VMRay Analyzer Report
Localhost
Logfile Output
X
Occurrences
Sample Information
ID#4357
MD5 hash value089c5446291c9145ad8ac6c1cdfe4928
SHA1 hash value1f206ea64fb3ccbe0cd7ff7972bef2592bb30c84
File name089c5446291c9145ad8ac6c1cdfe4928.exe
File size521216
File typePE32 (gui)
Analysis Information
Creation Time2014-09-18 14:40 (UTC+2)
Execution successfulTrue
Prescript-
Commandline parameters-
Number of processes43
Termination reasonTimeout
Analyzer and Guest Information
Analyzer Version1.1.0
Analyzer Build Date2014-09-18 12:58
Guest Architecturex86 64-bit
Guest OSWindows NT based
Kernel Version6.1.7601.18409 (bf9e1903-5978-4c2d-8796-cf5537b238b4)
Analysis Hints
Information
Data may be missing due to evasive loop detection
Boot sector was modified
Kernel code was executed
Analysis Files
Archive Binary Log Function Log Generic Log PCAP
Screenshots
ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot
Processes
ID PID Monitor Reason CMD Line Origin PID
#10xb50analysis_target"C:\Users\user\Desktop\089c5446291c9145ad8ac6c1cdfe4928.exe" -
#20x830injectionC:\Windows\Explorer.EXE0xb50
#30x460child_process"C:\Windows\system32\sysprep\sysprep.exe" 0x830
#40x7d4child_process"C:\Windows\system32\sysprep\sysprep.exe" 0x830
#50x4kernel_analysis--
#60xfcchild_process\SystemRoot\System32\smss.exe0x4
#70x108child_process\??\C:\Windows\system32\autochk.exe *0xfc
#80x148child_process\SystemRoot\System32\smss.exe 00000000 0000003c 0xfc
#90x150child_process%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=160x148
#100x16cchild_process\SystemRoot\System32\smss.exe 00000001 0000003c 0xfc
#110x174child_processwininit.exe0x148
#120x180child_process%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=160x16c
#130x198child_processwinlogon.exe0x16c
#140x1c0child_processC:\Windows\system32\services.exe0x174
#150x1c8child_processC:\Windows\system32\lsass.exe0x174
#160x1d0child_processC:\Windows\system32\lsm.exe0x174
#170x24cchild_processC:\Windows\system32\svchost.exe -k DcomLaunch0x1c0
#180x290child_processC:\Windows\system32\svchost.exe -k RPCSS0x1c0
#190x2c0child_processC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted0x1c0
#200x304child_process"LogonUI.exe" /flags:0x00x198
#210x344child_processC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted0x1c0
#220x370child_processC:\Windows\system32\svchost.exe -k LocalService0x1c0
#230x398child_processC:\Windows\system32\svchost.exe -k netsvcs0x1c0
#240x3e0child_processC:\Windows\system32\svchost.exe -k GPSvcGroup0x1c0
#250x210child_processC:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}0x24c
#260x390child_process"C:\Windows\system32\slui.exe"0x198
#270x1b8child_process"C:\Windows\system32\Dwm.exe"0x344
#280x428child_processC:\Windows\system32\svchost.exe -k NetworkService0x1c0
#290x490child_processC:\Windows\System32\spoolsv.exe0x1c0
#300x4b0child_process"taskhost.exe"0x1c0
#310x4c4child_processC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork0x1c0
#320x570child_processC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation0x1c0
#330x6f4child_processC:\Windows\system32\sppsvc.exe0x1c0
#340x73cchild_processC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted0x1c0
#350x7b4child_processC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding0x24c
#360x410child_processtaskhost.exe SYSTEM0x1c0
#370x468child_processC:\Windows\System32\slui.exe -Embedding0x24c
#380x540child_processC:\Windows\system32\userinit.exe0x198
#390x320child_processC:\Windows\Explorer.EXE0x540
#400x5b0child_processC:\Windows\system32\SearchIndexer.exe /Embedding0x1c0
#410x824child_process"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-272637189-1204002015-1709914517-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-272637189-1204002015-1709914517-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"0x5b0
#420x838child_process"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516 0x5b0
#430x878child_process"taskhost.exe"0x1c0
Process Graph
Process Graph
Process Information
ID#1
OS PID0xb50
OS Parent PID0x830
Image Name089c5446291c9145ad8ac6c1cdfe4928.exe
Page Root0x79d9e000
Monitor Reasonanalysis_target
Unmonitor Reasonself_terminated
CMD Line"C:\Users\user\Desktop\089c5446291c9145ad8ac6c1cdfe4928.exe"
Current DirectoryC:\Users\user\Desktop\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
private_0x00000000000200000x000200000x00020fffprivateTrue
private_0x00000000000300000x000300000x00031fffprivateTrue
private_0x00000000000300000x000300000x00030fffprivateTrue
apisetschema.dll0x000400000x00040fffmapped_fileFalse
pagefile_0x00000000000500000x000500000x00053fffpagefile_backedTrue
private_0x00000000000600000x000600000x00060fffprivateTrue
locale.nls0x000700000x000d6fffmapped_fileFalse
private_0x00000000000e00000x000e00000x0011ffffprivateTrue
private_0x00000000001400000x001400000x0023ffffprivateTrue
kernel32.dll.mui0x002400000x002fffffmapped_fileFalse
private_0x00000000003400000x003400000x0034ffffprivateTrue
private_0x00000000003500000x003500000x003cffffprivateTrue
private_0x00000000004000000x004000000x0047ffffprivateTrue
pagefile_0x00000000004800000x004800000x00607fffpagefile_backedTrue
private_0x00000000006400000x006400000x0073ffffprivateTrue
pagefile_0x00000000007400000x007400000x008c0fffpagefile_backedTrue
private_0x00000000009800000x009800000x009fffffprivateTrue
089c5446291c9145ad8ac6c1cdfe4928.exe0x012b00000x01332fffmapped_fileTrue
pagefile_0x00000000013400000x013400000x0273ffffpagefile_backedTrue
wow64cpu.dll0x742700000x74277fffmapped_fileFalse
wow64win.dll0x742800000x742dbfffmapped_fileFalse
wow64.dll0x742e00000x7431efffmapped_fileFalse
cryptbase.dll0x752400000x7524bfffmapped_fileFalse
sspicli.dll0x752500000x752affffmapped_fileFalse
imm32.dll0x752e00000x7533ffffmapped_fileFalse
imagehlp.dll0x753d00000x753fafffmapped_fileFalse
user32.dll0x754f00000x755effffmapped_fileFalse
kernel32.dll0x755f00000x756fffffmapped_fileFalse
msvcrt.dll0x758300000x758dbfffmapped_fileFalse
psapi.dll0x758e00000x758e4fffmapped_fileFalse
advapi32.dll0x758f00000x7598ffffmapped_fileFalse
msctf.dll0x759900000x75a5bfffmapped_fileFalse
ole32.dll0x75a700000x75bcbfffmapped_fileFalse
sechost.dll0x75f900000x75fa8fffmapped_fileFalse
shlwapi.dll0x75fb00000x76006fffmapped_fileFalse
shell32.dll0x762800000x76ec9fffmapped_fileFalse
usp10.dll0x770a00000x7713cfffmapped_fileFalse
KernelBase.dll0x771400000x77186fffmapped_fileFalse
lpk.dll0x771900000x77199fffmapped_fileFalse
gdi32.dll0x771a00000x7722ffffmapped_fileFalse
rpcrt4.dll0x773600000x7744ffffmapped_fileFalse
private_0x00000000774500000x774500000x77549fffprivateTrue
private_0x00000000775500000x775500000x7766efffprivateTrue
ntdll.dll0x776700000x77818fffmapped_fileFalse
ntdll.dll0x778500000x779cffffmapped_fileFalse
pagefile_0x000000007efb00000x7efb00000x7efd2fffpagefile_backedTrue
private_0x000000007efdb0000x7efdb0000x7efddfffprivateTrue
private_0x000000007efde0000x7efde0000x7efdefffprivateTrue
private_0x000000007efdf0000x7efdf0000x7efdffffprivateTrue
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
private_0x000000007fff00000x7fff00000x7fffffeffffprivateTrue
OS TIDs
0xb54
ID#2
OS PID0x830
OS Parent PID0xffffffffffffffff
Image Nameexplorer.exe
Page Root0x110ef000
Monitor Reasoninjection
Unmonitor Reasonself_terminated
CMD LineC:\Windows\Explorer.EXE
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
pagefile_0x00000000000200000x000200000x00021fffpagefile_backedTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00041fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
explorer.exe.mui0x000d00000x000d5fffmapped_fileFalse
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
private_0x00000000000f00000x000f00000x0016ffffprivateTrue
private_0x00000000001700000x001700000x00170fffprivateTrue
setupapi.dll.mui0x001800000x0018cfffmapped_fileFalse
