private | |
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | private | |
private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | private | |
private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | private | |
private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x420, 0x284, 0xe4, 0x3fc, 0x3e8, 0x3e0 |
ID | #19 |
OS PID | 0x1d0 |
OS Parent PID | 0x1c4 |
Image Name | svchost.exe |
Page Root | 0x169d3000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\svchost.exe -k NetworkService |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
svchost.exe.mui | 0x00020000 | 0x00020fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
locale.nls | 0x00060000 | 0x000c6fff | mapped_file | |
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | private | |
private_0x00000000000e0000 | 0x000e0000 | 0x0015ffff | private | |
private_0x0000000000160000 | 0x00160000 | 0x0025ffff | private | |
private_0x0000000000260000 | 0x00260000 | 0x00260fff | private | |
vsstrace.dll.mui | 0x00270000 | 0x00277fff | mapped_file | |
pagefile_0x0000000000280000 | 0x00280000 | 0x00280fff | pagefile_backed | |
pagefile_0x0000000000290000 | 0x00290000 | 0x00290fff | pagefile_backed | |
private_0x00000000002a0000 | 0x002a0000 | 0x002affff | private | |
termsrv.dll.mui | 0x002b0000 | 0x002b9fff | mapped_file | |
private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | private | |
private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | private | |
setupapi.dll.mui | 0x002e0000 | 0x002ecfff | mapped_file | |
private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | private | |
private_0x0000000000300000 | 0x00300000 | 0x003fffff | private | |
pagefile_0x0000000000400000 | 0x00400000 | 0x00587fff | pagefile_backed | |
pagefile_0x0000000000590000 | 0x00590000 | 0x00710fff | pagefile_backed | |
pagefile_0x0000000000720000 | 0x00720000 | 0x007dffff | pagefile_backed | |
private_0x00000000007e0000 | 0x007e0000 | 0x007f9fff | private | |
private_0x0000000000800000 | 0x00800000 | 0x0087ffff | private | |
private_0x0000000000880000 | 0x00880000 | 0x0088ffff | private | |
private_0x0000000000890000 | 0x00890000 | 0x0089ffff | private | |
private_0x00000000008a0000 | 0x008a0000 | 0x008affff | private | |
private_0x00000000008b0000 | 0x008b0000 | 0x0092ffff | private | |
private_0x0000000000930000 | 0x00930000 | 0x00930fff | private | |
private_0x0000000000940000 | 0x00940000 | 0x00941fff | private | |
private_0x0000000000950000 | 0x00950000 | 0x00954fff | private | |
private_0x0000000000960000 | 0x00960000 | 0x009dffff | private | |
private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | private | |
private_0x00000000009f0000 | 0x009f0000 | 0x00a6ffff | private | |
private_0x0000000000a70000 | 0x00a70000 | 0x00a7ffff | private | |
private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | private | |
catdb | 0x00a90000 | 0x00a9ffff | mapped_file | |
private_0x0000000000aa0000 | 0x00aa0000 | 0x00b1ffff | private | |
private_0x0000000000b20000 | 0x00b20000 | 0x00b9ffff | private | |
SortDefault.nls | 0x00ba0000 | 0x00e6efff | mapped_file | |
catdb | 0x00e70000 | 0x00e7ffff | mapped_file | |
private_0x0000000000e80000 | 0x00e80000 | 0x00efffff | private | |
pagefile_0x0000000000f00000 | 0x00f00000 | 0x00f0ffff | pagefile_backed | |
pagefile_0x0000000000f10000 | 0x00f10000 | 0x00f1ffff | pagefile_backed | |
pagefile_0x0000000000f20000 | 0x00f20000 | 0x00f2ffff | pagefile_backed | |
pagefile_0x0000000000f30000 | 0x00f30000 | 0x00f3ffff | pagefile_backed | |
pagefile_0x0000000000f40000 | 0x00f40000 | 0x00f4ffff | pagefile_backed | |
pagefile_0x0000000000f50000 | 0x00f50000 | 0x00f5ffff | pagefile_backed | |
private_0x0000000000f60000 | 0x00f60000 | 0x00fdffff | private | |
catdb | 0x00fe0000 | 0x00feffff | mapped_file | |
catdb | 0x00ff0000 | 0x00ffffff | mapped_file | |
private_0x0000000001000000 | 0x01000000 | 0x0107ffff | private | |
private_0x0000000001080000 | 0x01080000 | 0x010fffff | private | |
pagefile_0x0000000001100000 | 0x01100000 | 0x0110ffff | pagefile_backed | |
pagefile_0x0000000001110000 | 0x01110000 | 0x0111ffff | pagefile_backed | |
pagefile_0x0000000001120000 | 0x01120000 | 0x0112ffff | pagefile_backed | |
pagefile_0x0000000001130000 | 0x01130000 | 0x0113ffff | pagefile_backed | |
pagefile_0x0000000001140000 | 0x01140000 | 0x0114ffff | pagefile_backed | |
pagefile_0x0000000001150000 | 0x01150000 | 0x0115ffff | pagefile_backed | |
catdb | 0x01160000 | 0x0116ffff | mapped_file | |
catdb | 0x01170000 | 0x0117ffff | mapped_file | |
private_0x0000000001180000 | 0x01180000 | 0x0118ffff | private | |
private_0x00000000011a0000 | 0x011a0000 | 0x0121ffff | private | |
catdb | 0x01220000 | 0x0122ffff | mapped_file | |
catdb | 0x01230000 | 0x0123ffff | mapped_file | |
catdb | 0x01240000 | 0x0124ffff | mapped_file | |
private_0x0000000001250000 | 0x01250000 | 0x012cffff | private | |
private_0x00000000012d0000 | 0x012d0000 | 0x013cffff | private | |
catdb | 0x013d0000 | 0x013dffff | mapped_file | |
catdb | 0x013e0000 | 0x013effff | mapped_file | |
catdb | 0x013f0000 | 0x013fffff | mapped_file | |
catdb | 0x01400000 | 0x0140ffff | mapped_file | |
catdb | 0x01480000 | 0x0148ffff | mapped_file | |
private_0x0000000001490000 | 0x01490000 | 0x0149ffff | private | |
private_0x00000000014a0000 | 0x014a0000 | 0x014affff | private | |
private_0x00000000014b0000 | 0x014b0000 | 0x014bffff | private | |
private_0x00000000014c0000 | 0x014c0000 | 0x014cffff | private | |
private_0x00000000014d0000 | 0x014d0000 | 0x014dffff | private | |
private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | private | |
private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | private | |
private_0x0000000001500000 | 0x01500000 | 0x0157ffff | private | |
private_0x0000000001580000 | 0x01580000 | 0x0158ffff | private | |
private_0x00000000015a0000 | 0x015a0000 | 0x0161ffff | private | |
private_0x0000000001660000 | 0x01660000 | 0x0166ffff | private | |
private_0x0000000001670000 | 0x01670000 | 0x0176ffff | private | |
private_0x00000000017a0000 | 0x017a0000 | 0x0181ffff | private | |
private_0x0000000001820000 | 0x01820000 | 0x0191ffff | private | |
private_0x0000000001920000 | 0x01920000 | 0x01a1ffff | private | |
private_0x0000000001ab0000 | 0x01ab0000 | 0x01b2ffff | private | |
private_0x0000000001b50000 | 0x01b50000 | 0x01bcffff | private | |
private_0x0000000001c00000 | 0x01c00000 | 0x01c7ffff | private | |
private_0x0000000001ca0000 | 0x01ca0000 | 0x01d1ffff | private | |
private_0x0000000001d20000 | 0x01d20000 | 0x01d9ffff | private | |
private_0x0000000001da0000 | 0x01da0000 | 0x01e1ffff | private | |
private_0x0000000001e40000 | 0x01e40000 | 0x01ebffff | private | |
private_0x0000000001ee0000 | 0x01ee0000 | 0x01f5ffff | private | |
KernelBase.dll.mui | 0x01f60000 | 0x0201ffff | mapped_file | |
private_0x0000000002040000 | 0x02040000 | 0x0204ffff | private | |
private_0x00000000020e0000 | 0x020e0000 | 0x020effff | private | |
private_0x0000000002150000 | 0x02150000 | 0x021cffff | private | |
private_0x00000000021d0000 | 0x021d0000 | 0x022cffff | private | |
private_0x0000000002370000 | 0x02370000 | 0x0237ffff | private | |
private_0x00000000023a0000 | 0x023a0000 | 0x0241ffff | private | |
private_0x0000000002420000 | 0x02420000 | 0x0261ffff | private | |
private_0x0000000002620000 | 0x02620000 | 0x0271ffff | private | |
private_0x0000000002720000 | 0x02720000 | 0x0371ffff | private | |
private_0x0000000003860000 | 0x03860000 | 0x038dffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
psapi.dll | 0x77840000 | 0x77846fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
svchost.exe | 0xff920000 | 0xff92afff | mapped_file | |
esent.dll | 0x7fef79d0000 | 0x7fef7c49fff | mapped_file | |
rdpwsx.dll | 0x7fef7eb0000 | 0x7fef7ec6fff | mapped_file | |
rdpcorekmts.dll | 0x7fef7ed0000 | 0x7fef7ef9fff | mapped_file | |
umb.dll | 0x7fef7f00000 | 0x7fef7f12fff | mapped_file | |
d3d8thk.dll | 0x7fef7f20000 | 0x7fef7f26fff | mapped_file | |
d3d9.dll | 0x7fef7f30000 | 0x7fef812efff | mapped_file | |
tlscsp.dll | 0x7fef8130000 | 0x7fef8145fff | mapped_file | |
rdpcorets.dll | 0x7fef8150000 | 0x7fef8470fff | mapped_file | |
regapi.dll | 0x7fef8480000 | 0x7fef849afff | mapped_file | |
lsmproxy.dll | 0x7fef84f0000 | 0x7fef8500fff | mapped_file | |
icaapi.dll | 0x7fef8700000 | 0x7fef8709fff | mapped_file | |
termsrv.dll | 0x7fef8710000 | 0x7fef87b9fff | mapped_file | |
rasadhlp.dll | 0x7fef8b70000 | 0x7fef8b77fff | mapped_file | |
ssdpapi.dll | 0x7fef97b0000 | 0x7fef97c0fff | mapped_file | |
ncsi.dll | 0x7fef97d0000 | 0x7fef9808fff | mapped_file | |
nlasvc.dll | 0x7fef9810000 | 0x7fef985dfff | mapped_file | |
vsstrace.dll | 0x7fef9b90000 | 0x7fef9ba6fff | mapped_file | |
vssapi.dll | 0x7fef9bb0000 | 0x7fef9d5ffff | mapped_file | |
cryptnet.dll | 0x7fef9d60000 | 0x7fef9d86fff | mapped_file | |
cryptsvc.dll | 0x7fef9d90000 | 0x7fef9dc1fff | mapped_file | |
wkssvc.dll | 0x7fef9dd0000 | 0x7fef9deffff | mapped_file | |
webio.dll | 0x7fefa370000 | 0x7fefa3d3fff | mapped_file | |
winhttp.dll | 0x7fefa3e0000 | 0x7fefa450fff | mapped_file | |
dhcpcsvc.dll | 0x7fefaa10000 | 0x7fefaa27fff | mapped_file | |
dhcpcsvc6.dll | 0x7fefaa30000 | 0x7fefaa40fff | mapped_file | |
dnsext.dll | 0x7fefaa50000 | 0x7fefaa56fff | mapped_file | |
FWPUCLNT.DLL | 0x7fefaa60000 | 0x7fefaab2fff | mapped_file | |
dnsrslvr.dll | 0x7fefaac0000 | 0x7fefaaeffff | mapped_file | |
winnsi.dll | 0x7fefabc0000 | 0x7fefabcafff | mapped_file | |
IPHLPAPI.DLL | 0x7fefabd0000 | 0x7fefabf6fff | mapped_file | |
es.dll | 0x7fefac40000 | 0x7fefaca6fff | mapped_file | |
atl.dll | 0x7fefacc0000 | 0x7fefacd8fff | mapped_file | |
slc.dll | 0x7fefad20000 | 0x7fefad2afff | mapped_file | |
samcli.dll | 0x7fefb540000 | 0x7fefb553fff | mapped_file | |
wkscli.dll | 0x7fefb560000 | 0x7fefb574fff | mapped_file | |
netutils.dll | 0x7fefb580000 | 0x7fefb58bfff | mapped_file | |
wtsapi32.dll | 0x7fefb6c0000 | 0x7fefb6d0fff | mapped_file | |
dwmapi.dll | 0x7fefb8a0000 | 0x7fefb8b7fff | mapped_file | |
propsys.dll | 0x7fefbd30000 | 0x7fefbe5bfff | mapped_file | |
samlib.dll | 0x7fefbe60000 | 0x7fefbe7cfff | mapped_file | |
ntmarta.dll | 0x7fefc370000 | 0x7fefc39cfff | mapped_file | |
version.dll | 0x7fefc570000 | 0x7fefc57bfff | mapped_file | |
WSHTCPIP.DLL | 0x7fefc640000 | 0x7fefc646fff | mapped_file | |
gpapi.dll | 0x7fefc730000 | 0x7fefc74afff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
pcwum.dll | 0x7fefc890000 | 0x7fefc89cfff | mapped_file | |
bcryptprimitives.dll | 0x7fefc8c0000 | 0x7fefc90bfff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
dnsapi.dll | 0x7fefcaa0000 | 0x7fefcafafff | mapped_file | |
wship6.dll | 0x7fefcc10000 | 0x7fefcc16fff | mapped_file | |