private_0x00000000001900000x001900000x0028ffffprivateTrue
private_0x00000000002900000x002900000x002cffffprivateTrue
pagefile_0x00000000002d00000x002d00000x002d0fffpagefile_backedTrue
pagefile_0x00000000002e00000x002e00000x002e1fffpagefile_backedTrue
pagefile_0x00000000002f00000x002f00000x002f0fffpagefile_backedTrue
pagefile_0x00000000003000000x003000000x00301fffpagefile_backedTrue
pagefile_0x00000000003100000x003100000x00310fffpagefile_backedTrue
pagefile_0x00000000003200000x003200000x00321fffpagefile_backedTrue
pagefile_0x00000000003300000x003300000x00331fffpagefile_backedTrue
private_0x00000000003400000x003400000x00340fffprivateTrue
private_0x00000000003500000x003500000x0035ffffprivateTrue
private_0x00000000003600000x003600000x0045ffffprivateTrue
pagefile_0x00000000004600000x004600000x005e7fffpagefile_backedTrue
pagefile_0x00000000005f00000x005f00000x00770fffpagefile_backedTrue
pagefile_0x00000000007800000x007800000x01b7ffffpagefile_backedTrue
pagefile_0x0000000001b800000x01b800000x01b8ffffpagefile_backedTrue
pagefile_0x0000000001b900000x01b900000x01b9ffffpagefile_backedTrue
pagefile_0x0000000001ba00000x01ba00000x01baffffpagefile_backedTrue
pagefile_0x0000000001bb00000x01bb00000x01bb1fffpagefile_backedTrue
private_0x0000000001bc00000x01bc00000x01c01fffprivateTrue
msctf.dll.mui0x01c100000x01c10fffmapped_fileFalse
comctl32.dll.mui0x01c200000x01c22fffmapped_fileFalse
private_0x0000000001c300000x01c300000x01c30fffprivateTrue
private_0x0000000001c400000x01c400000x01cbffffprivateTrue
pagefile_0x0000000001cc00000x01cc00000x01d9efffpagefile_backedTrue
shell32.dll.mui0x01da00000x01dfbfffmapped_fileFalse
private_0x0000000001e000000x01e000000x01e2dfffprivateTrue
private_0x0000000001e300000x01e300000x01eaffffprivateTrue
private_0x0000000001eb00000x01eb00000x01eb0fffprivateTrue
private_0x0000000001ec00000x01ec00000x01ec8fffprivateTrue
private_0x0000000001ed00000x01ed00000x01f4ffffprivateTrue
SortDefault.nls0x01f500000x0221efffmapped_fileFalse
private_0x00000000022200000x022200000x02327fffprivateTrue
private_0x00000000023300000x023300000x02389fffprivateTrue
private_0x00000000023900000x023900000x023d1fffprivateTrue
private_0x00000000023e00000x023e00000x024dffffprivateTrue
private_0x00000000024e00000x024e00000x024e7fffprivateTrue
{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000026.db0x024f00000x02516fffmapped_fileTrue
pagefile_0x00000000025200000x025200000x02520fffpagefile_backedTrue
cversions.2.db0x025300000x02533fffmapped_fileTrue
{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000013.db0x025400000x0256ffffmapped_fileTrue
private_0x00000000025700000x025700000x025effffprivateTrue
private_0x00000000025f00000x025f00000x027effffprivateTrue
private_0x00000000027f00000x027f00000x0286ffffprivateTrue
cversions.2.db0x028700000x02873fffmapped_fileTrue
pagefile_0x00000000028800000x028800000x02881fffpagefile_backedTrue
msutb.dll.mui0x028900000x02891fffmapped_fileFalse
private_0x00000000028a00000x028a00000x028a0fffprivateTrue
private_0x00000000028b00000x028b00000x028b0fffprivateTrue
private_0x00000000028c00000x028c00000x0293ffffprivateTrue
private_0x00000000029400000x029400000x029bffffprivateTrue
private_0x00000000029c00000x029c00000x02abffffprivateTrue
explorerframe.dll.mui0x02ac00000x02ac4fffmapped_fileFalse
private_0x0000000002ad00000x02ad00000x02ad0fffprivateTrue
private_0x0000000002ae00000x02ae00000x02ae3fffprivateTrue
private_0x0000000002af00000x02af00000x02af3fffprivateTrue
private_0x0000000002b000000x02b000000x02b7ffffprivateTrue
StaticCache.dat0x02b800000x034affffmapped_fileFalse
pagefile_0x00000000034b00000x034b00000x034b0fffpagefile_backedTrue
private_0x00000000034c00000x034c00000x034c0fffprivateTrue
private_0x00000000034d00000x034d00000x034d0fffprivateTrue
pagefile_0x00000000034e00000x034e00000x034e1fffpagefile_backedTrue
pagefile_0x00000000034f00000x034f00000x034f1fffpagefile_backedTrue
authui.dll.mui0x035000000x03506fffmapped_fileFalse
pagefile_0x00000000035100000x035100000x03510fffpagefile_backedTrue
private_0x00000000035200000x035200000x03520fffprivateTrue
private_0x00000000035300000x035300000x03530fffprivateTrue
private_0x00000000035400000x035400000x03540fffprivateTrue
private_0x00000000035500000x035500000x03550fffprivateTrue
private_0x00000000035600000x035600000x03560fffprivateTrue
private_0x00000000035700000x035700000x03570fffprivateTrue
{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db0x035800000x035e5fffmapped_fileTrue
private_0x00000000035f00000x035f00000x035f0fffprivateTrue
private_0x00000000036000000x036000000x03600fffprivateTrue
private_0x00000000036100000x036100000x03610fffprivateTrue
private_0x00000000036200000x036200000x03620fffprivateTrue
private_0x00000000036300000x036300000x036affffprivateTrue
private_0x00000000036b00000x036b00000x036b0fffprivateTrue
private_0x00000000036c00000x036c00000x036c0fffprivateTrue
private_0x00000000036d00000x036d00000x036d0fffprivateTrue
private_0x00000000036e00000x036e00000x036e0fffprivateTrue
private_0x00000000036f00000x036f00000x036f0fffprivateTrue
private_0x00000000037000000x037000000x03720fffprivateTrue
propsys.dll.mui0x037300000x0373dfffmapped_fileFalse
private_0x00000000037400000x037400000x037bffffprivateTrue
private_0x00000000037c00000x037c00000x0383ffffprivateTrue
pagefile_0x00000000038400000x038400000x03840fffpagefile_backedTrue
private_0x00000000038500000x038500000x03850fffprivateTrue
private_0x00000000038600000x038600000x03860fffprivateTrue
private_0x00000000038700000x038700000x038effffprivateTrue
pagefile_0x00000000038f00000x038f00000x038f1fffpagefile_backedTrue
cversions.2.db0x039000000x03903fffmapped_fileTrue
{80CEF694-92F9-4BDC-B349-951A4243108B}.2.ver0x0000000000000001.db0x039100000x03910fffmapped_fileTrue
private_0x00000000039200000x039200000x03923fffprivateTrue
private_0x00000000039300000x039300000x03932fffprivateTrue
private_0x00000000039400000x039400000x039bffffprivateTrue
private_0x00000000039c00000x039c00000x03a07fffprivateTrue
thumbcache_32.db0x03a100000x03b0ffffmapped_fileTrue
thumbcache_1024.db0x03b100000x03b10fffmapped_fileTrue
thumbcache_sr.db0x03b200000x03b20fffmapped_fileTrue
thumbcache_idx.db0x03b300000x03b33fffmapped_fileTrue
stobject.dll.mui0x03b400000x03b41fffmapped_fileFalse
private_0x0000000003b500000x03b500000x03bcffffprivateTrue
private_0x0000000003bd00000x03bd00000x03c1ffffprivateTrue
pagefile_0x0000000003c200000x03c200000x03c21fffpagefile_backedTrue
private_0x0000000003c300000x03c300000x03caffffprivateTrue
cversions.2.db0x03cb00000x03cb3fffmapped_fileTrue
pagefile_0x0000000003cc00000x03cc00000x03cc1fffpagefile_backedTrue
private_0x0000000003cd00000x03cd00000x03cd0fffprivateTrue
private_0x0000000003ce00000x03ce00000x03d5ffffprivateTrue
private_0x0000000003d600000x03d600000x03f5ffffprivateTrue
sndvolsso.dll.mui0x03f600000x03f60fffmapped_fileFalse
AltTab.dll.mui0x03f700000x03f70fffmapped_fileFalse
pnidui.dll.mui0x03f800000x03f84fffmapped_fileFalse
private_0x0000000003f900000x03f900000x0400ffffprivateTrue
pagefile_0x00000000040100000x040100000x04011fffpagefile_backedTrue
private_0x00000000040200000x040200000x0409ffffprivateTrue
thumbcache_96.db0x040a00000x0419ffffmapped_fileTrue
thumbcache_256.db0x041a00000x0429ffffmapped_fileTrue
KernelBase.dll.mui0x042a00000x0435ffffmapped_fileFalse
private_0x00000000043600000x043600000x043dffffprivateTrue
pagefile_0x00000000043e00000x043e00000x043e1fffpagefile_backedTrue
pagefile_0x00000000043f00000x043f00000x043f1fffpagefile_backedTrue
pagefile_0x00000000044000000x044000000x04401fffpagefile_backedTrue
private_0x00000000044100000x044100000x0448ffffprivateTrue
imageres.dll0x044900000x057e4fffmapped_fileFalse
private_0x00000000057f00000x057f00000x0586ffffprivateTrue
bthprops.cpl.mui0x058700000x05876fffmapped_fileFalse
pagefile_0x00000000058800000x058800000x05881fffpagefile_backedTrue
pagefile_0x00000000058900000x058900000x05891fffpagefile_backedTrue
pagefile_0x00000000058a00000x058a00000x058a1fffpagefile_backedTrue
private_0x00000000058b00000x058b00000x058b0fffprivateTrue
private_0x00000000058c00000x058c00000x0593ffffprivateTrue
FXSRESM.dll.mui0x059400000x05968fffmapped_fileFalse
private_0x00000000059700000x059700000x0597ffffprivateTrue
pagefile_0x00000000059800000x059800000x05981fffpagefile_backedTrue
private_0x00000000059900000x059900000x05990fffprivateTrue
private_0x00000000059a00000x059a00000x05a1ffffprivateTrue
thumbcache_256.db0x05a200000x05a3ffffmapped_fileTrue
private_0x0000000005a400000x05a400000x05a40fffprivateTrue
pagefile_0x0000000005a500000x05a500000x05a57fffpagefile_backedTrue
private_0x0000000005a600000x05a600000x05adffffprivateTrue
pagefile_0x0000000005ae00000x05ae00000x05ae0fffpagefile_backedTrue
thumbcache_1024.db0x05af00000x05af0fffmapped_fileTrue
private_0x0000000005b000000x05b000000x05b7ffffprivateTrue
thumbcache_sr.db0x05b800000x05b80fffmapped_fileTrue
private_0x0000000005b900000x05b900000x05c0ffffprivateTrue
thumbcache_idx.db0x05c100000x05c13fffmapped_fileTrue
private_0x0000000005c200000x05c200000x05c9ffffprivateTrue
thumbcache_1024.db0x05ca00000x05ca0fffmapped_fileTrue
thumbcache_sr.db0x05cb00000x05cb0fffmapped_fileTrue
thumbcache_idx.db0x05cc00000x05cc3fffmapped_fileTrue
thumbcache_256.db0x05cd00000x05ceffffmapped_fileTrue
private_0x0000000005cf00000x05cf00000x05cf0fffprivateTrue
private_0x0000000005d000000x05d000000x05d00fffprivateTrue
private_0x0000000005d100000x05d100000x05d1ffffprivateTrue
pagefile_0x0000000005d200000x05d200000x05d20fffpagefile_backedTrue
pagefile_0x0000000005d300000x05d300000x05d30fffpagefile_backedTrue
private_0x0000000005d700000x05d700000x05deffffprivateTrue
private_0x0000000005e300000x05e300000x05eaffffprivateTrue
private_0x0000000005f000000x05f000000x05f0ffffprivateTrue
pagefile_0x0000000005f100000x05f100000x05f71fffpagefile_backedTrue
private_0x0000000005f800000x05f800000x05ffffffprivateTrue
thumbcache_32.db0x060000000x060fffffmapped_fileTrue
private_0x00000000061000000x061000000x0617ffffprivateTrue
thumbcache_96.db0x061800000x0627ffffmapped_fileTrue
private_0x00000000062f00000x062f00000x0636ffffprivateTrue
private_0x00000000063700000x063700000x0646ffffprivateTrue
thumbcache_256.db0x064700000x0656ffffmapped_fileTrue
private_0x00000000065700000x065700000x065effffprivateTrue
private_0x00000000065a00000x065a00000x0661ffffprivateTrue
private_0x00000000066300000x066300000x066affffprivateTrue
private_0x00000000068100000x068100000x0688ffffprivateTrue
thumbcache_32.db0x068900000x0698ffffmapped_fileTrue
thumbcache_96.db0x069900000x06a8ffffmapped_fileTrue
thumbcache_256.db0x06a900000x06b8ffffmapped_fileTrue
private_0x0000000006ba00000x06ba00000x06c1ffffprivateTrue
private_0x0000000006d400000x06d400000x06dbffffprivateTrue
sfc.dll0x73ec00000x73ec2fffmapped_fileFalse
FXSRESM.dll0x743200000x74402fffmapped_fileFalse
ksuser.dll0x744100000x74415fffmapped_fileFalse
user32.dll0x774500000x77549fffmapped_fileFalse
kernel32.dll0x775500000x7766efffmapped_fileFalse
ntdll.dll0x776700000x77818fffmapped_fileFalse
ntdll.dll0x776700000x77818fffmapped_fileFalse
normaliz.dll0x778300000x77832fffmapped_fileFalse
psapi.dll0x778400000x77846fffmapped_fileFalse
pagefile_0x000000007efe00000x7efe00000x7f0dffffpagefile_backedTrue
private_0x000000007f0e00000x7f0e00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
explorer.exe0xffa000000xffcbffffmapped_fileFalse
comsvcs.dll0x7fef3d700000x7fef3f1ffffmapped_fileFalse
FXSAPI.dll0x7fef3fd00000x7fef406cfffmapped_fileFalse
FXSST.dll0x7fef40700000x7fef4146fffmapped_fileFalse
provsvc.dll0x7fef41800000x7fef41b0fffmapped_fileFalse
hgcpl.dll0x7fef41c00000x7fef4214fffmapped_fileFalse
imapi2.dll0x7fef42200000x7fef429efffmapped_fileFalse
ActionCenter.dll0x7fef42a00000x7fef4361fffmapped_fileFalse
SyncCenter.dll0x7fef43700000x7fef459afffmapped_fileFalse
bthprops.cpl0x7fef45a00000x7fef4654fffmapped_fileFalse
srchadmin.dll0x7fef46600000x7fef46b7fffmapped_fileFalse
QAGENT.DLL0x7fef46c00000x7fef4704fffmapped_fileFalse
WWanAPI.dll0x7fef47100000x7fef476dfffmapped_fileFalse
wlanapi.dll0x7fef47700000x7fef478ffffmapped_fileFalse
pnidui.dll0x7fef49a00000x7fef4b5cfffmapped_fileFalse
netshell.dll0x7fef4b600000x7fef4deafffmapped_fileFalse
DXP.dll0x7fef4df00000x7fef4e63fffmapped_fileFalse
prnfldr.dll0x7fef4e700000x7fef4ed8fffmapped_fileFalse
batmeter.dll0x7fef4ee00000x7fef4f99fffmapped_fileFalse
stobject.dll0x7fef4fa00000x7fef4fe2fffmapped_fileFalse
networkexplorer.dll0x7fef4ff00000x7fef518bfffmapped_fileFalse
cryptui.dll0x7fef51900000x7fef5298fffmapped_fileFalse
authui.dll0x7fef52a00000x7fef547dfffmapped_fileFalse
gameux.dll0x7fef54800000x7fef5722fffmapped_fileFalse
GdiPlus.dll0x7fef57300000x7fef5945fffmapped_fileFalse
ieframe.dll0x7fef63400000x7fef7031fffmapped_fileFalse
cscapi.dll0x7fef74f00000x7fef74fefffmapped_fileFalse
winmm.dll0x7fef79900000x7fef79cafffmapped_fileFalse
api-ms-win-downlevel-advapi32-l2-1-0.dll0x7fef7c500000x7fef7c53fffmapped_fileFalse
winspool.drv0x7fef7d000000x7fef7d70fffmapped_fileFalse
actxprxy.dll0x7fef7dc00000x7fef7eadfffmapped_fileFalse
wer.dll0x7fef87c00000x7fef883bfffmapped_fileFalse
npmproxy.dll0x7fef89200000x7fef892bfffmapped_fileFalse
netprofm.dll0x7fef8b800000x7fef8bf3fffmapped_fileFalse
sfc_os.dll0x7fef97400000x7fef974ffffmapped_fileFalse
msutb.dll0x7fef9ef00000x7fef9f2cfffmapped_fileFalse
ExplorerFrame.dll0x7fefa0000000x7fefa1c9fffmapped_fileFalse
webio.dll0x7fefa3700000x7fefa3d3fffmapped_fileFalse
winhttp.dll0x7fefa3e00000x7fefa450fffmapped_fileFalse
wdmaud.drv0x7fefa4c00000x7fefa4fafffmapped_fileFalse
UIAnimation.dll0x7fefa5000000x7fefa539fffmapped_fileFalse
msftedit.dll0x7fefa5400000x7fefa605fffmapped_fileFalse
QUTIL.DLL0x7fefa6900000x7fefa6aefffmapped_fileFalse
tiptsf.dll0x7fefa6b00000x7fefa72efffmapped_fileFalse
mssprxy.dll0x7fefa7300000x7fefa74cfffmapped_fileFalse
wwapi.dll0x7fefa8800000x7fefa88cfffmapped_fileFalse
wlanutil.dll0x7fefa8a00000x7fefa8a6fffmapped_fileFalse
Syncreg.dll0x7fefa8b00000x7fefa8c5fffmapped_fileFalse
msls31.dll0x7fefa8d00000x7fefa911fffmapped_fileFalse
dhcpcsvc.dll0x7fefaa100000x7fefaa27fffmapped_fileFalse
dhcpcsvc6.dll0x7fefaa300000x7fefaa40fffmapped_fileFalse
winnsi.dll0x7fefabc00000x7fefabcafffmapped_fileFalse
IPHLPAPI.DLL0x7fefabd00000x7fefabf6fffmapped_fileFalse
es.dll0x7fefac400000x7fefaca6fffmapped_fileFalse
atl.dll0x7fefacc00000x7fefacd8fffmapped_fileFalse
slc.dll0x7fefad200000x7fefad2afffmapped_fileFalse
nlaapi.dll0x7fefad400000x7fefad54fffmapped_fileFalse
avrt.dll0x7fefb1d00000x7fefb1d8fffmapped_fileFalse
powrprof.dll0x7fefb1e00000x7fefb20bfffmapped_fileFalse
thumbcache.dll0x7fefb2c00000x7fefb2defffmapped_fileFalse
shdocvw.dll0x7fefb2e00000x7fefb313fffmapped_fileFalse
timedate.cpl0x7fefb3200000x7fefb3a2fffmapped_fileFalse
SndVolSSO.dll0x7fefb3b00000x7fefb3eafffmapped_fileFalse
shacct.dll0x7fefb4100000x7fefb433fffmapped_fileFalse
ntshrui.dll0x7fefb4400000x7fefb4bffffmapped_fileFalse
cscui.dll0x7fefb4c00000x7fefb53dfffmapped_fileFalse
samcli.dll0x7fefb5400000x7fefb553fffmapped_fileFalse
wkscli.dll0x7fefb5600000x7fefb574fffmapped_fileFalse
netutils.dll0x7fefb5800000x7fefb58bfffmapped_fileFalse
AltTab.dll0x7fefb5b00000x7fefb5bffffmapped_fileFalse
dui70.dll0x7fefb5c00000x7fefb6b1fffmapped_fileFalse
wtsapi32.dll0x7fefb6c00000x7fefb6d0fffmapped_fileFalse
hid.dll0x7fefb6e00000x7fefb6eafffmapped_fileFalse
WindowsCodecs.dll0x7fefb6f00000x7fefb850fffmapped_fileFalse
xmllite.dll0x7fefb8600000x7fefb894fffmapped_fileFalse
dwmapi.dll0x7fefb8a00000x7fefb8b7fffmapped_fileFalse
MMDevAPI.dll0x7fefb8c00000x7fefb90afffmapped_fileFalse
linkinfo.dll0x7fefb9100000x7fefb91bfffmapped_fileFalse
IconCodecService.dll0x7fefb9200000x7fefb927fffmapped_fileFalse
cscdll.dll0x7fefb9300000x7fefb93bfffmapped_fileFalse
duser.dll0x7fefb9400000x7fefb982fffmapped_fileFalse