mswsock.dll | 0x7fefcc20000 | 0x7fefcc74fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
netjoin.dll | 0x7fefcd90000 | 0x7fefcdc1fff | mapped_file | |
bcrypt.dll | 0x7fefcdf0000 | 0x7fefce11fff | mapped_file | |
ncrypt.dll | 0x7fefce20000 | 0x7fefce6cfff | mapped_file | |
wevtapi.dll | 0x7fefceb0000 | 0x7fefcf1cfff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
winsta.dll | 0x7fefd390000 | 0x7fefd3ccfff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
msasn1.dll | 0x7fefd480000 | 0x7fefd48efff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
cfgmgr32.dll | 0x7fefd4a0000 | 0x7fefd4d5fff | mapped_file | |
userenv.dll | 0x7fefd4e0000 | 0x7fefd4fdfff | mapped_file | |
devobj.dll | 0x7fefd520000 | 0x7fefd539fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
wintrust.dll | 0x7fefd5b0000 | 0x7fefd5e9fff | mapped_file | |
crypt32.dll | 0x7fefd610000 | 0x7fefd77bfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
ws2_32.dll | 0x7fefdda0000 | 0x7fefddecfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
Wldap32.dll | 0x7fefe0c0000 | 0x7fefe111fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
setupapi.dll | 0x7fefe430000 | 0x7fefe606fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
shell32.dll | 0x7fefe930000 | 0x7feff6b7fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffff88000 | 0x7fffff88000 | 0x7fffff89fff | private | |
private_0x000007fffff8a000 | 0x7fffff8a000 | 0x7fffff8bfff | private | |
private_0x000007fffff8c000 | 0x7fffff8c000 | 0x7fffff8dfff | private | |
private_0x000007fffff8e000 | 0x7fffff8e000 | 0x7fffff8ffff | private | |
private_0x000007fffff90000 | 0x7fffff90000 | 0x7fffff91fff | private | |
private_0x000007fffff92000 | 0x7fffff92000 | 0x7fffff93fff | private | |
private_0x000007fffff94000 | 0x7fffff94000 | 0x7fffff95fff | private | |
private_0x000007fffff96000 | 0x7fffff96000 | 0x7fffff97fff | private | |
private_0x000007fffff98000 | 0x7fffff98000 | 0x7fffff99fff | private | |
private_0x000007fffff9a000 | 0x7fffff9a000 | 0x7fffff9bfff | private | |
private_0x000007fffff9c000 | 0x7fffff9c000 | 0x7fffff9dfff | private | |
private_0x000007fffff9e000 | 0x7fffff9e000 | 0x7fffff9ffff | private | |
private_0x000007fffffa0000 | 0x7fffffa0000 | 0x7fffffa1fff | private | |
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | private | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | private | |
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | private | |
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | private | |
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | private | |
private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | private | |
private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0xaec, 0x9f8, 0x524, 0x75c, 0x758, 0x750, 0x72c, 0x728, 0x6d8, 0x6d4, 0x648, 0x60c, 0x5f8, 0x5dc, 0x5a8, 0x560, 0x540, 0x150, 0x108, 0x3cc, 0x39c, 0x2fc, 0x2a4, 0x12c, 0x208 |
ID | #20 |
OS PID | 0x464 |
OS Parent PID | 0x1c4 |
Image Name | spoolsv.exe |
Page Root | 0x1380c000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\System32\spoolsv.exe |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|
OS TIDs |
---|
0x990, 0x550, 0x548, 0x50c, 0x500, 0x4f8, 0x354, 0x35c, 0x77c, 0x76c, 0x488, 0x484, 0x480, 0x47c, 0x474, 0x468 |
ID | #21 |
OS PID | 0x48c |
OS Parent PID | 0x1c4 |
Image Name | taskhost.exe |
Page Root | 0x134cf000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | "taskhost.exe" |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
taskhost.exe.mui | 0x00020000 | 0x00020fff | mapped_file | |
private_0x0000000000030000 | 0x00030000 | 0x000affff | private | |
pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b3fff | pagefile_backed | |
private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | private | |
locale.nls | 0x000d0000 | 0x00136fff | mapped_file | |
private_0x0000000000140000 | 0x00140000 | 0x00140fff | private | |
private_0x0000000000150000 | 0x00150000 | 0x00150fff | private | |
pagefile_0x0000000000160000 | 0x00160000 | 0x00160fff | pagefile_backed | |
private_0x0000000000170000 | 0x00170000 | 0x0026ffff | private | |
pagefile_0x0000000000270000 | 0x00270000 | 0x00270fff | pagefile_backed | |
pagefile_0x0000000000280000 | 0x00280000 | 0x00280fff | pagefile_backed | |
private_0x0000000000290000 | 0x00290000 | 0x002a9fff | private | |
MsCtfMonitor.dll.mui | 0x002b0000 | 0x002b0fff | mapped_file | |
pagefile_0x00000000002c0000 | 0x002c0000 | 0x002c1fff | pagefile_backed | |
msutb.dll.mui | 0x002d0000 | 0x002d1fff | mapped_file | |
private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | private | |
private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | private | |
private_0x0000000000300000 | 0x00300000 | 0x0030ffff | private | |
private_0x0000000000310000 | 0x00310000 | 0x0031ffff | private | |
private_0x0000000000320000 | 0x00320000 | 0x0041ffff | private | |
pagefile_0x0000000000420000 | 0x00420000 | 0x005a7fff | pagefile_backed | |
pagefile_0x00000000005b0000 | 0x005b0000 | 0x00730fff | pagefile_backed | |
pagefile_0x0000000000740000 | 0x00740000 | 0x01b3ffff | pagefile_backed | |
winmm.dll.mui | 0x01b40000 | 0x01b45fff | mapped_file | |
private_0x0000000001b50000 | 0x01b50000 | 0x01b50fff | private | |
pagefile_0x0000000001b60000 | 0x01b60000 | 0x01b6ffff | pagefile_backed | |
pagefile_0x0000000001b70000 | 0x01b70000 | 0x01b7ffff | pagefile_backed | |
pagefile_0x0000000001b80000 | 0x01b80000 | 0x01b8ffff | pagefile_backed | |
pagefile_0x0000000001b90000 | 0x01b90000 | 0x01b9ffff | pagefile_backed | |
pagefile_0x0000000001ba0000 | 0x01ba0000 | 0x01baffff | pagefile_backed | |
pagefile_0x0000000001bb0000 | 0x01bb0000 | 0x01bbffff | pagefile_backed | |
private_0x0000000001bc0000 | 0x01bc0000 | 0x01bc7fff | private | |
private_0x0000000001bd0000 | 0x01bd0000 | 0x01bdffff | private | |
private_0x0000000001be0000 | 0x01be0000 | 0x01c5ffff | private | |
pagefile_0x0000000001c60000 | 0x01c60000 | 0x01d3efff | pagefile_backed | |
private_0x0000000001d40000 | 0x01d40000 | 0x01dbffff | private | |
KernelBase.dll.mui | 0x01dc0000 | 0x01e7ffff | mapped_file | |
private_0x0000000001e80000 | 0x01e80000 | 0x01efffff | private | |
private_0x0000000001f00000 | 0x01f00000 | 0x01f3ffff | private | |
private_0x0000000001f40000 | 0x01f40000 | 0x01f4ffff | private | |
private_0x0000000001f50000 | 0x01f50000 | 0x01f5ffff | private | |
private_0x0000000001f60000 | 0x01f60000 | 0x01f60fff | private | |
private_0x0000000001f70000 | 0x01f70000 | 0x01f71fff | private | |
private_0x0000000001f80000 | 0x01f80000 | 0x01ffffff | private | |
private_0x0000000002000000 | 0x02000000 | 0x0207ffff | private | |
private_0x0000000002080000 | 0x02080000 | 0x02080fff | private | |
private_0x0000000002090000 | 0x02090000 | 0x0209ffff | private | |
private_0x00000000020a0000 | 0x020a0000 | 0x020a7fff | private | |
private_0x00000000020b0000 | 0x020b0000 | 0x020bffff | private | |
private_0x00000000020c0000 | 0x020c0000 | 0x020cffff | private | |
private_0x00000000020d0000 | 0x020d0000 | 0x0214ffff | private | |
pagefile_0x0000000002150000 | 0x02150000 | 0x0215ffff | pagefile_backed | |
pagefile_0x0000000002160000 | 0x02160000 | 0x0216ffff | pagefile_backed | |
pagefile_0x0000000002170000 | 0x02170000 | 0x0217ffff | pagefile_backed | |
pagefile_0x0000000002180000 | 0x02180000 | 0x0218ffff | pagefile_backed | |
pagefile_0x0000000002190000 | 0x02190000 | 0x0219ffff | pagefile_backed | |
pagefile_0x00000000021a0000 | 0x021a0000 | 0x021affff | pagefile_backed | |
private_0x00000000021b0000 | 0x021b0000 | 0x0222ffff | private | |
WebCacheV01.dat | 0x02230000 | 0x0223ffff | mapped_file | |
private_0x0000000002240000 | 0x02240000 | 0x022bffff | private | |
WebCacheV01.dat | 0x022c0000 | 0x022cffff | mapped_file | |
private_0x00000000022d0000 | 0x022d0000 | 0x0234ffff | private | |
WebCacheV01.dat | 0x02350000 | 0x0235ffff | mapped_file | |
private_0x0000000002360000 | 0x02360000 | 0x02367fff | private | |
WebCacheV01.dat | 0x02370000 | 0x0237ffff | mapped_file | |
WebCacheV01.dat | 0x02380000 | 0x0238ffff | mapped_file | |
WebCacheV01.dat | 0x02390000 | 0x0239ffff | mapped_file | |
WebCacheV01.dat | 0x023a0000 | 0x023affff | mapped_file | |
WebCacheV01.dat | 0x023b0000 | 0x023bffff | mapped_file | |
private_0x00000000023c0000 | 0x023c0000 | 0x024bffff | private | |
SortDefault.nls | 0x024c0000 | 0x0278efff | mapped_file | |
private_0x0000000002790000 | 0x02790000 | 0x0280ffff | private | |
WebCacheV01.dat | 0x02810000 | 0x0281ffff | mapped_file | |
WebCacheV01.dat | 0x02820000 | 0x0282ffff | mapped_file | |
WebCacheV01.dat | 0x02830000 | 0x0283ffff | mapped_file | |
WebCacheV01.dat | 0x02840000 | 0x0284ffff | mapped_file | |
WebCacheV01.dat | 0x02850000 | 0x0285ffff | mapped_file | |
WebCacheV01.dat | 0x02860000 | 0x0286ffff | mapped_file | |
private_0x0000000002870000 | 0x02870000 | 0x028effff | private | |
WebCacheV01.dat | 0x028f0000 | 0x028fffff | mapped_file | |
private_0x0000000002900000 | 0x02900000 | 0x0290ffff | private | |
private_0x0000000002910000 | 0x02910000 | 0x0291ffff | private | |
private_0x0000000002920000 | 0x02920000 | 0x0299ffff | private | |
private_0x00000000029a0000 | 0x029a0000 | 0x02a9ffff | private | |
private_0x0000000002aa0000 | 0x02aa0000 | 0x03a9ffff | private | |
pagefile_0x0000000003aa0000 | 0x03aa0000 | 0x03b0ffff | pagefile_backed | |
pagefile_0x0000000003b10000 | 0x03b10000 | 0x03b7ffff | pagefile_backed | |
private_0x0000000003b80000 | 0x03b80000 | 0x03b8ffff | private | |
private_0x0000000003b90000 | 0x03b90000 | 0x03b97fff | private | |
private_0x0000000003ba0000 | 0x03ba0000 | 0x03ba7fff | private | |
pagefile_0x0000000003bb0000 | 0x03bb0000 | 0x03bbffff | pagefile_backed | |
setupapi.dll.mui | 0x03bc0000 | 0x03bccfff | mapped_file | |
private_0x0000000003cf0000 | 0x03cf0000 | 0x03d6ffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
normaliz.dll | 0x77830000 | 0x77832fff | mapped_file | |
psapi.dll | 0x77840000 | 0x77846fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
taskhost.exe | 0xff430000 | 0xff443fff | mapped_file | |
AuxiliaryDisplayServices.dll | 0x7fef4150000 | 0x7fef4173fff | mapped_file | |
winmm.dll | 0x7fef7990000 | 0x7fef79cafff | mapped_file | |
esent.dll | 0x7fef79d0000 | 0x7fef7c49fff | mapped_file | |
api-ms-win-downlevel-advapi32-l2-1-0.dll | 0x7fef7c50000 | 0x7fef7c53fff | mapped_file | |
npmproxy.dll | 0x7fef8920000 | 0x7fef892bfff | mapped_file | |
dimsjob.dll | 0x7fef8950000 | 0x7fef895dfff | mapped_file | |
netprofm.dll | 0x7fef8b80000 | 0x7fef8bf3fff | mapped_file | |
PlaySndSrv.dll | 0x7fef9ed0000 | 0x7fef9ee7fff | mapped_file | |
msutb.dll | 0x7fef9ef0000 | 0x7fef9f2cfff | mapped_file | |
MsCtfMonitor.dll | 0x7fef9f30000 | 0x7fef9f3afff | mapped_file | |
HotStartUserAgent.dll | 0x7fef9f40000 | 0x7fef9f4afff | mapped_file | |