cscobj.dll0x7fefba700000x7fefbaaefffmapped_fileFalse
uxtheme.dll0x7fefbcd00000x7fefbd25fffmapped_fileFalse
propsys.dll0x7fefbd300000x7fefbe5bfffmapped_fileFalse
samlib.dll0x7fefbe600000x7fefbe7cfffmapped_fileFalse
comctl32.dll0x7fefbe800000x7fefc073fffmapped_fileFalse
EhStorShell.dll0x7fefc0800000x7fefc0b4fffmapped_fileFalse
mpr.dll0x7fefc1900000x7fefc1a7fffmapped_fileFalse
ntmarta.dll0x7fefc3700000x7fefc39cfffmapped_fileFalse
api-ms-win-downlevel-shell32-l1-1-0.dll0x7fefc3b00000x7fefc3b3fffmapped_fileFalse
version.dll0x7fefc5700000x7fefc57bfffmapped_fileFalse
credssp.dll0x7fefc8800000x7fefc889fffmapped_fileFalse
rsaenh.dll0x7fefc9800000x7fefc9c6fffmapped_fileFalse
cryptsp.dll0x7fefcc800000x7fefcc96fffmapped_fileFalse
wevtapi.dll0x7fefceb00000x7fefcf1cfffmapped_fileFalse
srvcli.dll0x7fefd1800000x7fefd1a2fffmapped_fileFalse
secur32.dll0x7fefd2200000x7fefd22afffmapped_fileFalse
sspicli.dll0x7fefd2500000x7fefd274fffmapped_fileFalse
apphelp.dll0x7fefd2800000x7fefd2d6fffmapped_fileFalse
cryptbase.dll0x7fefd2e00000x7fefd2eefffmapped_fileFalse
sxs.dll0x7fefd2f00000x7fefd380fffmapped_fileFalse
winsta.dll0x7fefd3900000x7fefd3ccfffmapped_fileFalse
RpcRtRemote.dll0x7fefd3d00000x7fefd3e3fffmapped_fileFalse
msasn1.dll0x7fefd4800000x7fefd48efffmapped_fileFalse
profapi.dll0x7fefd4900000x7fefd49efffmapped_fileFalse
cfgmgr32.dll0x7fefd4a00000x7fefd4d5fffmapped_fileFalse
userenv.dll0x7fefd4e00000x7fefd4fdfffmapped_fileFalse
api-ms-win-downlevel-normaliz-l1-1-0.dll0x7fefd5000000x7fefd502fffmapped_fileFalse
api-ms-win-downlevel-advapi32-l1-1-0.dll0x7fefd5100000x7fefd514fffmapped_fileFalse
devobj.dll0x7fefd5200000x7fefd539fffmapped_fileFalse
KernelBase.dll0x7fefd5400000x7fefd5abfffmapped_fileFalse
wintrust.dll0x7fefd5b00000x7fefd5e9fffmapped_fileFalse
api-ms-win-downlevel-ole32-l1-1-0.dll0x7fefd5f00000x7fefd5f3fffmapped_fileFalse
api-ms-win-downlevel-user32-l1-1-0.dll0x7fefd6000000x7fefd603fffmapped_fileFalse
crypt32.dll0x7fefd6100000x7fefd77bfffmapped_fileFalse
api-ms-win-downlevel-shlwapi-l1-1-0.dll0x7fefd8200000x7fefd823fffmapped_fileFalse
api-ms-win-downlevel-version-l1-1-0.dll0x7fefd8300000x7fefd833fffmapped_fileFalse
imm32.dll0x7fefd8400000x7fefd86dfffmapped_fileFalse
advapi32.dll0x7fefd8700000x7fefd94afffmapped_fileFalse
clbcatq.dll0x7fefd9d00000x7fefda68fffmapped_fileFalse
gdi32.dll0x7fefda700000x7fefdad6fffmapped_fileFalse
iertutil.dll0x7fefdae00000x7fefdd8afffmapped_fileFalse
lpk.dll0x7fefdd900000x7fefdd9dfffmapped_fileFalse
ws2_32.dll0x7fefdda00000x7fefddecfffmapped_fileFalse
nsi.dll0x7fefddf00000x7fefddf7fffmapped_fileFalse
wininet.dll0x7fefde000000x7fefe030fffmapped_fileFalse
shlwapi.dll0x7fefe0400000x7fefe0b0fffmapped_fileFalse
Wldap32.dll0x7fefe0c00000x7fefe111fffmapped_fileFalse
urlmon.dll0x7fefe1200000x7fefe287fffmapped_fileFalse
sechost.dll0x7fefe2900000x7fefe2aefffmapped_fileFalse
oleaut32.dll0x7fefe2b00000x7fefe386fffmapped_fileFalse
setupapi.dll0x7fefe4300000x7fefe606fffmapped_fileFalse
msctf.dll0x7fefe6100000x7fefe718fffmapped_fileFalse
ole32.dll0x7fefe7200000x7fefe922fffmapped_fileFalse
shell32.dll0x7fefe9300000x7feff6b7fffmapped_fileFalse
usp10.dll0x7feff6c00000x7feff788fffmapped_fileFalse
rpcrt4.dll0x7feff7900000x7feff8bcfffmapped_fileFalse
msvcrt.dll0x7feff8c00000x7feff95efffmapped_fileFalse
imagehlp.dll0x7feff9600000x7feff978fffmapped_fileFalse
apisetschema.dll0x7feff9900000x7feff990fffmapped_fileFalse
private_0x000007fffff7c0000x7fffff7c0000x7fffff7dfffprivateTrue
private_0x000007fffff800000x7fffff800000x7fffff81fffprivateTrue
private_0x000007fffff820000x7fffff820000x7fffff83fffprivateTrue
private_0x000007fffff840000x7fffff840000x7fffff85fffprivateTrue
private_0x000007fffff860000x7fffff860000x7fffff87fffprivateTrue
private_0x000007fffff880000x7fffff880000x7fffff89fffprivateTrue
private_0x000007fffff880000x7fffff880000x7fffff89fffprivateTrue
private_0x000007fffff8a0000x7fffff8a0000x7fffff8bfffprivateTrue
private_0x000007fffff8c0000x7fffff8c0000x7fffff8dfffprivateTrue
private_0x000007fffff8e0000x7fffff8e0000x7fffff8ffffprivateTrue
private_0x000007fffff900000x7fffff900000x7fffff91fffprivateTrue
private_0x000007fffff920000x7fffff920000x7fffff93fffprivateTrue
private_0x000007fffff940000x7fffff940000x7fffff95fffprivateTrue
private_0x000007fffff960000x7fffff960000x7fffff97fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9c0000x7fffff9c0000x7fffff9dfffprivateTrue
private_0x000007fffff9e0000x7fffff9e0000x7fffff9ffffprivateTrue
private_0x000007fffffa00000x7fffffa00000x7fffffa1fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd4fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0xacc, 0xa58, 0x910, 0x904, 0x8f8, 0x8f4, 0x8f0, 0x8ec, 0x8e0, 0x8d8, 0x8d4, 0x8d0, 0x8cc, 0x898, 0x894, 0x890, 0x88c, 0x884, 0x880, 0x87c, 0x878, 0x870, 0x86c, 0x868, 0x864, 0x858, 0x854, 0x850, 0x84c, 0x848, 0x844, 0x834, 0xb68, 0xb74, 0x448
Filename MD5 SHA1
c:\users\user\appdata\local\temp\2625.tmp d41d8cd98f00b204e9800998ecf8427eda39a3ee5e6b4b0d3255bfef95601890afd80709
c:\users\user\appdata\local\temp\2625.tmp f1b737d166a077efe10e02a68f1d65dddcfc585361d553ccd91109cb9aeb54d5f022ec44
c:\users\user\appdata\local\temp\2625.tmp f1b737d166a077efe10e02a68f1d65dddcfc585361d553ccd91109cb9aeb54d5f022ec44
ID#3
OS PID0x460
OS Parent PID0x830
Image Namesysprep.exe
Page Root0x7a7a9000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD Line"C:\Windows\system32\sysprep\sysprep.exe"
Current DirectoryC:\Windows\system32\sysprep\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00042fffpagefile_backedTrue
private_0x00000000001000000x001000000x0017ffffprivateTrue
ntdll.dll0x776700000x77818fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
sysprep.exe0xfff900000xfffb3fffmapped_fileFalse
apisetschema.dll0x7feff9900000x7feff990fffmapped_fileFalse
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffdb0000x7fffffdb0000x7fffffdbfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x450
ID#4
OS PID0x7d4
OS Parent PID0x830
Image Namesysprep.exe
Page Root0x76c87000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD Line"C:\Windows\system32\sysprep\sysprep.exe"
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
sysprep.exe.mui0x000200000x00021fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00042fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
pagefile_0x00000000000f00000x000f00000x000f7fffpagefile_backedTrue
private_0x00000000001500000x001500000x001cffffprivateTrue
private_0x00000000002a00000x002a00000x0039ffffprivateTrue
private_0x00000000004800000x004800000x0048ffffprivateTrue
private_0x00000000004900000x004900000x0058ffffprivateTrue
pagefile_0x00000000005900000x005900000x00717fffpagefile_backedTrue
pagefile_0x00000000007200000x007200000x008a0fffpagefile_backedTrue
pagefile_0x00000000008b00000x008b00000x01caffffpagefile_backedTrue
user32.dll0x774500000x77549fffmapped_fileFalse
kernel32.dll0x775500000x7766efffmapped_fileFalse
ntdll.dll0x776700000x77818fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
sysprep.exe0xff1a00000xff1c3fffmapped_fileFalse
unattend.dll0x7fef3c300000x7fef3c6ffffmapped_fileFalse
ActionQueue.dll0x7fef3c700000x7fef3ca6fffmapped_fileFalse
wdscore.dll0x7fef93500000x7fef9396fffmapped_fileFalse
comctl32.dll0x7fefbe800000x7fefc073fffmapped_fileFalse
cfgmgr32.dll0x7fefd4a00000x7fefd4d5fffmapped_fileFalse
devobj.dll0x7fefd5200000x7fefd539fffmapped_fileFalse
KernelBase.dll0x7fefd5400000x7fefd5abfffmapped_fileFalse
imm32.dll0x7fefd8400000x7fefd86dfffmapped_fileFalse
advapi32.dll0x7fefd8700000x7fefd94afffmapped_fileFalse
gdi32.dll0x7fefda700000x7fefdad6fffmapped_fileFalse
lpk.dll0x7fefdd900000x7fefdd9dfffmapped_fileFalse
shlwapi.dll0x7fefe0400000x7fefe0b0fffmapped_fileFalse
sechost.dll0x7fefe2900000x7fefe2aefffmapped_fileFalse
oleaut32.dll0x7fefe2b00000x7fefe386fffmapped_fileFalse
setupapi.dll0x7fefe4300000x7fefe606fffmapped_fileFalse
msctf.dll0x7fefe6100000x7fefe718fffmapped_fileFalse
ole32.dll0x7fefe7200000x7fefe922fffmapped_fileFalse
shell32.dll0x7fefe9300000x7feff6b7fffmapped_fileFalse
usp10.dll0x7feff6c00000x7feff788fffmapped_fileFalse
rpcrt4.dll0x7feff7900000x7feff8bcfffmapped_fileFalse
msvcrt.dll0x7feff8c00000x7feff95efffmapped_fileFalse
apisetschema.dll0x7feff9900000x7feff990fffmapped_fileFalse
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd3fffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x83c
ID#5
OS PID0x4
OS Parent PID0xffffffffffffffff
Image NameSYSTEM
Page Root0x00187000
Monitor Reasonkernel_analysis
Unmonitor Reason(still running)
CMD Line-
Current Directory-
Name Start VA End VA Type Monitored
pagefile_0x00000000000100000x000100000x00032fffpagefile_backedTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
OS TIDs
0x6a4, 0x11c, 0x12c, 0x678, 0xb0, 0x7bc, 0x2fc, 0x488, 0x90, 0x694, 0x74, 0x48c, 0x688, 0x460, 0x8, 0x14, 0x2c, 0x30, 0x50, 0x5c, 0x6c, 0x78, 0x7c, 0x44, 0x40, 0x98, 0x9c, 0x34, 0x94, 0xa4, 0x64, 0x38, 0x28, 0xac, 0xbc, 0xb4, 0x24, 0xcc, 0x20, 0x3c, 0xe8, 0xec, 0xf4, 0xf8, 0x470, 0x654, 0x110, 0x10, 0x48, 0xb8, 0x80, 0x84, 0x88, 0x118, 0x124, 0x130, 0x134, 0x8c, 0x120, 0xc8, 0xc4, 0xa8, 0x140, 0x414, 0x6ac, 0x13c, 0x158, 0x484, 0x3f0, 0x1c, 0x4c, 0x50c, 0x608, 0x1ac, 0x288, 0x548, 0x68, 0x60, 0x6a0
ID#6
OS PID0xfc
OS Parent PID0x4
Image Namesmss.exe
Page Root0x20bdc000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD Line\SystemRoot\System32\smss.exe
Current DirectoryC:\Windows
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
private_0x00000000000500000x000500000x000cffffprivateTrue
smss.exe0x478b00000x478cffffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffdb0000x7fffffdb0000x7fffffdbfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x144, 0x17c, 0x100, 0x104
ID#7
OS PID0x108
OS Parent PID0xfc
Image Nameautochk.exe
Page Root0x206d4000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD Line\??\C:\Windows\system32\autochk.exe *
Current DirectoryC:\Windows\system32
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
private_0x00000000001d00000x001d00000x0024ffffprivateTrue
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
autochk.exe0xff1d00000xff290fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffdd0000x7fffffdd0000x7fffffdefffprivateTrue
private_0x000007fffffdf0000x7fffffdf0000x7fffffdffffprivateTrue
OS TIDs
0x10c
ID#8
OS PID0x148
OS Parent PID0xfc
Image Namesmss.exe
Page Root0x19f0b000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD Line\SystemRoot\System32\smss.exe 00000000 0000003c
Current DirectoryC:\Windows\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
private_0x00000000000500000x000500000x000cffffprivateTrue
smss.exe0x478b00000x478cffffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd7fffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x14c
ID#9
OS PID0x150
OS Parent PID0x148
Image Namecsrss.exe
Page Root0x1d8e6000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD Line%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
Current DirectoryC:\Windows\system32
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
locale.nls0x000100000x00076fffmapped_fileFalse
csrss.exe.mui0x000800000x00080fffmapped_fileFalse
winsrv.dll.mui0x000900000x00091fffmapped_fileFalse
private_0x00000000000a00000x000a00000x000a0fffprivateTrue
vgasys.fon0x000b00000x000b1fffmapped_fileFalse
private_0x00000000000c00000x000c00000x000fffffprivateTrue
private_0x00000000001000000x001000000x00100fffprivateTrue
pagefile_0x00000000001100000x001100000x0011ffffpagefile_backedTrue
segoeui.ttf0x001200000x0019efffmapped_fileFalse
private_0x00000000001700000x001700000x001affffprivateTrue
marlett.ttf0x001a00000x001a6fffmapped_fileFalse
private_0x00000000001b00000x001b00000x002affffprivateTrue
private_0x00000000002b00000x002b00000x003affffprivateTrue
pagefile_0x00000000003b00000x003b00000x003c7fffpagefile_backedTrue
private_0x00000000003d00000x003d00000x0040ffffprivateTrue
private_0x00000000004200000x004200000x0045ffffprivateTrue
pagefile_0x00000000004600000x004600000x0048ffffpagefile_backedTrue
private_0x00000000004c00000x004c00000x004cffffprivateTrue
pagefile_0x00000000004d00000x004d00000x00650fffpagefile_backedTrue
private_0x00000000006f00000x006f00000x0072ffffprivateTrue
private_0x00000000007a00000x007a00000x007dffffprivateTrue
pagefile_0x00000000007e00000x007e00000x00967fffpagefile_backedTrue
private_0x00000000009c00000x009c00000x009fffffprivateTrue
private_0x0000000000a300000x00a300000x00a6ffffprivateTrue
pagefile_0x0000000000a700000x00a700000x01e6ffffpagefile_backedTrue
csrss.exe0x4a0c00000x4a0c5fffmapped_fileFalse
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
sxs.dll0x7fefd2c00000x7fefd350fffmapped_fileFalse
sxssrv.dll0x7fefd3800000x7fefd38bfffmapped_fileFalse
winsrv.dll0x7fefd3900000x7fefd3c7fffmapped_fileFalse
basesrv.dll0x7fefd3d00000x7fefd3e0fffmapped_fileFalse
csrsrv.dll0x7fefd3f00000x7fefd402fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffdafffprivateTrue
private_0x000007fffffdb0000x7fffffdb0000x7fffffdcfffprivateTrue
private_0x000007fffffdd0000x7fffffdd0000x7fffffdefffprivateTrue
private_0x000007fffffdd0000x7fffffdd0000x7fffffdefffprivateTrue
private_0x000007fffffdf0000x7fffffdf0000x7fffffdffffprivateTrue
OS TIDs
0x164, 0x168, 0x1a0, 0x1b0, 0x1b4, 0x154, 0x1ec, 0x15c, 0x160
ID#10
OS PID0x16c
OS Parent PID0xfc
Image Namesmss.exe
Page Root0x19a51000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD Line\SystemRoot\System32\smss.exe 00000001 0000003c
Current DirectoryC:\Windows\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
private_0x00000000002100000x002100000x0028ffffprivateTrue
smss.exe0x478b00000x478cffffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffdd0000x7fffffdd0000x7fffffdefffprivateTrue
private_0x000007fffffdf0000x7fffffdf0000x7fffffdffffprivateTrue
OS TIDs
0x170
ID#11
OS PID0x174
OS Parent PID0x148
Image Namewininit.exe
Page Root0x1d26c000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD Linewininit.exe
Current DirectoryC:\Windows\system32
Name Start VA End VA Type Monitored
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
private_0x00000000000100000x000100000x0002ffffprivateTrue
locale.nls0x000200000x00086fffmapped_fileFalse
wininit.exe.mui0x000900000x00091fffmapped_fileFalse
user32.dll.mui0x000900000x00094fffmapped_fileFalse
private_0x00000000000a00000x000a00000x000a0fffprivateTrue
private_0x00000000000b00000x000b00000x0012ffffprivateTrue
private_0x00000000001300000x001300000x0022ffffprivateTrue
private_0x00000000002300000x002300000x00230fffprivateTrue
private_0x00000000002400000x002400000x0033ffffprivateTrue
pagefile_0x00000000003400000x003400000x004c7fffpagefile_backedTrue
user32.dll.mui0x004e00000x004e4fffmapped_fileFalse
private_0x00000000005100000x005100000x0051ffffprivateTrue
pagefile_0x00000000005200000x005200000x006a0fffpagefile_backedTrue
private_0x00000000006b00000x006b00000x0072ffffprivateTrue
pagefile_0x00000000007300000x007300000x0075ffffpagefile_backedTrue
private_0x00000000007600000x007600000x007dffffprivateTrue
private_0x00000000008100000x008100000x0088ffffprivateTrue
private_0x00000000008e00000x008e00000x0095ffffprivateTrue
private_0x00000000009800000x009800000x009fffffprivateTrue
private_0x00000000009c00000x009c00000x00a3ffffprivateTrue
private_0x0000000000a500000x00a500000x00acffffprivateTrue
private_0x0000000000ae00000x00ae00000x00b5ffffprivateTrue
pagefile_0x0000000000b600000x00b600000x01f5ffffpagefile_backedTrue
private_0x00000000020a00000x020a00000x0211ffffprivateTrue
SortDefault.nls0x021200000x023eefffmapped_fileFalse
private_0x00000000024400000x024400000x024bffffprivateTrue
private_0x00000000025300000x025300000x025affffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