slc.dll | 0x7fefad20000 | 0x7fefad2afff | mapped_file | |
dsrole.dll | 0x7fefad30000 | 0x7fefad3bfff | mapped_file | |
nlaapi.dll | 0x7fefad40000 | 0x7fefad54fff | mapped_file | |
taskschd.dll | 0x7fefae70000 | 0x7fefaf96fff | mapped_file | |
wtsapi32.dll | 0x7fefb6c0000 | 0x7fefb6d0fff | mapped_file | |
dwmapi.dll | 0x7fefb8a0000 | 0x7fefb8b7fff | mapped_file | |
uxtheme.dll | 0x7fefbcd0000 | 0x7fefbd25fff | mapped_file | |
sqmapi.dll | 0x7fefc1d0000 | 0x7fefc217fff | mapped_file | |
version.dll | 0x7fefc570000 | 0x7fefc57bfff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
winsta.dll | 0x7fefd390000 | 0x7fefd3ccfff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
cfgmgr32.dll | 0x7fefd4a0000 | 0x7fefd4d5fff | mapped_file | |
userenv.dll | 0x7fefd4e0000 | 0x7fefd4fdfff | mapped_file | |
api-ms-win-downlevel-normaliz-l1-1-0.dll | 0x7fefd500000 | 0x7fefd502fff | mapped_file | |
api-ms-win-downlevel-advapi32-l1-1-0.dll | 0x7fefd510000 | 0x7fefd514fff | mapped_file | |
devobj.dll | 0x7fefd520000 | 0x7fefd539fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
api-ms-win-downlevel-ole32-l1-1-0.dll | 0x7fefd5f0000 | 0x7fefd5f3fff | mapped_file | |
api-ms-win-downlevel-user32-l1-1-0.dll | 0x7fefd600000 | 0x7fefd603fff | mapped_file | |
api-ms-win-downlevel-shlwapi-l1-1-0.dll | 0x7fefd820000 | 0x7fefd823fff | mapped_file | |
api-ms-win-downlevel-version-l1-1-0.dll | 0x7fefd830000 | 0x7fefd833fff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
iertutil.dll | 0x7fefdae0000 | 0x7fefdd8afff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
wininet.dll | 0x7fefde00000 | 0x7fefe030fff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
setupapi.dll | 0x7fefe430000 | 0x7fefe606fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
shell32.dll | 0x7fefe930000 | 0x7feff6b7fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd3fff | private | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0xb98, 0x764, 0x7b0, 0x7a0, 0x79c, 0x798, 0x794, 0x4b4, 0x4ac, 0x4a8, 0x4a0, 0x490 |
ID | #22 |
OS PID | 0x494 |
OS Parent PID | 0x1c4 |
Image Name | svchost.exe |
Page Root | 0x13999000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
svchost.exe.mui | 0x00020000 | 0x00020fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
locale.nls | 0x00060000 | 0x000c6fff | mapped_file | |
pagefile_0x00000000000d0000 | 0x000d0000 | 0x0018ffff | pagefile_backed | |
private_0x0000000000190000 | 0x00190000 | 0x0020ffff | private | |
private_0x0000000000210000 | 0x00210000 | 0x00210fff | private | |
private_0x0000000000220000 | 0x00220000 | 0x00220fff | private | |
bfe.dll.mui | 0x00230000 | 0x00236fff | mapped_file | |
FirewallAPI.dll.mui | 0x00240000 | 0x0025bfff | mapped_file | |
private_0x0000000000260000 | 0x00260000 | 0x00260fff | private | |
pagefile_0x0000000000270000 | 0x00270000 | 0x00270fff | pagefile_backed | |
private_0x0000000000280000 | 0x00280000 | 0x0037ffff | private | |
private_0x0000000000380000 | 0x00380000 | 0x0047ffff | private | |
pagefile_0x0000000000480000 | 0x00480000 | 0x00480fff | pagefile_backed | |
private_0x0000000000490000 | 0x00490000 | 0x00497fff | private | |
private_0x00000000004a0000 | 0x004a0000 | 0x0051ffff | private | |
private_0x0000000000520000 | 0x00520000 | 0x0052ffff | private | |
pagefile_0x0000000000530000 | 0x00530000 | 0x006b7fff | pagefile_backed | |
pagefile_0x00000000006c0000 | 0x006c0000 | 0x00840fff | pagefile_backed | |
pagefile_0x0000000000850000 | 0x00850000 | 0x00850fff | pagefile_backed | |
pagefile_0x00000000008c0000 | 0x008c0000 | 0x008c1fff | pagefile_backed | |
private_0x0000000000900000 | 0x00900000 | 0x0097ffff | private | |
private_0x0000000000990000 | 0x00990000 | 0x00a0ffff | private | |
private_0x0000000000a30000 | 0x00a30000 | 0x00aaffff | private | |
private_0x0000000000b20000 | 0x00b20000 | 0x00b9ffff | private | |
private_0x0000000000bc0000 | 0x00bc0000 | 0x00c3ffff | private | |
SortDefault.nls | 0x00c40000 | 0x00f0efff | mapped_file | |
private_0x0000000000f20000 | 0x00f20000 | 0x00f9ffff | private | |
private_0x0000000000fe0000 | 0x00fe0000 | 0x0105ffff | private | |
private_0x00000000010b0000 | 0x010b0000 | 0x0112ffff | private | |
private_0x0000000001150000 | 0x01150000 | 0x011cffff | private | |
private_0x00000000011e0000 | 0x011e0000 | 0x0125ffff | private | |
private_0x0000000001300000 | 0x01300000 | 0x0137ffff | private | |
private_0x0000000001390000 | 0x01390000 | 0x0140ffff | private | |
private_0x0000000001410000 | 0x01410000 | 0x0148ffff | private | |
private_0x0000000001510000 | 0x01510000 | 0x0158ffff | private | |
private_0x00000000015d0000 | 0x015d0000 | 0x0164ffff | private | |
private_0x0000000001650000 | 0x01650000 | 0x016cffff | private | |
private_0x0000000001720000 | 0x01720000 | 0x0179ffff | private | |
private_0x00000000017b0000 | 0x017b0000 | 0x0182ffff | private | |
private_0x0000000001830000 | 0x01830000 | 0x0192ffff | private | |
private_0x0000000001930000 | 0x01930000 | 0x01a2ffff | private | |
private_0x0000000001aa0000 | 0x01aa0000 | 0x01b1ffff | private | |
private_0x0000000001b40000 | 0x01b40000 | 0x01bbffff | private | |
private_0x0000000001bf0000 | 0x01bf0000 | 0x01c6ffff | private | |
private_0x0000000001c90000 | 0x01c90000 | 0x01c9ffff | private | |
private_0x0000000001cd0000 | 0x01cd0000 | 0x01d4ffff | private | |
private_0x0000000001d50000 | 0x01d50000 | 0x01dcffff | private | |
private_0x0000000001dd0000 | 0x01dd0000 | 0x01e4ffff | private | |
private_0x0000000001e70000 | 0x01e70000 | 0x01eeffff | private | |
private_0x0000000001ef0000 | 0x01ef0000 | 0x01f6ffff | private | |
private_0x0000000001fa0000 | 0x01fa0000 | 0x020bffff | private | |
private_0x00000000020e0000 | 0x020e0000 | 0x0215ffff | private | |
private_0x00000000021d0000 | 0x021d0000 | 0x0224ffff | private | |
private_0x0000000002250000 | 0x02250000 | 0x0244ffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
svchost.exe | 0xff920000 | 0xff92afff | mapped_file | |
wdiasqmmodule.dll | 0x7fef84b0000 | 0x7fef84bcfff | mapped_file | |
radardt.dll | 0x7fef84c0000 | 0x7fef84dcfff | mapped_file | |
pnpts.dll | 0x7fef84e0000 | 0x7fef84e7fff | mapped_file | |
diagperf.dll | 0x7fef8510000 | 0x7fef8659fff | mapped_file | |
npmproxy.dll | 0x7fef8920000 | 0x7fef892bfff | mapped_file | |
wdi.dll | 0x7fef8930000 | 0x7fef8948fff | mapped_file | |
netprofm.dll | 0x7fef8b80000 | 0x7fef8bf3fff | mapped_file | |
wfapigp.dll | 0x7fef9b50000 | 0x7fef9b59fff | mapped_file | |
dps.dll | 0x7fef9b60000 | 0x7fef9b8bfff | mapped_file | |
MPSSVC.dll | 0x7fef9e00000 | 0x7fef9ecdfff | mapped_file | |
BFE.DLL | 0x7fef9f50000 | 0x7fef9ffffff | mapped_file | |
dhcpcsvc.dll | 0x7fefaa10000 | 0x7fefaa27fff | mapped_file | |
dhcpcsvc6.dll | 0x7fefaa30000 | 0x7fefaa40fff | mapped_file | |
FWPUCLNT.DLL | 0x7fefaa60000 | 0x7fefaab2fff | mapped_file | |
winnsi.dll | 0x7fefabc0000 | 0x7fefabcafff | mapped_file | |
IPHLPAPI.DLL | 0x7fefabd0000 | 0x7fefabf6fff | mapped_file | |
slc.dll | 0x7fefad20000 | 0x7fefad2afff | mapped_file | |
nlaapi.dll | 0x7fefad40000 | 0x7fefad54fff | mapped_file | |
taskschd.dll | 0x7fefae70000 | 0x7fefaf96fff | mapped_file | |
wtsapi32.dll | 0x7fefb6c0000 | 0x7fefb6d0fff | mapped_file | |
ntmarta.dll | 0x7fefc370000 | 0x7fefc39cfff | mapped_file | |
version.dll | 0x7fefc570000 | 0x7fefc57bfff | mapped_file | |
FirewallAPI.dll | 0x7fefc580000 | 0x7fefc63afff | mapped_file | |
WSHTCPIP.DLL | 0x7fefc640000 | 0x7fefc646fff | mapped_file | |
gpapi.dll | 0x7fefc730000 | 0x7fefc74afff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
pcwum.dll | 0x7fefc890000 | 0x7fefc89cfff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
wship6.dll | 0x7fefcc10000 | 0x7fefcc16fff | mapped_file | |
mswsock.dll | 0x7fefcc20000 | 0x7fefcc74fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
bcrypt.dll | 0x7fefcdf0000 | 0x7fefce11fff | mapped_file | |
authz.dll | 0x7fefce70000 | 0x7fefce9efff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
cfgmgr32.dll | 0x7fefd4a0000 | 0x7fefd4d5fff | mapped_file | |
userenv.dll | 0x7fefd4e0000 | 0x7fefd4fdfff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
ws2_32.dll | 0x7fefdda0000 | 0x7fefddecfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
Wldap32.dll | 0x7fefe0c0000 | 0x7fefe111fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffff84000 | 0x7fffff84000 | 0x7fffff85fff | private | |
private_0x000007fffff86000 | 0x7fffff86000 | 0x7fffff87fff | private | |
private_0x000007fffff88000 | 0x7fffff88000 | 0x7fffff89fff | private | |
private_0x000007fffff8a000 | 0x7fffff8a000 | 0x7fffff8bfff | private | |
private_0x000007fffff8c000 | 0x7fffff8c000 | 0x7fffff8dfff | private | |
private_0x000007fffff8e000 | 0x7fffff8e000 | 0x7fffff8ffff | private | |
private_0x000007fffff90000 | 0x7fffff90000 | 0x7fffff91fff | private | |
private_0x000007fffff92000 | 0x7fffff92000 | 0x7fffff93fff | private | |
private_0x000007fffff94000 | 0x7fffff94000 | 0x7fffff95fff | private | |
private_0x000007fffff96000 | 0x7fffff96000 | 0x7fffff97fff | private | |
private_0x000007fffff98000 | 0x7fffff98000 | 0x7fffff99fff | private | |
private_0x000007fffff9a000 | 0x7fffff9a000 | 0x7fffff9bfff | private | |
private_0x000007fffff9c000 | 0x7fffff9c000 | 0x7fffff9dfff | private | |
private_0x000007fffff9e000 | 0x7fffff9e000 | 0x7fffff9ffff | private | |
private_0x000007fffffa0000 | 0x7fffffa0000 | 0x7fffffa1fff | private | |
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | private | |
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | private | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | private | |
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd5fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x680, 0x264, 0x590, 0x718, 0x710, 0x70c, 0x708, 0x700, 0x6fc, 0x6c0, 0x694, 0x640, 0x624, 0x578, 0x574, 0x570, 0x56c, 0x554, 0x528, 0x514, 0x510, 0x4f0, 0x4cc, 0x4c4, 0x4bc, 0x4b0, 0x4a4, 0x498 |
ID | #23 |
OS PID | 0x4d8 |
OS Parent PID | 0x394 |
Image Name | taskeng.exe |
Page Root | 0x13694000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | taskeng.exe {156F8AD7-825D-4321-B1E4-BA03D81FD813} S-1-5-21-272637189-1204002015-1709914517-1000:user-PC\user:Interactive:Highest[1] |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
TaskEng.exe.mui | 0x00020000 | 0x00020fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
private_0x0000000000060000 | 0x00060000 | 0x00060fff | private | |
private_0x0000000000070000 | 0x00070000 | 0x00070fff | private | |
pagefile_0x0000000000080000 | 0x00080000 | 0x00080fff | pagefile_backed | |
private_0x00000000000c0000 | 0x000c0000 | 0x001bffff | private | |
private_0x0000000000210000 | 0x00210000 | 0x0028ffff | private | |
locale.nls | 0x00290000 | 0x002f6fff | mapped_file | |
private_0x0000000000300000 | 0x00300000 | 0x003fffff | private | |
private_0x0000000000420000 | 0x00420000 | 0x0042ffff | private | |
pagefile_0x0000000000430000 | 0x00430000 | 0x005b7fff | pagefile_backed | |
pagefile_0x00000000005c0000 | 0x005c0000 | 0x00740fff | pagefile_backed | |
pagefile_0x0000000000750000 | 0x00750000 | 0x01b4ffff | pagefile_backed | |
private_0x0000000001b90000 | 0x01b90000 | 0x01c0ffff | private | |
private_0x0000000001c20000 | 0x01c20000 | 0x01c9ffff | private | |
private_0x0000000001ca0000 | 0x01ca0000 | 0x01d1ffff | private | |
private_0x0000000001d20000 | 0x01d20000 | 0x01e1ffff | private | |
private_0x0000000001e90000 | 0x01e90000 | 0x01f0ffff | private | |
SortDefault.nls | 0x01f10000 | 0x021defff | mapped_file | |
pagefile_0x00000000021e0000 | 0x021e0000 | 0x022befff | pagefile_backed | |
private_0x00000000022c0000 | 0x022c0000 | 0x0233ffff | private | |
private_0x00000000023f0000 | 0x023f0000 | 0x0246ffff | private | |
private_0x0000000002590000 | 0x02590000 | 0x0260ffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
taskeng.exe | 0xff400000 | 0xff473fff | mapped_file | |
TSChannel.dll | 0x7fef9df0000 | 0x7fef9df8fff | mapped_file | |
ktmw32.dll | 0x7fefa750000 | 0x7fefa759fff | mapped_file | |
xmllite.dll | 0x7fefb860000 | 0x7fefb894fff | mapped_file | |
dwmapi.dll | 0x7fefb8a0000 | 0x7fefb8b7fff | mapped_file | |
uxtheme.dll | 0x7fefbcd0000 | 0x7fefbd25fff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
wevtapi.dll | 0x7fefceb0000 | 0x7fefcf1cfff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
apphelp.dll | 0x7fefd280000 | 0x7fefd2d6fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | private | |
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | private | |
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | private | |
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x508, 0x504, 0x4fc, 0x4e4, 0x4e0, 0x4dc |
ID | #24 |
OS PID | 0x558 |
OS Parent PID | 0x1c4 |
Image Name | svchost.exe |
Page Root | 0x12b11000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|
OS TIDs |
---|
0x7ec, 0x780, 0x660, 0x65c, 0x658, 0x654, 0x650, 0x64c, 0x5c0, 0x580, 0x57c, 0x564, 0x55c, 0x5b8, 0x520, 0x518 |
ID | #25 |
OS PID | 0x698 |
OS Parent PID | 0x1c4 |
Image Name | sppsvc.exe |
Page Root | 0x11308000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\sppsvc.exe |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|
OS TIDs |
---|
0x7d0, 0x7c4, 0x6e0, 0x6b8, 0x6b4, 0x6a0, 0x69c |
ID | #26 |
OS PID | 0x6cc |
OS Parent PID | 0x1c4 |
Image Name | svchost.exe |
Page Root | 0x10c12000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|
OS TIDs |
---|
0x358, 0x714, 0x6e8, 0x6e4, 0x6dc, 0x6d0 |
ID | #27 |
OS PID | 0x734 |
OS Parent PID | 0x244 |
Image Name | rundll32.exe |
Page Root | 0x111da000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
rundll32.exe.mui | 0x00020000 | 0x00020fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
locale.nls | 0x00060000 | 0x000c6fff | mapped_file | |
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | private | |
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | private | |
pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f1fff | pagefile_backed | |
pagefile_0x0000000000100000 | 0x00100000 | 0x00100fff | pagefile_backed | |
pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | pagefile_backed | |
pagefile_0x0000000000120000 | 0x00120000 | 0x00121fff | pagefile_backed | |
private_0x0000000000140000 | 0x00140000 | 0x001bffff | private | |
private_0x00000000001c0000 | 0x001c0000 | 0x0023ffff | private | |
private_0x0000000000240000 | 0x00240000 | 0x0033ffff | private | |
pagefile_0x0000000000340000 | 0x00340000 | 0x00341fff | pagefile_backed | |
private_0x0000000000370000 | 0x00370000 | 0x0046ffff | private | |
private_0x0000000000510000 | 0x00510000 | 0x0058ffff | private | |
private_0x00000000005c0000 | 0x005c0000 | 0x005cffff | private | |
pagefile_0x00000000005d0000 | 0x005d0000 | 0x00757fff | pagefile_backed | |
pagefile_0x0000000000760000 | 0x00760000 | 0x008e0fff | pagefile_backed | |
pagefile_0x00000000008f0000 | 0x008f0000 | 0x01ceffff | pagefile_backed | |
private_0x0000000001d60000 | 0x01d60000 | 0x01ddffff | private | |
pagefile_0x0000000001de0000 | 0x01de0000 | 0x01ebefff | pagefile_backed | |
private_0x0000000001ee0000 | 0x01ee0000 | 0x01f5ffff | private | |
SortDefault.nls | 0x01f60000 | 0x0222efff | mapped_file | |
private_0x00000000022a0000 | 0x022a0000 | 0x0231ffff | private | |
private_0x00000000023b0000 | 0x023b0000 | 0x0242ffff | private | |
private_0x0000000002480000 | 0x02480000 | 0x024fffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
rundll32.exe | 0xffae0000 | 0xffaeefff | mapped_file | |
actxprxy.dll | 0x7fef7dc0000 | 0x7fef7eadfff | mapped_file | |
dwmapi.dll | 0x7fefb8a0000 | 0x7fefb8b7fff | mapped_file | |
uxtheme.dll | 0x7fefbcd0000 | 0x7fefbd25fff | mapped_file | |
comctl32.dll | 0x7fefbe80000 | 0x7fefc073fff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
shell32.dll | 0x7fefe930000 | 0x7feff6b7fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
imagehlp.dll | 0x7feff960000 | 0x7feff978fff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd4fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x754, 0x748, 0x744, 0x740, 0x73c, 0x738 |
ID | #28 |
OS PID | 0x688 |
OS Parent PID | 0x1c4 |
Image Name | searchindexer.exe |
Page Root | 0x0f602000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\system32\SearchIndexer.exe /Embedding |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
SearchIndexer.exe.mui | 0x00020000 | 0x00021fff | mapped_file | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
private_0x0000000000060000 | 0x00060000 | 0x00060fff | private | |
private_0x0000000000070000 | 0x00070000 | 0x00070fff | private | |
pagefile_0x0000000000080000 | 0x00080000 | 0x00080fff | pagefile_backed | |
private_0x0000000000090000 | 0x00090000 | 0x0010ffff | private | |
private_0x0000000000110000 | 0x00110000 | 0x0020ffff | private | |
locale.nls | 0x00210000 | 0x00276fff | mapped_file | |
pagefile_0x0000000000280000 | 0x00280000 | 0x00280fff | pagefile_backed | |
pagefile_0x0000000000290000 | 0x00290000 | 0x002a5fff | pagefile_backed | |
private_0x00000000002b0000 | 0x002b0000 | 0x002bffff | private | |
private_0x00000000002c0000 | 0x002c0000 | 0x003bffff | private | |
pagefile_0x00000000003c0000 | 0x003c0000 | 0x00547fff | pagefile_backed | |
pagefile_0x0000000000550000 | 0x00550000 | 0x006d0fff | pagefile_backed | |
pagefile_0x00000000006e0000 | 0x006e0000 | 0x0079ffff | pagefile_backed | |
pagefile_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | pagefile_backed | |
pagefile_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | pagefile_backed | |
pagefile_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | pagefile_backed | |
pagefile_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | pagefile_backed | |
cversions.2.db | 0x007e0000 | 0x007e3fff | mapped_file | |
cversions.2.db | 0x007f0000 | 0x007f3fff | mapped_file | |
private_0x0000000000800000 | 0x00800000 | 0x0080ffff | private | |
{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000013.db | 0x00810000 | 0x0083ffff | mapped_file | |
cversions.2.db | 0x00840000 | 0x00843fff | mapped_file | |
{80CEF694-92F9-4BDC-B349-951A4243108B}.2.ver0x0000000000000001.db | 0x00850000 | 0x00850fff | mapped_file | |
tquery.dll.mui | 0x00860000 | 0x0088ffff | mapped_file | |
private_0x0000000000890000 | 0x00890000 | 0x0090ffff | private | |
private_0x0000000000910000 | 0x00910000 | 0x00a0ffff | private | |
SortDefault.nls | 0x00a10000 | 0x00cdefff | mapped_file | |
private_0x0000000000ce0000 | 0x00ce0000 | 0x00cf9fff | private | |
private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | private | |
private_0x0000000000d10000 | 0x00d10000 | 0x00d17fff | private | |
private_0x0000000000d20000 | 0x00d20000 | 0x00d9ffff | private | |
{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | 0x00da0000 | 0x00e05fff | mapped_file | |
private_0x0000000000e10000 | 0x00e10000 | 0x00e1ffff | private | |
private_0x0000000000e20000 | 0x00e20000 | 0x00e2ffff | private | |
private_0x0000000000e30000 | 0x00e30000 | 0x00e3ffff | private | |
private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | private | |
ESENT.dll.mui | 0x00e50000 | 0x00e67fff | mapped_file | |
private_0x0000000000e70000 | 0x00e70000 | 0x00e71fff | private | |
private_0x0000000000e80000 | 0x00e80000 | 0x00efffff | private | |
private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | private | |
private_0x0000000000f10000 | 0x00f10000 | 0x00f17fff | private | |
private_0x0000000000f20000 | 0x00f20000 | 0x00f27fff | private | |
private_0x0000000000f30000 | 0x00f30000 | 0x00f3ffff | private | |
private_0x0000000000f40000 | 0x00f40000 | 0x00f47fff | private | |
private_0x0000000000f50000 | 0x00f50000 | 0x00f57fff | private | |
private_0x0000000000f60000 | 0x00f60000 | 0x00f6ffff | private | |
private_0x0000000000f70000 | 0x00f70000 | 0x00f7ffff | private | |
private_0x0000000000f80000 | 0x00f80000 | 0x00f87fff | private | |
private_0x0000000000f90000 | 0x00f90000 | 0x0100ffff | private | |
private_0x0000000001010000 | 0x01010000 | 0x01017fff | private | |
private_0x0000000001020000 | 0x01020000 | 0x01027fff | private | |
Windows.edb | 0x01030000 | 0x0103ffff | mapped_file | |
Windows.edb | 0x01040000 | 0x0104ffff | mapped_file | |
Windows.edb | 0x01050000 | 0x0105ffff | mapped_file | |
Windows.edb | 0x01060000 | 0x0106ffff | mapped_file | |
Windows.edb | 0x01070000 | 0x0107ffff | mapped_file | |
private_0x0000000001080000 | 0x01080000 | 0x010fffff | private | |
private_0x0000000001100000 | 0x01100000 | 0x011fffff | private | |
Windows.edb | 0x01200000 | 0x0120ffff | mapped_file | |
Windows.edb | 0x01210000 | 0x0121ffff | mapped_file | |
Windows.edb | 0x01220000 | 0x0122ffff | mapped_file | |
Windows.edb | 0x01230000 | 0x0123ffff | mapped_file | |
private_0x0000000001240000 | 0x01240000 | 0x012bffff | private | |
private_0x00000000012c0000 | 0x012c0000 | 0x013bffff | private | |
private_0x00000000013c0000 | 0x013c0000 | 0x014bffff | private | |
private_0x00000000014c0000 | 0x014c0000 | 0x015bffff | private | |
private_0x00000000015c0000 | 0x015c0000 | 0x016bffff | private | |
pagefile_0x00000000016c0000 | 0x016c0000 | 0x016cffff | pagefile_backed | |
pagefile_0x00000000016d0000 | 0x016d0000 | 0x016dffff | pagefile_backed | |
pagefile_0x00000000016e0000 | 0x016e0000 | 0x016effff | pagefile_backed | |
pagefile_0x00000000016f0000 | 0x016f0000 | 0x016fffff | pagefile_backed | |
pagefile_0x0000000001700000 | 0x01700000 | 0x0170ffff | pagefile_backed | |
pagefile_0x0000000001710000 | 0x01710000 | 0x0171ffff | pagefile_backed | |
pagefile_0x0000000001720000 | 0x01720000 | 0x0172ffff | pagefile_backed | |