wininit.exe0xff3700000xff392fffmapped_fileFalse
WSHTCPIP.DLL0x7fefc5d00000x7fefc5d6fffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
wship6.dll0x7fefcba00000x7fefcba6fffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
apphelp.dll0x7fefd2500000x7fefd2a6fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
KBDGR.DLL0x7fefd3500000x7fefd354fffmapped_fileFalse
KBDUS.DLL0x7fefd3500000x7fefd353fffmapped_fileFalse
WlS0WndH.dll0x7fefd3500000x7fefd356fffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x178, 0x208, 0x1a4, 0x1a8, 0x1b8, 0x1bc, 0x1d8, 0x2c8
ID#12
OS PID0x180
OS Parent PID0x16c
Image Namecsrss.exe
Page Root0x19447000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD Line%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
Current DirectoryC:\Windows\system32
Name Start VA End VA Type Monitored
locale.nls0x000100000x00076fffmapped_fileFalse
private_0x00000000000100000x000100000x0002ffffprivateTrue
csrss.exe.mui0x000800000x00080fffmapped_fileFalse
winsrv.dll.mui0x000800000x00081fffmapped_fileFalse
winsrv.dll.mui0x000900000x00091fffmapped_fileFalse
pagefile_0x00000000000900000x000900000x0009ffffpagefile_backedTrue
private_0x00000000000a00000x000a00000x000a0fffprivateTrue
vgasys.fon0x000b00000x000b1fffmapped_fileFalse
private_0x00000000000c00000x000c00000x000c0fffprivateTrue
pagefile_0x00000000000d00000x000d00000x000dffffpagefile_backedTrue
marlett.ttf0x000e00000x000e6fffmapped_fileFalse
pagefile_0x00000000000f00000x000f00000x0011ffffpagefile_backedTrue
pagefile_0x00000000001200000x001200000x00137fffpagefile_backedTrue
private_0x00000000001400000x001400000x0014ffffprivateTrue
segoeui.ttf0x001500000x001cefffmapped_fileFalse
private_0x00000000001600000x001600000x0019ffffprivateTrue
pagefile_0x00000000001d00000x001d00000x001d1fffpagefile_backedTrue
private_0x00000000001e00000x001e00000x0021ffffprivateTrue
pagefile_0x00000000002200000x002200000x0022ffffpagefile_backedTrue
pagefile_0x00000000002300000x002300000x0023ffffpagefile_backedTrue
pagefile_0x00000000002400000x002400000x0024ffffpagefile_backedTrue
pagefile_0x00000000002500000x002500000x0025ffffpagefile_backedTrue
private_0x00000000002800000x002800000x0037ffffprivateTrue
private_0x00000000003800000x003800000x0047ffffprivateTrue
pagefile_0x00000000004800000x004800000x00600fffpagefile_backedTrue
private_0x00000000006200000x006200000x0065ffffprivateTrue
private_0x00000000006c00000x006c00000x006fffffprivateTrue
private_0x00000000007200000x007200000x0075ffffprivateTrue
pagefile_0x00000000007600000x007600000x008e7fffpagefile_backedTrue
private_0x00000000009000000x009000000x0093ffffprivateTrue
private_0x00000000009600000x009600000x0099ffffprivateTrue
private_0x00000000009b00000x009b00000x009effffprivateTrue
pagefile_0x00000000009f00000x009f00000x01deffffpagefile_backedTrue
micross.ttf0x01df00000x01e8ffffmapped_fileFalse
csrss.exe0x4a0c00000x4a0c5fffmapped_fileFalse
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
sxs.dll0x7fefd2c00000x7fefd350fffmapped_fileFalse
sxssrv.dll0x7fefd3800000x7fefd38bfffmapped_fileFalse
winsrv.dll0x7fefd3900000x7fefd3c7fffmapped_fileFalse
basesrv.dll0x7fefd3d00000x7fefd3e0fffmapped_fileFalse
csrsrv.dll0x7fefd3f00000x7fefd402fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x200, 0x204, 0x184, 0x188, 0x18c, 0x190, 0x194, 0x1dc
ID#13
OS PID0x198
OS Parent PID0x16c
Image Namewinlogon.exe
Page Root0x1968d000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD Linewinlogon.exe
Current DirectoryC:\Windows\system32
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
locale.nls0x000200000x00086fffmapped_fileFalse
user32.dll.mui0x000900000x00094fffmapped_fileFalse
user32.dll.mui0x000900000x00094fffmapped_fileFalse
winlogon.exe.mui0x000900000x00095fffmapped_fileFalse
private_0x00000000000a00000x000a00000x000a0fffprivateTrue
private_0x00000000000b00000x000b00000x0012ffffprivateTrue
private_0x00000000001300000x001300000x00130fffprivateTrue
winlogon.exe.mui0x001400000x00145fffmapped_fileFalse
aero.msstyles.mui0x001500000x00150fffmapped_fileFalse
pagefile_0x00000000001600000x001600000x0018ffffpagefile_backedTrue
private_0x00000000001900000x001900000x0019ffffprivateTrue
private_0x00000000001a00000x001a00000x0029ffffprivateTrue
private_0x00000000002a00000x002a00000x0039ffffprivateTrue
pagefile_0x00000000003a00000x003a00000x00527fffpagefile_backedTrue
pagefile_0x00000000005300000x005300000x006b0fffpagefile_backedTrue
pagefile_0x00000000006c00000x006c00000x006cffffpagefile_backedTrue
pagefile_0x00000000006d00000x006d00000x006dffffpagefile_backedTrue
pagefile_0x00000000006e00000x006e00000x006effffpagefile_backedTrue
private_0x00000000006f00000x006f00000x0076ffffprivateTrue
private_0x00000000007700000x007700000x007effffprivateTrue
private_0x00000000007f00000x007f00000x0086ffffprivateTrue
pagefile_0x00000000008700000x008700000x00887fffpagefile_backedTrue
private_0x00000000008900000x008900000x00890fffprivateTrue
private_0x00000000008e00000x008e00000x0095ffffprivateTrue
private_0x00000000009900000x009900000x00a0ffffprivateTrue
private_0x0000000000a900000x00a900000x00b0ffffprivateTrue
private_0x0000000000bc00000x00bc00000x00c3ffffprivateTrue
private_0x0000000000c400000x00c400000x00cbffffprivateTrue
private_0x0000000000d600000x00d600000x00ddffffprivateTrue
private_0x0000000000e300000x00e300000x00eaffffprivateTrue
private_0x0000000000f000000x00f000000x00f7ffffprivateTrue
private_0x0000000000fe00000x00fe00000x0105ffffprivateTrue
SortDefault.nls0x010600000x0132efffmapped_fileFalse
aero.msstyles0x013300000x0144dfffmapped_fileFalse
pagefile_0x00000000014100000x014100000x0280ffffpagefile_backedTrue
private_0x00000000014500000x014500000x01e4ffffprivateTrue
private_0x00000000028500000x028500000x0294ffffprivateTrue
private_0x00000000029f00000x029f00000x02a6ffffprivateTrue
private_0x0000000002a700000x02a700000x02b6ffffprivateTrue
private_0x0000000002c900000x02c900000x02d0ffffprivateTrue
private_0x0000000002eb00000x02eb00000x02f2ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
winlogon.exe0xff4400000xff4b1fffmapped_fileFalse
UXInit.dll0x7fefabc00000x7fefabc9fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
wkscli.dll0x7fefb4f00000x7fefb504fffmapped_fileFalse
netutils.dll0x7fefb5100000x7fefb51bfffmapped_fileFalse
WindowsCodecs.dll0x7fefb6800000x7fefb7e0fffmapped_fileFalse
uxtheme.dll0x7fefbc600000x7fefbcb5fffmapped_fileFalse
mpr.dll0x7fefc1900000x7fefc1a7fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
netjoin.dll0x7fefcd200000x7fefcd51fffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
winsta.dll0x7fefd2100000x7fefd24cfffmapped_fileFalse
apphelp.dll0x7fefd2500000x7fefd2a6fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd4fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x328, 0x184, 0x16c, 0x12c, 0x19c, 0x1e0, 0x1e4, 0x2d8
ID#14
OS PID0x1c0
OS Parent PID0x174
Image Nameservices.exe
Page Root0x1870a000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\services.exe
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
services.exe.mui0x000200000x00024fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
pagefile_0x00000000000f00000x000f00000x000f6fffpagefile_backedTrue
private_0x00000000001000000x001000000x00100fffprivateTrue
private_0x00000000001100000x001100000x00110fffprivateTrue
private_0x00000000001700000x001700000x001effffprivateTrue
private_0x00000000001f00000x001f00000x002effffprivateTrue
private_0x00000000002f00000x002f00000x0036ffffprivateTrue
private_0x00000000003800000x003800000x0038ffffprivateTrue
private_0x00000000003b00000x003b00000x004affffprivateTrue
pagefile_0x00000000004b00000x004b00000x00637fffpagefile_backedTrue
pagefile_0x00000000006400000x006400000x007c0fffpagefile_backedTrue
pagefile_0x00000000007d00000x007d00000x0088ffffpagefile_backedTrue
private_0x00000000008e00000x008e00000x0095ffffprivateTrue
private_0x00000000009c00000x009c00000x009fffffprivateTrue
private_0x0000000000a300000x00a300000x00aaffffprivateTrue
private_0x0000000000ab00000x00ab00000x00b2ffffprivateTrue
private_0x0000000000b500000x00b500000x00bcffffprivateTrue
private_0x0000000000c300000x00c300000x00caffffprivateTrue
private_0x0000000000ce00000x00ce00000x00d5ffffprivateTrue
private_0x0000000000de00000x00de00000x00e5ffffprivateTrue
private_0x0000000000e900000x00e900000x00f0ffffprivateTrue
private_0x0000000000f100000x00f100000x00f8ffffprivateTrue
private_0x0000000000fd00000x00fd00000x0104ffffprivateTrue
private_0x00000000010f00000x010f00000x0116ffffprivateTrue
private_0x00000000011b00000x011b00000x0122ffffprivateTrue
private_0x00000000012900000x012900000x0130ffffprivateTrue
private_0x00000000013300000x013300000x013affffprivateTrue
private_0x00000000013b00000x013b00000x014affffprivateTrue
private_0x00000000015000000x015000000x0157ffffprivateTrue
private_0x00000000016600000x016600000x016dffffprivateTrue
private_0x00000000016f00000x016f00000x0176ffffprivateTrue
private_0x00000000017800000x017800000x017fffffprivateTrue
private_0x00000000018400000x018400000x018bffffprivateTrue
SortDefault.nls0x018c00000x01b8efffmapped_fileFalse
private_0x0000000001b900000x01b900000x01c8ffffprivateTrue
private_0x0000000001c900000x01c900000x01e8ffffprivateTrue
private_0x0000000001e900000x01e900000x0208ffffprivateTrue
private_0x00000000020c00000x020c00000x0213ffffprivateTrue
private_0x00000000021600000x021600000x021dffffprivateTrue
private_0x00000000022400000x022400000x022bffffprivateTrue
private_0x00000000022c00000x022c00000x0233ffffprivateTrue
private_0x00000000023f00000x023f00000x0246ffffprivateTrue
private_0x00000000024900000x024900000x0250ffffprivateTrue
private_0x00000000025e00000x025e00000x0265ffffprivateTrue
private_0x00000000026e00000x026e00000x0275ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
services.exe0xffbc00000xffc12fffmapped_fileFalse
wtsapi32.dll0x7fefb6500000x7fefb660fffmapped_fileFalse
WSHTCPIP.DLL0x7fefc5d00000x7fefc5d6fffmapped_fileFalse
ubpm.dll0x7fefc7d00000x7fefc808fffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
wship6.dll0x7fefcba00000x7fefcba6fffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
srvcli.dll0x7fefcd800000x7fefcda2fffmapped_fileFalse
scesrv.dll0x7fefcdb00000x7fefce16fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
scext.dll0x7fefce300000x7fefce48fffmapped_fileFalse
authz.dll0x7fefced00000x7fefcefefffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
winsta.dll0x7fefd2100000x7fefd24cfffmapped_fileFalse
apphelp.dll0x7fefd2500000x7fefd2a6fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffff820000x7fffff820000x7fffff83fffprivateTrue
private_0x000007fffff840000x7fffff840000x7fffff85fffprivateTrue
private_0x000007fffff860000x7fffff860000x7fffff87fffprivateTrue
private_0x000007fffff880000x7fffff880000x7fffff89fffprivateTrue
private_0x000007fffff8a0000x7fffff8a0000x7fffff8bfffprivateTrue
private_0x000007fffff8c0000x7fffff8c0000x7fffff8dfffprivateTrue
private_0x000007fffff8e0000x7fffff8e0000x7fffff8ffffprivateTrue
private_0x000007fffff900000x7fffff900000x7fffff91fffprivateTrue
private_0x000007fffff920000x7fffff920000x7fffff93fffprivateTrue
private_0x000007fffff940000x7fffff940000x7fffff95fffprivateTrue
private_0x000007fffff960000x7fffff960000x7fffff97fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9c0000x7fffff9c0000x7fffff9dfffprivateTrue
private_0x000007fffff9e0000x7fffff9e0000x7fffff9ffffprivateTrue
private_0x000007fffffa00000x7fffffa00000x7fffffa1fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdefffprivateTrue
OS TIDs
0x6d4, 0x218, 0x21c, 0x220, 0x170, 0x230, 0x234, 0x238, 0x23c, 0x240, 0x244, 0x248, 0x6d8, 0x284, 0x4a0, 0x6b8, 0x6bc, 0x6c0, 0x4c0, 0x6c8, 0x6cc, 0x6d0, 0x4d4, 0x4d8, 0x4e4, 0x224, 0x1c4, 0x6c4
ID#15
OS PID0x1c8
OS Parent PID0x174
Image Namelsass.exe
Page Root0x1c8f2000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\lsass.exe
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x001cffffprivateTrue
private_0x00000000001d00000x001d00000x001d0fffprivateTrue
private_0x00000000001e00000x001e00000x001e0fffprivateTrue
pagefile_0x00000000001f00000x001f00000x001fffffpagefile_backedTrue
pagefile_0x00000000002000000x002000000x0020ffffpagefile_backedTrue
private_0x00000000002100000x002100000x0028ffffprivateTrue
lsasrv.dll.mui0x002900000x0029bfffmapped_fileFalse
pagefile_0x00000000002a00000x002a00000x002affffpagefile_backedTrue
C_28591.NLS0x002b00000x002c0fffmapped_fileFalse
private_0x00000000002d00000x002d00000x002d0fffprivateTrue
private_0x00000000002e00000x002e00000x002e0fffprivateTrue
private_0x00000000002f00000x002f00000x002f0fffprivateTrue
private_0x00000000003000000x003000000x00300fffprivateTrue
private_0x00000000003100000x003100000x0038ffffprivateTrue
private_0x00000000003900000x003900000x00390fffprivateTrue
private_0x00000000003a00000x003a00000x003a0fffprivateTrue
private_0x00000000003b00000x003b00000x003b0fffprivateTrue
private_0x00000000003c00000x003c00000x003c0fffprivateTrue
private_0x00000000003d00000x003d00000x003d0fffprivateTrue
private_0x00000000003e00000x003e00000x004dffffprivateTrue
pagefile_0x00000000004e00000x004e00000x0059ffffpagefile_backedTrue
private_0x00000000005a00000x005a00000x0061ffffprivateTrue
private_0x00000000006200000x006200000x00620fffprivateTrue
private_0x00000000006400000x006400000x0064ffffprivateTrue
pagefile_0x00000000006500000x006500000x007d7fffpagefile_backedTrue
pagefile_0x00000000007e00000x007e00000x00960fffpagefile_backedTrue
private_0x00000000009800000x009800000x009fffffprivateTrue
private_0x0000000000a200000x00a200000x00a9ffffprivateTrue
private_0x0000000000ab00000x00ab00000x00b2ffffprivateTrue
private_0x0000000000ba00000x00ba00000x00c1ffffprivateTrue
private_0x0000000000cb00000x00cb00000x00d2ffffprivateTrue
SortDefault.nls0x00d300000x00ffefffmapped_fileFalse
private_0x00000000010a00000x010a00000x0111ffffprivateTrue
private_0x00000000011200000x011200000x0121ffffprivateTrue
private_0x00000000011600000x011600000x011dffffprivateTrue
private_0x00000000012300000x012300000x012affffprivateTrue
private_0x00000000012400000x012400000x012bffffprivateTrue
private_0x00000000012e00000x012e00000x0135ffffprivateTrue
msprivs.dll0x751c00000x751c1fffmapped_fileFalse
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
lsass.exe0xff7900000xff79bfffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
wkscli.dll0x7fefb4f00000x7fefb504fffmapped_fileFalse
netutils.dll0x7fefb5100000x7fefb51bfffmapped_fileFalse
scecli.dll0x7fefc7900000x7fefc7cdfffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
credssp.dll0x7fefc8200000x7fefc829fffmapped_fileFalse
efslsaext.dll0x7fefc8300000x7fefc841fffmapped_fileFalse
bcryptprimitives.dll0x7fefc8500000x7fefc89bfffmapped_fileFalse
pku2u.dll0x7fefc8a00000x7fefc8e4fffmapped_fileFalse
TSpkg.dll0x7fefc8f00000x7fefc908fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
wdigest.dll0x7fefc9600000x7fefc995fffmapped_fileFalse
schannel.dll0x7fefc9a00000x7fefc9f6fffmapped_fileFalse
logoncli.dll0x7fefca000000x7fefca2ffffmapped_fileFalse
dnsapi.dll0x7fefca300000x7fefca8afffmapped_fileFalse
netlogon.dll0x7fefca900000x7fefcb3dfffmapped_fileFalse
msv1_0.dll0x7fefcb400000x7fefcb91fffmapped_fileFalse
wship6.dll0x7fefcba00000x7fefcba6fffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
kerberos.dll0x7fefcc300000x7fefcce7fffmapped_fileFalse
negoexts.dll0x7fefccf00000x7fefcd13fffmapped_fileFalse
netjoin.dll0x7fefcd200000x7fefcd51fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
bcrypt.dll0x7fefce500000x7fefce71fffmapped_fileFalse
ncrypt.dll0x7fefce800000x7fefceccfffmapped_fileFalse
authz.dll0x7fefced00000x7fefcefefffmapped_fileFalse
cngaudit.dll0x7fefcf000000x7fefcf08fffmapped_fileFalse
wevtapi.dll0x7fefcf100000x7fefcf7cfffmapped_fileFalse