pagefile_0x0000000001730000 | 0x01730000 | 0x0173ffff | pagefile_backed | |
pagefile_0x0000000001740000 | 0x01740000 | 0x0174ffff | pagefile_backed | |
pagefile_0x0000000001750000 | 0x01750000 | 0x0175ffff | pagefile_backed | |
pagefile_0x0000000001760000 | 0x01760000 | 0x0176ffff | pagefile_backed | |
pagefile_0x0000000001770000 | 0x01770000 | 0x0177ffff | pagefile_backed | |
pagefile_0x0000000001780000 | 0x01780000 | 0x0178ffff | pagefile_backed | |
pagefile_0x0000000001790000 | 0x01790000 | 0x0179ffff | pagefile_backed | |
pagefile_0x00000000017a0000 | 0x017a0000 | 0x017affff | pagefile_backed | |
pagefile_0x00000000017b0000 | 0x017b0000 | 0x017bffff | pagefile_backed | |
pagefile_0x00000000017c0000 | 0x017c0000 | 0x017cffff | pagefile_backed | |
pagefile_0x00000000017d0000 | 0x017d0000 | 0x017dffff | pagefile_backed | |
pagefile_0x00000000017e0000 | 0x017e0000 | 0x017effff | pagefile_backed | |
pagefile_0x00000000017f0000 | 0x017f0000 | 0x017fffff | pagefile_backed | |
pagefile_0x0000000001800000 | 0x01800000 | 0x0180ffff | pagefile_backed | |
pagefile_0x0000000001810000 | 0x01810000 | 0x0181ffff | pagefile_backed | |
pagefile_0x0000000001820000 | 0x01820000 | 0x0182ffff | pagefile_backed | |
pagefile_0x0000000001830000 | 0x01830000 | 0x0183ffff | pagefile_backed | |
pagefile_0x0000000001840000 | 0x01840000 | 0x0184ffff | pagefile_backed | |
pagefile_0x0000000001850000 | 0x01850000 | 0x0185ffff | pagefile_backed | |
pagefile_0x0000000001860000 | 0x01860000 | 0x0186ffff | pagefile_backed | |
pagefile_0x0000000001870000 | 0x01870000 | 0x0187ffff | pagefile_backed | |
pagefile_0x0000000001880000 | 0x01880000 | 0x0188ffff | pagefile_backed | |
pagefile_0x0000000001890000 | 0x01890000 | 0x0189ffff | pagefile_backed | |
pagefile_0x00000000018a0000 | 0x018a0000 | 0x018affff | pagefile_backed | |
pagefile_0x00000000018b0000 | 0x018b0000 | 0x018bffff | pagefile_backed | |
private_0x00000000018c0000 | 0x018c0000 | 0x019bffff | private | |
private_0x00000000019c0000 | 0x019c0000 | 0x029bffff | private | |
private_0x00000000029c0000 | 0x029c0000 | 0x02abffff | private | |
pagefile_0x0000000002ac0000 | 0x02ac0000 | 0x02b3ffff | pagefile_backed | |
pagefile_0x0000000002b40000 | 0x02b40000 | 0x02bbffff | pagefile_backed | |
Windows.edb | 0x02bc0000 | 0x02bcffff | mapped_file | |
Windows.edb | 0x02bd0000 | 0x02bdffff | mapped_file | |
Windows.edb | 0x02be0000 | 0x02beffff | mapped_file | |
Windows.edb | 0x02bf0000 | 0x02bfffff | mapped_file | |
Windows.edb | 0x02c00000 | 0x02c0ffff | mapped_file | |
Windows.edb | 0x02c10000 | 0x02c1ffff | mapped_file | |
Windows.edb | 0x02c20000 | 0x02c2ffff | mapped_file | |
private_0x0000000002c30000 | 0x02c30000 | 0x02c3ffff | private | |
private_0x0000000002c40000 | 0x02c40000 | 0x02c4ffff | private | |
private_0x0000000002c50000 | 0x02c50000 | 0x02c5ffff | private | |
Windows.edb | 0x02c60000 | 0x02c6ffff | mapped_file | |
Windows.edb | 0x02c70000 | 0x02c7ffff | mapped_file | |
Windows.edb | 0x02c80000 | 0x02c8ffff | mapped_file | |
Windows.edb | 0x02c90000 | 0x02c9ffff | mapped_file | |
Windows.edb | 0x02ca0000 | 0x02caffff | mapped_file | |
private_0x0000000002cb0000 | 0x02cb0000 | 0x02cbffff | private | |
Windows.edb | 0x02cc0000 | 0x02ccffff | mapped_file | |
private_0x0000000002cd0000 | 0x02cd0000 | 0x02d4ffff | private | |
Windows.edb | 0x02d50000 | 0x02d5ffff | mapped_file | |
Windows.edb | 0x02d60000 | 0x02d6ffff | mapped_file | |
Windows.edb | 0x02d70000 | 0x02d7ffff | mapped_file | |
pagefile_0x0000000002d80000 | 0x02d80000 | 0x02d80fff | pagefile_backed | |
pagefile_0x0000000002d90000 | 0x02d90000 | 0x02d9afff | pagefile_backed | |
vsstrace.dll.mui | 0x02da0000 | 0x02da7fff | mapped_file | |
00010001.wid | 0x02db0000 | 0x02dbffff | mapped_file | |
00010001.dir | 0x02dc0000 | 0x02dc0fff | mapped_file | |
00010002.wid | 0x02dd0000 | 0x02ddffff | mapped_file | |
00010002.dir | 0x02de0000 | 0x02de0fff | mapped_file | |
0001000D.wid | 0x02df0000 | 0x02dfffff | mapped_file | |
0001000D.dir | 0x02e00000 | 0x02e00fff | mapped_file | |
00010012.wid | 0x02e10000 | 0x02e1ffff | mapped_file | |
00010012.dir | 0x02e20000 | 0x02e20fff | mapped_file | |
00010013.wid | 0x02e30000 | 0x02e3ffff | mapped_file | |
00010013.dir | 0x02e40000 | 0x02e40fff | mapped_file | |
private_0x0000000002e50000 | 0x02e50000 | 0x02ecffff | private | |
Windows.edb | 0x02ed0000 | 0x02edffff | mapped_file | |
Windows.edb | 0x02ee0000 | 0x02eeffff | mapped_file | |
pagefile_0x0000000002ef0000 | 0x02ef0000 | 0x02efffff | pagefile_backed | |
private_0x0000000002f00000 | 0x02f00000 | 0x02f7ffff | private | |
pagefile_0x0000000002f80000 | 0x02f80000 | 0x02f8ffff | pagefile_backed | |
Windows.edb | 0x02f90000 | 0x02f9ffff | mapped_file | |
Windows.edb | 0x02fa0000 | 0x02faffff | mapped_file | |
Windows.edb | 0x02fb0000 | 0x02fbffff | mapped_file | |
Windows.edb | 0x02fc0000 | 0x02fcffff | mapped_file | |
Windows.edb | 0x02fd0000 | 0x02fdffff | mapped_file | |
Windows.edb | 0x02fe0000 | 0x02feffff | mapped_file | |
Windows.edb | 0x02ff0000 | 0x02ffffff | mapped_file | |
Windows.edb | 0x03000000 | 0x0300ffff | mapped_file | |
Windows.edb | 0x03010000 | 0x0301ffff | mapped_file | |
Windows.edb | 0x03020000 | 0x0302ffff | mapped_file | |
Windows.edb | 0x03030000 | 0x0303ffff | mapped_file | |
Windows.edb | 0x03040000 | 0x0304ffff | mapped_file | |
Windows.edb | 0x03050000 | 0x0305ffff | mapped_file | |
pagefile_0x0000000003060000 | 0x03060000 | 0x03061fff | pagefile_backed | |
pagefile_0x0000000003070000 | 0x03070000 | 0x03070fff | pagefile_backed | |
pagefile_0x0000000003080000 | 0x03080000 | 0x03081fff | pagefile_backed | |
shell32.dll.mui | 0x03090000 | 0x030ebfff | mapped_file | |
propsys.dll.mui | 0x030f0000 | 0x030fdfff | mapped_file | |
Windows.edb | 0x03100000 | 0x0310ffff | mapped_file | |
Windows.edb | 0x03110000 | 0x0311ffff | mapped_file | |
setupapi.dll.mui | 0x03120000 | 0x0312cfff | mapped_file | |
pagefile_0x0000000003130000 | 0x03130000 | 0x0313ffff | pagefile_backed | |
pagefile_0x0000000003140000 | 0x03140000 | 0x0314ffff | pagefile_backed | |
private_0x0000000003150000 | 0x03150000 | 0x031cffff | private | |
00010003.wid | 0x031d0000 | 0x031dffff | mapped_file | |
00010003.dir | 0x031e0000 | 0x031e0fff | mapped_file | |
0001000D.wsb | 0x031f0000 | 0x031fffff | mapped_file | |
private_0x0000000003240000 | 0x03240000 | 0x032bffff | private | |
private_0x00000000032c0000 | 0x032c0000 | 0x034bffff | private | |
private_0x0000000003570000 | 0x03570000 | 0x035effff | private | |
private_0x00000000035f0000 | 0x035f0000 | 0x037f0fff | private | |
private_0x00000000038e0000 | 0x038e0000 | 0x0395ffff | private | |
private_0x00000000039b0000 | 0x039b0000 | 0x03a2ffff | private | |
NlsLexicons0007.dll | 0x74420000 | 0x74f9bfff | mapped_file | |
NlsLexicons0009.dll | 0x74fa0000 | 0x75222fff | mapped_file | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
psapi.dll | 0x77840000 | 0x77846fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
SearchIndexer.exe | 0xff1f0000 | 0xff281fff | mapped_file | |
NlsData0007.dll | 0x7fef5b30000 | 0x7fef5d3dfff | mapped_file | |
NlsData0009.dll | 0x7fef5d40000 | 0x7fef633efff | mapped_file | |
tquery.dll.mui | 0x7fef7040000 | 0x7fef7070fff | mapped_file | |
mssrch.dll | 0x7fef7080000 | 0x7fef72a2fff | mapped_file | |
tquery.dll | 0x7fef72b0000 | 0x7fef74e9fff | mapped_file | |
esent.dll | 0x7fef79d0000 | 0x7fef7c49fff | mapped_file | |
vsstrace.dll | 0x7fef9b90000 | 0x7fef9ba6fff | mapped_file | |
vssapi.dll | 0x7fef9bb0000 | 0x7fef9d5ffff | mapped_file | |
mssprxy.dll | 0x7fefa730000 | 0x7fefa74cfff | mapped_file | |
msidle.dll | 0x7fefa890000 | 0x7fefa896fff | mapped_file | |
es.dll | 0x7fefac40000 | 0x7fefaca6fff | mapped_file | |
atl.dll | 0x7fefacc0000 | 0x7fefacd8fff | mapped_file | |
samcli.dll | 0x7fefb540000 | 0x7fefb553fff | mapped_file | |
netutils.dll | 0x7fefb580000 | 0x7fefb58bfff | mapped_file | |
wtsapi32.dll | 0x7fefb6c0000 | 0x7fefb6d0fff | mapped_file | |
NaturalLanguage6.dll | 0x7fefbb80000 | 0x7fefbcc7fff | mapped_file | |
propsys.dll | 0x7fefbd30000 | 0x7fefbe5bfff | mapped_file | |
samlib.dll | 0x7fefbe60000 | 0x7fefbe7cfff | mapped_file | |
comctl32.dll | 0x7fefbe80000 | 0x7fefc073fff | mapped_file | |
ntmarta.dll | 0x7fefc370000 | 0x7fefc39cfff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
apphelp.dll | 0x7fefd280000 | 0x7fefd2d6fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
sxs.dll | 0x7fefd2f0000 | 0x7fefd380fff | mapped_file | |
winsta.dll | 0x7fefd390000 | 0x7fefd3ccfff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
msasn1.dll | 0x7fefd480000 | 0x7fefd48efff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
cfgmgr32.dll | 0x7fefd4a0000 | 0x7fefd4d5fff | mapped_file | |
userenv.dll | 0x7fefd4e0000 | 0x7fefd4fdfff | mapped_file | |
devobj.dll | 0x7fefd520000 | 0x7fefd539fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
crypt32.dll | 0x7fefd610000 | 0x7fefd77bfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
Wldap32.dll | 0x7fefe0c0000 | 0x7fefe111fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
setupapi.dll | 0x7fefe430000 | 0x7fefe606fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
shell32.dll | 0x7fefe930000 | 0x7feff6b7fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffa0000 | 0x7fffffa0000 | 0x7fffffa1fff | private | |
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | private | |
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | private | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | private | |
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | private | |
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x804, 0x4c8, 0x164, 0x374, 0x380, 0x368, 0x5d0, 0x594, 0x598, 0x534, 0x530, 0x3c4, 0x46c, 0x7a8 |
ID | #29 |
OS PID | 0x1b8 |
OS Parent PID | 0x688 |
Image Name | searchprotocolhost.exe |
Page Root | 0x12531000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-272637189-1204002015-1709914517-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-272637189-1204002015-1709914517-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1" |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
private_0x0000000000020000 | 0x00020000 | 0x00020fff | private | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
private_0x0000000000040000 | 0x00040000 | 0x00040fff | private | |
locale.nls | 0x00050000 | 0x000b6fff | mapped_file | |
private_0x00000000000c0000 | 0x000c0000 | 0x001bffff | private | |
private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | private | |
private_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | private | |
pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | pagefile_backed | |
pagefile_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | pagefile_backed | |
pagefile_0x0000000000200000 | 0x00200000 | 0x0020ffff | pagefile_backed | |
private_0x0000000000210000 | 0x00210000 | 0x0028ffff | private | |
pagefile_0x0000000000290000 | 0x00290000 | 0x0029ffff | pagefile_backed | |
private_0x00000000002a0000 | 0x002a0000 | 0x0031ffff | private | |
pagefile_0x0000000000320000 | 0x00320000 | 0x00321fff | pagefile_backed | |
pagefile_0x0000000000330000 | 0x00330000 | 0x00330fff | pagefile_backed | |
pagefile_0x0000000000340000 | 0x00340000 | 0x00341fff | pagefile_backed | |
counters.dat | 0x00350000 | 0x00350fff | mapped_file | |
pagefile_0x0000000000360000 | 0x00360000 | 0x0036ffff | pagefile_backed | |
cversions.2.db | 0x00370000 | 0x00373fff | mapped_file | |
{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000013.db | 0x00380000 | 0x003affff | mapped_file | |
private_0x00000000003b0000 | 0x003b0000 | 0x004affff | private | |
pagefile_0x00000000004b0000 | 0x004b0000 | 0x00637fff | pagefile_backed | |
private_0x0000000000640000 | 0x00640000 | 0x0064ffff | private | |
pagefile_0x0000000000650000 | 0x00650000 | 0x007d0fff | pagefile_backed | |
pagefile_0x00000000007e0000 | 0x007e0000 | 0x01bdffff | pagefile_backed | |
cversions.2.db | 0x01be0000 | 0x01be3fff | mapped_file | |
{80CEF694-92F9-4BDC-B349-951A4243108B}.2.ver0x0000000000000001.db | 0x01bf0000 | 0x01bf0fff | mapped_file | |
private_0x0000000001c40000 | 0x01c40000 | 0x01cbffff | private | |
private_0x0000000001cf0000 | 0x01cf0000 | 0x01d6ffff | private | |
private_0x0000000001dc0000 | 0x01dc0000 | 0x01e3ffff | private | |
private_0x0000000001e40000 | 0x01e40000 | 0x01f3ffff | private | |
private_0x0000000001fb0000 | 0x01fb0000 | 0x0202ffff | private | |
SortDefault.nls | 0x02030000 | 0x022fefff | mapped_file | |
private_0x0000000002370000 | 0x02370000 | 0x023effff | private | |
private_0x00000000024b0000 | 0x024b0000 | 0x0252ffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
normaliz.dll | 0x77830000 | 0x77832fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
SearchProtocolHost.exe | 0xff4a0000 | 0xff4e0fff | mapped_file | |
ieframe.dll | 0x7fef6340000 | 0x7fef7031fff | mapped_file | |
tquery.dll | 0x7fef72b0000 | 0x7fef74e9fff | mapped_file | |
cscapi.dll | 0x7fef74f0000 | 0x7fef74fefff | mapped_file | |
api-ms-win-downlevel-advapi32-l2-1-0.dll | 0x7fef7c50000 | 0x7fef7c53fff | mapped_file | |
mssprxy.dll | 0x7fefa730000 | 0x7fefa74cfff | mapped_file | |
msidle.dll | 0x7fefa890000 | 0x7fefa896fff | mapped_file | |
cscobj.dll | 0x7fefba70000 | 0x7fefbaaefff | mapped_file | |
mssvp.dll | 0x7fefbab0000 | 0x7fefbb71fff | mapped_file | |
propsys.dll | 0x7fefbd30000 | 0x7fefbe5bfff | mapped_file | |
comctl32.dll | 0x7fefbe80000 | 0x7fefc073fff | mapped_file | |
mapi32.dll | 0x7fefc1b0000 | 0x7fefc1cafff | mapped_file | |
mlang.dll | 0x7fefc220000 | 0x7fefc25afff | mapped_file | |
api-ms-win-downlevel-shlwapi-l2-1-0.dll | 0x7fefc3a0000 | 0x7fefc3a3fff | mapped_file | |
api-ms-win-downlevel-shell32-l1-1-0.dll | 0x7fefc3b0000 | 0x7fefc3b3fff | mapped_file | |
msshooks.dll | 0x7fefc3c0000 | 0x7fefc3c7fff | mapped_file | |
version.dll | 0x7fefc570000 | 0x7fefc57bfff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
userenv.dll | 0x7fefd4e0000 | 0x7fefd4fdfff | mapped_file | |
api-ms-win-downlevel-normaliz-l1-1-0.dll | 0x7fefd500000 | 0x7fefd502fff | mapped_file | |
api-ms-win-downlevel-advapi32-l1-1-0.dll | 0x7fefd510000 | 0x7fefd514fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
api-ms-win-downlevel-ole32-l1-1-0.dll | 0x7fefd5f0000 | 0x7fefd5f3fff | mapped_file | |
api-ms-win-downlevel-user32-l1-1-0.dll | 0x7fefd600000 | 0x7fefd603fff | mapped_file | |
api-ms-win-downlevel-shlwapi-l1-1-0.dll | 0x7fefd820000 | 0x7fefd823fff | mapped_file | |
api-ms-win-downlevel-version-l1-1-0.dll | 0x7fefd830000 | 0x7fefd833fff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
iertutil.dll | 0x7fefdae0000 | 0x7fefdd8afff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
wininet.dll | 0x7fefde00000 | 0x7fefe030fff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
shell32.dll | 0x7fefe930000 | 0x7feff6b7fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdafff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x404, 0x338, 0x300, 0x348, 0x7c0, 0x5a0, 0x17c |
ID | #30 |
OS PID | 0x5b0 |
OS Parent PID | 0x688 |
Image Name | searchfilterhost.exe |
Page Root | 0x0e994000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516 |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|
OS TIDs |
---|
0x320, 0x31c, 0x344, 0x304, 0x33c |
ID | #31 |
OS PID | 0x790 |
OS Parent PID | 0x688 |
Image Name | searchprotocolhost.exe |
Page Root | 0x0dec7000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
private_0x0000000000020000 | 0x00020000 | 0x00020fff | private | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
private_0x0000000000040000 | 0x00040000 | 0x00040fff | private | |
locale.nls | 0x00050000 | 0x000b6fff | mapped_file | |
private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | private | |
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | private | |
pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | pagefile_backed | |
pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | pagefile_backed | |
pagefile_0x0000000000100000 | 0x00100000 | 0x0010ffff | pagefile_backed | |
pagefile_0x0000000000110000 | 0x00110000 | 0x0011ffff | pagefile_backed | |
private_0x0000000000160000 | 0x00160000 | 0x001dffff | private | |
pagefile_0x00000000001e0000 | 0x001e0000 | 0x0029ffff | pagefile_backed | |
private_0x00000000002a0000 | 0x002a0000 | 0x002affff | private | |
private_0x00000000002b0000 | 0x002b0000 | 0x003affff | private | |
private_0x00000000003c0000 | 0x003c0000 | 0x004bffff | private | |
pagefile_0x00000000004c0000 | 0x004c0000 | 0x00647fff | pagefile_backed | |
pagefile_0x0000000000650000 | 0x00650000 | 0x007d0fff | pagefile_backed | |
private_0x0000000000810000 | 0x00810000 | 0x0088ffff | private | |
private_0x0000000000890000 | 0x00890000 | 0x0090ffff | private | |
private_0x0000000000910000 | 0x00910000 | 0x0098ffff | private | |
private_0x0000000000a00000 | 0x00a00000 | 0x00a7ffff | private | |
private_0x0000000000b40000 | 0x00b40000 | 0x00bbffff | private | |
private_0x0000000000bc0000 | 0x00bc0000 | 0x00cbffff | private | |
private_0x0000000000d00000 | 0x00d00000 | 0x00d7ffff | private | |
SortDefault.nls | 0x00d80000 | 0x0104efff | mapped_file | |
private_0x0000000001160000 | 0x01160000 | 0x011dffff | private | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
SearchProtocolHost.exe | 0xff4a0000 | 0xff4e0fff | mapped_file | |
tquery.dll | 0x7fef72b0000 | 0x7fef74e9fff | mapped_file | |
mssprxy.dll | 0x7fefa730000 | 0x7fefa74cfff | mapped_file | |
msidle.dll | 0x7fefa890000 | 0x7fefa896fff | mapped_file | |
mssph.dll | 0x7fefb9f0000 | 0x7fefba6cfff | mapped_file | |
mapi32.dll | 0x7fefc1b0000 | 0x7fefc1cafff | mapped_file | |
msshooks.dll | 0x7fefc3c0000 | 0x7fefc3c7fff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
authz.dll | 0x7fefce70000 | 0x7fefce9efff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffdcfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0x7b4, 0x784, 0x760, 0x7b8, 0x7bc, 0x7a4, 0x7ac |
ID | #32 |
OS PID | 0x824 |
OS Parent PID | 0x314 |
Image Name | dwm.exe |
Page Root | 0x1213e000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | "C:\Windows\system32\Dwm.exe" |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|
OS TIDs |
---|
0x98c, 0x984, 0x838, 0x82c, 0x828 |
ID | #33 |
OS PID | 0x830 |
OS Parent PID | 0xffffffffffffffff |
Image Name | explorer.exe |
Page Root | 0x110ef000 |
Monitor Reason | child_process |
Unmonitor Reason | (still running) |
CMD Line | C:\Windows\Explorer.EXE |
Current Directory | C:\Windows\system32\ |
Name | Start VA | End VA | Type | Monitored |
---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | pagefile_backed | |
pagefile_0x0000000000020000 | 0x00020000 | 0x00021fff | pagefile_backed | |
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | pagefile_backed | |
pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | pagefile_backed | |
private_0x0000000000050000 | 0x00050000 | 0x00050fff | private | |
locale.nls | 0x00060000 | 0x000c6fff | mapped_file | |
explorer.exe.mui | 0x000d0000 | 0x000d5fff | mapped_file | |
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | private | |
private_0x00000000000f0000 | 0x000f0000 | 0x0016ffff | private | |
private_0x0000000000170000 | 0x00170000 | 0x00170fff | private | |
setupapi.dll.mui | 0x00180000 | 0x0018cfff | mapped_file | |
private_0x0000000000190000 | 0x00190000 | 0x0028ffff | private | |
private_0x0000000000290000 | 0x00290000 | 0x002cffff | private | |
pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | pagefile_backed | |
pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e1fff | pagefile_backed | |
pagefile_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | pagefile_backed | |
pagefile_0x0000000000300000 | 0x00300000 | 0x00301fff | pagefile_backed | |
pagefile_0x0000000000310000 | 0x00310000 | 0x00310fff | pagefile_backed | |
pagefile_0x0000000000320000 | 0x00320000 | 0x00321fff | pagefile_backed | |
pagefile_0x0000000000330000 | 0x00330000 | 0x00331fff | pagefile_backed | |
private_0x0000000000340000 | 0x00340000 | 0x00340fff | private | |
private_0x0000000000350000 | 0x00350000 | 0x0035ffff | private | |
private_0x0000000000360000 | 0x00360000 | 0x0045ffff | private | |
pagefile_0x0000000000460000 | 0x00460000 | 0x005e7fff | pagefile_backed | |
pagefile_0x00000000005f0000 | 0x005f0000 | 0x00770fff | pagefile_backed | |
pagefile_0x0000000000780000 | 0x00780000 | 0x01b7ffff | pagefile_backed | |
pagefile_0x0000000001b80000 | 0x01b80000 | 0x01b8ffff | pagefile_backed | |
pagefile_0x0000000001b90000 | 0x01b90000 | 0x01b9ffff | pagefile_backed | |
pagefile_0x0000000001ba0000 | 0x01ba0000 | 0x01baffff | pagefile_backed | |
pagefile_0x0000000001bb0000 | 0x01bb0000 | 0x01bb1fff | pagefile_backed | |
private_0x0000000001bc0000 | 0x01bc0000 | 0x01c01fff | private | |
msctf.dll.mui | 0x01c10000 | 0x01c10fff | mapped_file | |
comctl32.dll.mui | 0x01c20000 | 0x01c22fff | mapped_file | |
private_0x0000000001c30000 | 0x01c30000 | 0x01c30fff | private | |
private_0x0000000001c40000 | 0x01c40000 | 0x01cbffff | private | |
pagefile_0x0000000001cc0000 | 0x01cc0000 | 0x01d9efff | pagefile_backed | |
shell32.dll.mui | 0x01da0000 | 0x01dfbfff | mapped_file | |
private_0x0000000001e00000 | 0x01e00000 | 0x01e2dfff | private | |
private_0x0000000001e30000 | 0x01e30000 | 0x01eaffff | private | |
private_0x0000000001eb0000 | 0x01eb0000 | 0x01eb0fff | private | |
private_0x0000000001ec0000 | 0x01ec0000 | 0x01ec8fff | private | |
private_0x0000000001ed0000 | 0x01ed0000 | 0x01f4ffff | private | |
SortDefault.nls | 0x01f50000 | 0x0221efff | mapped_file | |
private_0x0000000002220000 | 0x02220000 | 0x02327fff | private | |
private_0x0000000002330000 | 0x02330000 | 0x02389fff | private | |
private_0x0000000002390000 | 0x02390000 | 0x023d1fff | private | |
private_0x00000000023e0000 | 0x023e0000 | 0x024dffff | private | |
private_0x00000000024e0000 | 0x024e0000 | 0x024e7fff | private | |
{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000026.db | 0x024f0000 | 0x02516fff | mapped_file | |
pagefile_0x0000000002520000 | 0x02520000 | 0x02520fff | pagefile_backed | |
cversions.2.db | 0x02530000 | 0x02533fff | mapped_file | |
{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000013.db | 0x02540000 | 0x0256ffff | mapped_file | |
private_0x0000000002570000 | 0x02570000 | 0x025effff | private | |
private_0x00000000025f0000 | 0x025f0000 | 0x027effff | private | |
private_0x00000000027f0000 | 0x027f0000 | 0x0286ffff | private | |
cversions.2.db | 0x02870000 | 0x02873fff | mapped_file | |
pagefile_0x0000000002880000 | 0x02880000 | 0x02881fff | pagefile_backed | |
msutb.dll.mui | 0x02890000 | 0x02891fff | mapped_file | |
private_0x00000000028a0000 | 0x028a0000 | 0x028a0fff | private | |
private_0x00000000028b0000 | 0x028b0000 | 0x028b0fff | private | |
private_0x00000000028c0000 | 0x028c0000 | 0x0293ffff | private | |
private_0x0000000002940000 | 0x02940000 | 0x029bffff | private | |
private_0x00000000029c0000 | 0x029c0000 | 0x02abffff | private | |
explorerframe.dll.mui | 0x02ac0000 | 0x02ac4fff | mapped_file | |
private_0x0000000002ad0000 | 0x02ad0000 | 0x02ad0fff | private | |
private_0x0000000002ae0000 | 0x02ae0000 | 0x02ae3fff | private | |
private_0x0000000002af0000 | 0x02af0000 | 0x02af3fff | private | |
private_0x0000000002b00000 | 0x02b00000 | 0x02b7ffff | private | |
StaticCache.dat | 0x02b80000 | 0x034affff | mapped_file | |
pagefile_0x00000000034b0000 | 0x034b0000 | 0x034b0fff | pagefile_backed | |
private_0x00000000034c0000 | 0x034c0000 | 0x034c0fff | private | |
private_0x00000000034d0000 | 0x034d0000 | 0x034d0fff | private | |
pagefile_0x00000000034e0000 | 0x034e0000 | 0x034e1fff | pagefile_backed | |
pagefile_0x00000000034f0000 | 0x034f0000 | 0x034f1fff | pagefile_backed | |
authui.dll.mui | 0x03500000 | 0x03506fff | mapped_file | |
pagefile_0x0000000003510000 | 0x03510000 | 0x03510fff | pagefile_backed | |
private_0x0000000003520000 | 0x03520000 | 0x03520fff | private | |
private_0x0000000003530000 | 0x03530000 | 0x03530fff | private | |
private_0x0000000003540000 | 0x03540000 | 0x03540fff | private | |
private_0x0000000003550000 | 0x03550000 | 0x03550fff | private | |
private_0x0000000003560000 | 0x03560000 | 0x03560fff | private | |
private_0x0000000003570000 | 0x03570000 | 0x03570fff | private | |
{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | 0x03580000 | 0x035e5fff | mapped_file | |
private_0x00000000035f0000 | 0x035f0000 | 0x035f0fff | private | |
private_0x0000000003600000 | 0x03600000 | 0x03600fff | private | |
private_0x0000000003610000 | 0x03610000 | 0x03610fff | private | |
private_0x0000000003620000 | 0x03620000 | 0x03620fff | private | |
private_0x0000000003630000 | 0x03630000 | 0x036affff | private | |
private_0x00000000036b0000 | 0x036b0000 | 0x036b0fff | private | |
private_0x00000000036c0000 | 0x036c0000 | 0x036c0fff | private | |
private_0x00000000036d0000 | 0x036d0000 | 0x036d0fff | private | |
private_0x00000000036e0000 | 0x036e0000 | 0x036e0fff | private | |
private_0x00000000036f0000 | 0x036f0000 | 0x036f0fff | private | |
private_0x0000000003700000 | 0x03700000 | 0x03720fff | private | |
propsys.dll.mui | 0x03730000 | 0x0373dfff | mapped_file | |
private_0x0000000003740000 | 0x03740000 | 0x037bffff | private | |
private_0x00000000037c0000 | 0x037c0000 | 0x0383ffff | private | |
pagefile_0x0000000003840000 | 0x03840000 | 0x03840fff | pagefile_backed | |
private_0x0000000003850000 | 0x03850000 | 0x03850fff | private | |
private_0x0000000003860000 | 0x03860000 | 0x03860fff | private | |
private_0x0000000003870000 | 0x03870000 | 0x038effff | private | |
pagefile_0x00000000038f0000 | 0x038f0000 | 0x038f1fff | pagefile_backed | |
cversions.2.db | 0x03900000 | 0x03903fff | mapped_file | |
{80CEF694-92F9-4BDC-B349-951A4243108B}.2.ver0x0000000000000001.db | 0x03910000 | 0x03910fff | mapped_file | |
private_0x0000000003920000 | 0x03920000 | 0x03923fff | private | |
private_0x0000000003930000 | 0x03930000 | 0x03932fff | private | |
private_0x0000000003940000 | 0x03940000 | 0x039bffff | private | |
private_0x00000000039c0000 | 0x039c0000 | 0x03a07fff | private | |
thumbcache_32.db | 0x03a10000 | 0x03b0ffff | mapped_file | |
thumbcache_1024.db | 0x03b10000 | 0x03b10fff | mapped_file | |
thumbcache_sr.db | 0x03b20000 | 0x03b20fff | mapped_file | |
thumbcache_idx.db | 0x03b30000 | 0x03b33fff | mapped_file | |
stobject.dll.mui | 0x03b40000 | 0x03b41fff | mapped_file | |
private_0x0000000003b50000 | 0x03b50000 | 0x03bcffff | private | |
private_0x0000000003bd0000 | 0x03bd0000 | 0x03c1ffff | private | |
pagefile_0x0000000003c20000 | 0x03c20000 | 0x03c21fff | pagefile_backed | |
private_0x0000000003c30000 | 0x03c30000 | 0x03caffff | private | |
cversions.2.db | 0x03cb0000 | 0x03cb3fff | mapped_file | |
pagefile_0x0000000003cc0000 | 0x03cc0000 | 0x03cc1fff | pagefile_backed | |
private_0x0000000003cd0000 | 0x03cd0000 | 0x03cd0fff | private | |
private_0x0000000003ce0000 | 0x03ce0000 | 0x03d5ffff | private | |
private_0x0000000003d60000 | 0x03d60000 | 0x03f5ffff | private | |
sndvolsso.dll.mui | 0x03f60000 | 0x03f60fff | mapped_file | |
AltTab.dll.mui | 0x03f70000 | 0x03f70fff | mapped_file | |
pnidui.dll.mui | 0x03f80000 | 0x03f84fff | mapped_file | |
private_0x0000000003f90000 | 0x03f90000 | 0x0400ffff | private | |
pagefile_0x0000000004010000 | 0x04010000 | 0x04011fff | pagefile_backed | |
private_0x0000000004020000 | 0x04020000 | 0x0409ffff | private | |
thumbcache_96.db | 0x040a0000 | 0x0419ffff | mapped_file | |
thumbcache_256.db | 0x041a0000 | 0x0429ffff | mapped_file | |
KernelBase.dll.mui | 0x042a0000 | 0x0435ffff | mapped_file | |
private_0x0000000004360000 | 0x04360000 | 0x043dffff | private | |
pagefile_0x00000000043e0000 | 0x043e0000 | 0x043e1fff | pagefile_backed | |
pagefile_0x00000000043f0000 | 0x043f0000 | 0x043f1fff | pagefile_backed | |
pagefile_0x0000000004400000 | 0x04400000 | 0x04401fff | pagefile_backed | |
private_0x0000000004410000 | 0x04410000 | 0x0448ffff | private | |
imageres.dll | 0x04490000 | 0x057e4fff | mapped_file | |
private_0x00000000057f0000 | 0x057f0000 | 0x0586ffff | private | |
bthprops.cpl.mui | 0x05870000 | 0x05876fff | mapped_file | |
pagefile_0x0000000005880000 | 0x05880000 | 0x05881fff | pagefile_backed | |
pagefile_0x0000000005890000 | 0x05890000 | 0x05891fff | pagefile_backed | |
pagefile_0x00000000058a0000 | 0x058a0000 | 0x058a1fff | pagefile_backed | |
private_0x00000000058b0000 | 0x058b0000 | 0x058b0fff | private | |
private_0x00000000058c0000 | 0x058c0000 | 0x0593ffff | private | |
FXSRESM.dll.mui | 0x05940000 | 0x05968fff | mapped_file | |
private_0x0000000005970000 | 0x05970000 | 0x0597ffff | private | |
pagefile_0x0000000005980000 | 0x05980000 | 0x05981fff | pagefile_backed | |
private_0x0000000005990000 | 0x05990000 | 0x05990fff | private | |
private_0x00000000059a0000 | 0x059a0000 | 0x05a1ffff | private | |
thumbcache_256.db | 0x05a20000 | 0x05a3ffff | mapped_file | |
private_0x0000000005a40000 | 0x05a40000 | 0x05a40fff | private | |
private_0x0000000005a60000 | 0x05a60000 | 0x05adffff | private | |
pagefile_0x0000000005ae0000 | 0x05ae0000 | 0x05ae0fff | pagefile_backed | |
thumbcache_1024.db | 0x05af0000 | 0x05af0fff | mapped_file | |
private_0x0000000005b00000 | 0x05b00000 | 0x05b7ffff | private | |
thumbcache_sr.db | 0x05b80000 | 0x05b80fff | mapped_file | |
private_0x0000000005b90000 | 0x05b90000 | 0x05c0ffff | private | |
thumbcache_idx.db | 0x05c10000 | 0x05c13fff | mapped_file | |
private_0x0000000005c20000 | 0x05c20000 | 0x05c9ffff | private | |
thumbcache_1024.db | 0x05ca0000 | 0x05ca0fff | mapped_file | |
thumbcache_sr.db | 0x05cb0000 | 0x05cb0fff | mapped_file | |
thumbcache_idx.db | 0x05cc0000 | 0x05cc3fff | mapped_file | |
thumbcache_256.db | 0x05cd0000 | 0x05ceffff | mapped_file | |
private_0x0000000005d10000 | 0x05d10000 | 0x05d1ffff | private | |
private_0x0000000005d70000 | 0x05d70000 | 0x05deffff | private | |
private_0x0000000005e30000 | 0x05e30000 | 0x05eaffff | private | |
private_0x0000000005f00000 | 0x05f00000 | 0x05f0ffff | private | |
private_0x0000000005f80000 | 0x05f80000 | 0x05ffffff | private | |
thumbcache_32.db | 0x06000000 | 0x060fffff | mapped_file | |
private_0x0000000006100000 | 0x06100000 | 0x0617ffff | private | |
thumbcache_96.db | 0x06180000 | 0x0627ffff | mapped_file | |
private_0x00000000062f0000 | 0x062f0000 | 0x0636ffff | private | |
private_0x0000000006370000 | 0x06370000 | 0x0646ffff | private | |
private_0x0000000006480000 | 0x06480000 | 0x064fffff | private | |
private_0x00000000065f0000 | 0x065f0000 | 0x0666ffff | private | |
thumbcache_256.db | 0x067b0000 | 0x068affff | mapped_file | |
thumbcache_32.db | 0x068b0000 | 0x069affff | mapped_file | |
thumbcache_96.db | 0x069b0000 | 0x06aaffff | mapped_file | |
thumbcache_256.db | 0x06ab0000 | 0x06baffff | mapped_file | |
FXSRESM.dll | 0x74320000 | 0x74402fff | mapped_file | |
ksuser.dll | 0x74410000 | 0x74415fff | mapped_file | |
user32.dll | 0x77450000 | 0x77549fff | mapped_file | |
kernel32.dll | 0x77550000 | 0x7766efff | mapped_file | |
ntdll.dll | 0x77670000 | 0x77818fff | mapped_file | |
normaliz.dll | 0x77830000 | 0x77832fff | mapped_file | |
psapi.dll | 0x77840000 | 0x77846fff | mapped_file | |
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | pagefile_backed | |
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | private | |
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | private | |
explorer.exe | 0xffa00000 | 0xffcbffff | mapped_file | |
FXSAPI.dll | 0x7fef3fd0000 | 0x7fef406cfff | mapped_file | |
FXSST.dll | 0x7fef4070000 | 0x7fef4146fff | mapped_file | |
provsvc.dll | 0x7fef4180000 | 0x7fef41b0fff | mapped_file | |
hgcpl.dll | 0x7fef41c0000 | 0x7fef4214fff | mapped_file | |
imapi2.dll | 0x7fef4220000 | 0x7fef429efff | mapped_file | |
ActionCenter.dll | 0x7fef42a0000 | 0x7fef4361fff | mapped_file | |
SyncCenter.dll | 0x7fef4370000 | 0x7fef459afff | mapped_file | |
bthprops.cpl | 0x7fef45a0000 | 0x7fef4654fff | mapped_file | |
srchadmin.dll | 0x7fef4660000 | 0x7fef46b7fff | mapped_file | |
QAGENT.DLL | 0x7fef46c0000 | 0x7fef4704fff | mapped_file | |
WWanAPI.dll | 0x7fef4710000 | 0x7fef476dfff | mapped_file | |
wlanapi.dll | 0x7fef4770000 | 0x7fef478ffff | mapped_file | |
pnidui.dll | 0x7fef49a0000 | 0x7fef4b5cfff | mapped_file | |
netshell.dll | 0x7fef4b60000 | 0x7fef4deafff | mapped_file | |
DXP.dll | 0x7fef4df0000 | 0x7fef4e63fff | mapped_file | |
prnfldr.dll | 0x7fef4e70000 | 0x7fef4ed8fff | mapped_file | |
batmeter.dll | 0x7fef4ee0000 | 0x7fef4f99fff | mapped_file | |
stobject.dll | 0x7fef4fa0000 | 0x7fef4fe2fff | mapped_file | |
networkexplorer.dll | 0x7fef4ff0000 | 0x7fef518bfff | mapped_file | |
cryptui.dll | 0x7fef5190000 | 0x7fef5298fff | mapped_file | |
authui.dll | 0x7fef52a0000 | 0x7fef547dfff | mapped_file | |
gameux.dll | 0x7fef5480000 | 0x7fef5722fff | mapped_file | |
GdiPlus.dll | 0x7fef5730000 | 0x7fef5945fff | mapped_file | |
ieframe.dll | 0x7fef6340000 | 0x7fef7031fff | mapped_file | |
cscapi.dll | 0x7fef74f0000 | 0x7fef74fefff | mapped_file | |
winmm.dll | 0x7fef7990000 | 0x7fef79cafff | mapped_file | |
api-ms-win-downlevel-advapi32-l2-1-0.dll | 0x7fef7c50000 | 0x7fef7c53fff | mapped_file | |
winspool.drv | 0x7fef7d00000 | 0x7fef7d70fff | mapped_file | |
actxprxy.dll | 0x7fef7dc0000 | 0x7fef7eadfff | mapped_file | |
wer.dll | 0x7fef87c0000 | 0x7fef883bfff | mapped_file | |
npmproxy.dll | 0x7fef8920000 | 0x7fef892bfff | mapped_file | |
netprofm.dll | 0x7fef8b80000 | 0x7fef8bf3fff | mapped_file | |
msutb.dll | 0x7fef9ef0000 | 0x7fef9f2cfff | mapped_file | |
ExplorerFrame.dll | 0x7fefa000000 | 0x7fefa1c9fff | mapped_file | |
webio.dll | 0x7fefa370000 | 0x7fefa3d3fff | mapped_file | |
winhttp.dll | 0x7fefa3e0000 | 0x7fefa450fff | mapped_file | |
wdmaud.drv | 0x7fefa4c0000 | 0x7fefa4fafff | mapped_file | |
UIAnimation.dll | 0x7fefa500000 | 0x7fefa539fff | mapped_file | |
msftedit.dll | 0x7fefa540000 | 0x7fefa605fff | mapped_file | |
QUTIL.DLL | 0x7fefa690000 | 0x7fefa6aefff | mapped_file | |
tiptsf.dll | 0x7fefa6b0000 | 0x7fefa72efff | mapped_file | |
mssprxy.dll | 0x7fefa730000 | 0x7fefa74cfff | mapped_file | |
wwapi.dll | 0x7fefa880000 | 0x7fefa88cfff | mapped_file | |
wlanutil.dll | 0x7fefa8a0000 | 0x7fefa8a6fff | mapped_file | |
Syncreg.dll | 0x7fefa8b0000 | 0x7fefa8c5fff | mapped_file | |
msls31.dll | 0x7fefa8d0000 | 0x7fefa911fff | mapped_file | |
dhcpcsvc.dll | 0x7fefaa10000 | 0x7fefaa27fff | mapped_file | |
dhcpcsvc6.dll | 0x7fefaa30000 | 0x7fefaa40fff | mapped_file | |
winnsi.dll | 0x7fefabc0000 | 0x7fefabcafff | mapped_file | |
IPHLPAPI.DLL | 0x7fefabd0000 | 0x7fefabf6fff | mapped_file | |
es.dll | 0x7fefac40000 | 0x7fefaca6fff | mapped_file | |
atl.dll | 0x7fefacc0000 | 0x7fefacd8fff | mapped_file | |
slc.dll | 0x7fefad20000 | 0x7fefad2afff | mapped_file | |
nlaapi.dll | 0x7fefad40000 | 0x7fefad54fff | mapped_file | |
avrt.dll | 0x7fefb1d0000 | 0x7fefb1d8fff | mapped_file | |
powrprof.dll | 0x7fefb1e0000 | 0x7fefb20bfff | mapped_file | |
thumbcache.dll | 0x7fefb2c0000 | 0x7fefb2defff | mapped_file | |
shdocvw.dll | 0x7fefb2e0000 | 0x7fefb313fff | mapped_file | |
timedate.cpl | 0x7fefb320000 | 0x7fefb3a2fff | mapped_file | |
SndVolSSO.dll | 0x7fefb3b0000 | 0x7fefb3eafff | mapped_file | |
shacct.dll | 0x7fefb410000 | 0x7fefb433fff | mapped_file | |
ntshrui.dll | 0x7fefb440000 | 0x7fefb4bffff | mapped_file | |
cscui.dll | 0x7fefb4c0000 | 0x7fefb53dfff | mapped_file | |
samcli.dll | 0x7fefb540000 | 0x7fefb553fff | mapped_file | |
wkscli.dll | 0x7fefb560000 | 0x7fefb574fff | mapped_file | |
netutils.dll | 0x7fefb580000 | 0x7fefb58bfff | mapped_file | |
AltTab.dll | 0x7fefb5b0000 | 0x7fefb5bffff | mapped_file | |
dui70.dll | 0x7fefb5c0000 | 0x7fefb6b1fff | mapped_file | |
wtsapi32.dll | 0x7fefb6c0000 | 0x7fefb6d0fff | mapped_file | |
hid.dll | 0x7fefb6e0000 | 0x7fefb6eafff | mapped_file | |
WindowsCodecs.dll | 0x7fefb6f0000 | 0x7fefb850fff | mapped_file | |
xmllite.dll | 0x7fefb860000 | 0x7fefb894fff | mapped_file | |
dwmapi.dll | 0x7fefb8a0000 | 0x7fefb8b7fff | mapped_file | |
MMDevAPI.dll | 0x7fefb8c0000 | 0x7fefb90afff | mapped_file | |
linkinfo.dll | 0x7fefb910000 | 0x7fefb91bfff | mapped_file | |
IconCodecService.dll | 0x7fefb920000 | 0x7fefb927fff | mapped_file | |
cscdll.dll | 0x7fefb930000 | 0x7fefb93bfff | mapped_file | |
duser.dll | 0x7fefb940000 | 0x7fefb982fff | mapped_file | |
cscobj.dll | 0x7fefba70000 | 0x7fefbaaefff | mapped_file | |
uxtheme.dll | 0x7fefbcd0000 | 0x7fefbd25fff | mapped_file | |
propsys.dll | 0x7fefbd30000 | 0x7fefbe5bfff | mapped_file | |
samlib.dll | 0x7fefbe60000 | 0x7fefbe7cfff | mapped_file | |
comctl32.dll | 0x7fefbe80000 | 0x7fefc073fff | mapped_file | |
EhStorShell.dll | 0x7fefc080000 | 0x7fefc0b4fff | mapped_file | |
mpr.dll | 0x7fefc190000 | 0x7fefc1a7fff | mapped_file | |
ntmarta.dll | 0x7fefc370000 | 0x7fefc39cfff | mapped_file | |
api-ms-win-downlevel-shell32-l1-1-0.dll | 0x7fefc3b0000 | 0x7fefc3b3fff | mapped_file | |
version.dll | 0x7fefc570000 | 0x7fefc57bfff | mapped_file | |
credssp.dll | 0x7fefc880000 | 0x7fefc889fff | mapped_file | |
rsaenh.dll | 0x7fefc980000 | 0x7fefc9c6fff | mapped_file | |
cryptsp.dll | 0x7fefcc80000 | 0x7fefcc96fff | mapped_file | |
wevtapi.dll | 0x7fefceb0000 | 0x7fefcf1cfff | mapped_file | |
srvcli.dll | 0x7fefd180000 | 0x7fefd1a2fff | mapped_file | |
secur32.dll | 0x7fefd220000 | 0x7fefd22afff | mapped_file | |
sspicli.dll | 0x7fefd250000 | 0x7fefd274fff | mapped_file | |
apphelp.dll | 0x7fefd280000 | 0x7fefd2d6fff | mapped_file | |
cryptbase.dll | 0x7fefd2e0000 | 0x7fefd2eefff | mapped_file | |
sxs.dll | 0x7fefd2f0000 | 0x7fefd380fff | mapped_file | |
winsta.dll | 0x7fefd390000 | 0x7fefd3ccfff | mapped_file | |
RpcRtRemote.dll | 0x7fefd3d0000 | 0x7fefd3e3fff | mapped_file | |
msasn1.dll | 0x7fefd480000 | 0x7fefd48efff | mapped_file | |
profapi.dll | 0x7fefd490000 | 0x7fefd49efff | mapped_file | |
cfgmgr32.dll | 0x7fefd4a0000 | 0x7fefd4d5fff | mapped_file | |
userenv.dll | 0x7fefd4e0000 | 0x7fefd4fdfff | mapped_file | |
api-ms-win-downlevel-normaliz-l1-1-0.dll | 0x7fefd500000 | 0x7fefd502fff | mapped_file | |
api-ms-win-downlevel-advapi32-l1-1-0.dll | 0x7fefd510000 | 0x7fefd514fff | mapped_file | |
devobj.dll | 0x7fefd520000 | 0x7fefd539fff | mapped_file | |
KernelBase.dll | 0x7fefd540000 | 0x7fefd5abfff | mapped_file | |
wintrust.dll | 0x7fefd5b0000 | 0x7fefd5e9fff | mapped_file | |
api-ms-win-downlevel-ole32-l1-1-0.dll | 0x7fefd5f0000 | 0x7fefd5f3fff | mapped_file | |
api-ms-win-downlevel-user32-l1-1-0.dll | 0x7fefd600000 | 0x7fefd603fff | mapped_file | |
crypt32.dll | 0x7fefd610000 | 0x7fefd77bfff | mapped_file | |
api-ms-win-downlevel-shlwapi-l1-1-0.dll | 0x7fefd820000 | 0x7fefd823fff | mapped_file | |
api-ms-win-downlevel-version-l1-1-0.dll | 0x7fefd830000 | 0x7fefd833fff | mapped_file | |
imm32.dll | 0x7fefd840000 | 0x7fefd86dfff | mapped_file | |
advapi32.dll | 0x7fefd870000 | 0x7fefd94afff | mapped_file | |
clbcatq.dll | 0x7fefd9d0000 | 0x7fefda68fff | mapped_file | |
gdi32.dll | 0x7fefda70000 | 0x7fefdad6fff | mapped_file | |
iertutil.dll | 0x7fefdae0000 | 0x7fefdd8afff | mapped_file | |
lpk.dll | 0x7fefdd90000 | 0x7fefdd9dfff | mapped_file | |
ws2_32.dll | 0x7fefdda0000 | 0x7fefddecfff | mapped_file | |
nsi.dll | 0x7fefddf0000 | 0x7fefddf7fff | mapped_file | |
wininet.dll | 0x7fefde00000 | 0x7fefe030fff | mapped_file | |
shlwapi.dll | 0x7fefe040000 | 0x7fefe0b0fff | mapped_file | |
Wldap32.dll | 0x7fefe0c0000 | 0x7fefe111fff | mapped_file | |
urlmon.dll | 0x7fefe120000 | 0x7fefe287fff | mapped_file | |
sechost.dll | 0x7fefe290000 | 0x7fefe2aefff | mapped_file | |
oleaut32.dll | 0x7fefe2b0000 | 0x7fefe386fff | mapped_file | |
setupapi.dll | 0x7fefe430000 | 0x7fefe606fff | mapped_file | |
msctf.dll | 0x7fefe610000 | 0x7fefe718fff | mapped_file | |
ole32.dll | 0x7fefe720000 | 0x7fefe922fff | mapped_file | |
shell32.dll | 0x7fefe930000 | 0x7feff6b7fff | mapped_file | |
usp10.dll | 0x7feff6c0000 | 0x7feff788fff | mapped_file | |
rpcrt4.dll | 0x7feff790000 | 0x7feff8bcfff | mapped_file | |
msvcrt.dll | 0x7feff8c0000 | 0x7feff95efff | mapped_file | |
apisetschema.dll | 0x7feff990000 | 0x7feff990fff | mapped_file | |
private_0x000007fffff80000 | 0x7fffff80000 | 0x7fffff81fff | private | |
private_0x000007fffff82000 | 0x7fffff82000 | 0x7fffff83fff | private | |
private_0x000007fffff84000 | 0x7fffff84000 | 0x7fffff85fff | private | |
private_0x000007fffff88000 | 0x7fffff88000 | 0x7fffff89fff | private | |
private_0x000007fffff8a000 | 0x7fffff8a000 | 0x7fffff8bfff | private | |
private_0x000007fffff8c000 | 0x7fffff8c000 | 0x7fffff8dfff | private | |
private_0x000007fffff8e000 | 0x7fffff8e000 | 0x7fffff8ffff | private | |
private_0x000007fffff90000 | 0x7fffff90000 | 0x7fffff91fff | private | |
private_0x000007fffff92000 | 0x7fffff92000 | 0x7fffff93fff | private | |
private_0x000007fffff94000 | 0x7fffff94000 | 0x7fffff95fff | private | |
private_0x000007fffff96000 | 0x7fffff96000 | 0x7fffff97fff | private | |
private_0x000007fffff98000 | 0x7fffff98000 | 0x7fffff99fff | private | |
private_0x000007fffff9a000 | 0x7fffff9a000 | 0x7fffff9bfff | private | |
private_0x000007fffff9c000 | 0x7fffff9c000 | 0x7fffff9dfff | private | |
private_0x000007fffff9e000 | 0x7fffff9e000 | 0x7fffff9ffff | private | |
private_0x000007fffffa0000 | 0x7fffffa0000 | 0x7fffffa1fff | private | |
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | private | |
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | private | |
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | private | |
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | private | |
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | private | |
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | private | |
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | private | |
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | pagefile_backed | |
private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd4fff | private | |
private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | private | |
private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | private | |
private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | private | |
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | private | |
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | private |
OS TIDs |
---|
0xac8, 0xa50, 0x910, 0x904, 0x8f8, 0x8f4, 0x8f0, 0x8ec, 0x8e0, 0x8d8, 0x8d4, 0x8d0, 0x8cc, 0x898, 0x894, 0x890, 0x88c, 0x884, 0x880, 0x87c, 0x878, 0x870, 0x86c, 0x868, 0x864, 0x858, 0x854, 0x850, 0x84c, 0x848, 0x844, 0x834 |
PID | Filename | MD5 | SHA1 |
---|---|---|---|
0xb6c | c:\windows\$ntuninstallq923283$\fdisk.sys | 921ad714e7fb01aaa8e9b960544e0d36 | 9e327408fedb128b5717cf0f0093756132624951 |
0xb6c | c:\windows\$ntuninstallq923283$\usbehub.sys | eaea9ccb40c82af8f3867cd0f4dd5e9d | 7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c |
0xb6c | c:\windows\$ntuninstallq923283$\pxinsi64.exe | f156ff2a1694f479a079f6777f0c5af0 | 1f55bdf960d70c0571e171c2c75701998552dc43 |