cryptdll.dll0x7fefcf800000x7fefcf93fffmapped_fileFalse
samsrv.dll0x7fefcfa00000x7fefd05cfffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
lsasrv.dll0x7fefd0900000x7fefd1f9fffmapped_fileFalse
sspisrv.dll0x7fefd2000000x7fefd20afffmapped_fileFalse
winsta.dll0x7fefd2100000x7fefd24cfffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
msasn1.dll0x7fefd4100000x7fefd41efffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
crypt32.dll0x7fefd5e00000x7fefd74bfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdefffprivateTrue
OS TIDs
0x1f8, 0x1fc, 0x20c, 0x210, 0x214, 0x228, 0x22c, 0x334, 0x120, 0x214, 0x1cc, 0x1e8, 0x1f0, 0x1f4
ID#16
OS PID0x1d0
OS Parent PID0x174
Image Namelsm.exe
Page Root0x1c938000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\lsm.exe
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
private_0x00000000000200000x000200000x0002ffffprivateTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
pagefile_0x00000000000e00000x000e00000x000e1fffpagefile_backedTrue
private_0x00000000000f00000x000f00000x0016ffffprivateTrue
private_0x00000000001700000x001700000x001effffprivateTrue
private_0x00000000001f00000x001f00000x002effffprivateTrue
pagefile_0x00000000002f00000x002f00000x002f1fffpagefile_backedTrue
lsm.exe.mui0x003000000x00301fffmapped_fileFalse
private_0x00000000003100000x003100000x00310fffprivateTrue
private_0x00000000003200000x003200000x00320fffprivateTrue
pagefile_0x00000000003300000x003300000x00330fffpagefile_backedTrue
pagefile_0x00000000003400000x003400000x00340fffpagefile_backedTrue
private_0x00000000003700000x003700000x0046ffffprivateTrue
SortDefault.nls0x004700000x0073efffmapped_fileFalse
private_0x00000000007f00000x007f00000x0086ffffprivateTrue
private_0x00000000008d00000x008d00000x0094ffffprivateTrue
pagefile_0x00000000009500000x009500000x00a0ffffpagefile_backedTrue
private_0x0000000000a500000x00a500000x00acffffprivateTrue
private_0x0000000000b000000x00b000000x00b7ffffprivateTrue
private_0x0000000000bb00000x00bb00000x00c2ffffprivateTrue
private_0x0000000000c300000x00c300000x00caffffprivateTrue
private_0x0000000000cb00000x00cb00000x00d2ffffprivateTrue
private_0x0000000000d500000x00d500000x00dcffffprivateTrue
private_0x0000000000e300000x00e300000x00eaffffprivateTrue
pagefile_0x0000000000eb00000x00eb00000x01037fffpagefile_backedTrue
pagefile_0x00000000010400000x010400000x011c0fffpagefile_backedTrue
private_0x00000000013100000x013100000x0138ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
lsm.exe0xff4c00000xff516fffmapped_fileFalse
lsmproxy.dll0x7fef7f700000x7fef7f80fffmapped_fileFalse
ntmarta.dll0x7fefc3300000x7fefc35cfffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
pcwum.dll0x7fefc8200000x7fefc82cfffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
wmsgapi.dll0x7fefcd600000x7fefcd67fffmapped_fileFalse
sysntfy.dll0x7fefcd700000x7fefcd79fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x2f0, 0x2f4, 0x1d4, 0x2cc, 0x2f8, 0x310, 0x534, 0x340, 0x2d4, 0x254, 0x2e0, 0x2ec
ID#17
OS PID0x24c
OS Parent PID0x1c0
Image Namesvchost.exe
Page Root0x1bfad000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\svchost.exe -k DcomLaunch
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
svchost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
setupapi.dll.mui0x000f00000x000fcfffmapped_fileFalse
pagefile_0x00000000001000000x001000000x00100fffpagefile_backedTrue
pagefile_0x00000000001100000x001100000x00110fffpagefile_backedTrue
pagefile_0x00000000001200000x001200000x00120fffpagefile_backedTrue
pagefile_0x00000000001300000x001300000x00130fffpagefile_backedTrue
private_0x00000000001400000x001400000x00142fffprivateTrue
private_0x00000000001500000x001500000x00154fffprivateTrue
private_0x00000000001600000x001600000x00160fffprivateTrue
private_0x00000000001700000x001700000x0017ffffprivateTrue
private_0x00000000001800000x001800000x001fffffprivateTrue
private_0x00000000002000000x002000000x002fffffprivateTrue
private_0x00000000003000000x003000000x0037ffffprivateTrue
private_0x00000000003800000x003800000x00387fffprivateTrue
private_0x00000000003a00000x003a00000x0049ffffprivateTrue
private_0x00000000005000000x005000000x0057ffffprivateTrue
pagefile_0x00000000005800000x005800000x0063ffffpagefile_backedTrue
private_0x00000000006600000x006600000x006dffffprivateTrue
private_0x00000000006f00000x006f00000x006fffffprivateTrue
private_0x00000000007000000x007000000x0077ffffprivateTrue
private_0x00000000007000000x007000000x0077ffffprivateTrue
SortDefault.nls0x007800000x00a4efffmapped_fileFalse
pagefile_0x0000000000a500000x00a500000x00bd7fffpagefile_backedTrue
pagefile_0x0000000000be00000x00be00000x00d60fffpagefile_backedTrue
private_0x0000000000da00000x00da00000x00e1ffffprivateTrue
private_0x0000000000e600000x00e600000x00edffffprivateTrue
private_0x0000000000f700000x00f700000x00feffffprivateTrue
private_0x0000000000f700000x00f700000x00feffffprivateTrue
private_0x00000000010300000x010300000x010affffprivateTrue
private_0x00000000010e00000x010e00000x0115ffffprivateTrue
private_0x00000000011600000x011600000x0125ffffprivateTrue
private_0x00000000012800000x012800000x012fffffprivateTrue
private_0x00000000013600000x013600000x013dffffprivateTrue
private_0x00000000014400000x014400000x014bffffprivateTrue
private_0x00000000014c00000x014c00000x0153ffffprivateTrue
private_0x00000000015400000x015400000x0163ffffprivateTrue
private_0x00000000015500000x015500000x015cffffprivateTrue
private_0x00000000015600000x015600000x015dffffprivateTrue
private_0x00000000016900000x016900000x0170ffffprivateTrue
private_0x00000000017300000x017300000x017affffprivateTrue
private_0x00000000018700000x018700000x0196ffffprivateTrue
private_0x00000000019e00000x019e00000x01a5ffffprivateTrue
private_0x0000000001a700000x01a700000x01aeffffprivateTrue
private_0x0000000001b200000x01b200000x01b9ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
svchost.exe0xff2900000xff29afffmapped_fileFalse
wmiutils.dll0x7fef85e00000x7fef8605fffmapped_fileFalse
wbemsvc.dll0x7fef86800000x7fef8693fffmapped_fileFalse
wbemprox.dll0x7fef88f00000x7fef88fefffmapped_fileFalse
ntdsapi.dll0x7fef89000000x7fef8926fffmapped_fileFalse
fastprox.dll0x7fef89300000x7fef8a11fffmapped_fileFalse
WmiDcPrv.dll0x7fef8a200000x7fef8a51fffmapped_fileFalse
wbemcomn.dll0x7fef8ba00000x7fef8c25fffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
ntmarta.dll0x7fefc3300000x7fefc35cfffmapped_fileFalse
rpcss.dll0x7fefc6000000x7fefc680fffmapped_fileFalse
powrprof.dll0x7fefc6600000x7fefc68bfffmapped_fileFalse
umpo.dll0x7fefc6900000x7fefc6bbfffmapped_fileFalse
gpapi.dll0x7fefc6c00000x7fefc6dafffmapped_fileFalse
devrtl.dll0x7fefc6e00000x7fefc6f1fffmapped_fileFalse
SPInf.dll0x7fefc7000000x7fefc71efffmapped_fileFalse
umpnpmgr.dll0x7fefc7200000x7fefc786fffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
pcwum.dll0x7fefc8200000x7fefc82cfffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
winsta.dll0x7fefd2100000x7fefd24cfffmapped_fileFalse
apphelp.dll0x7fefd2500000x7fefd2a6fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9c0000x7fffff9c0000x7fffff9dfffprivateTrue
private_0x000007fffff9e0000x7fffff9e0000x7fffff9ffffprivateTrue
private_0x000007fffffa00000x7fffffa00000x7fffffa1fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdefffprivateTrue
OS TIDs
0x270, 0x274, 0x278, 0x27c, 0x280, 0x510, 0x28c, 0x298, 0x29c, 0x134, 0x2a4, 0x630, 0x638, 0x330, 0x250, 0x258, 0x25c, 0x260, 0x264, 0x268, 0x26c
ID#18
OS PID0x290
OS Parent PID0x1c0
Image Namesvchost.exe
Page Root0x1bde4000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\svchost.exe -k RPCSS
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
svchost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
private_0x00000000000600000x000600000x0015ffffprivateTrue
locale.nls0x001600000x001c6fffmapped_fileFalse
private_0x00000000001d00000x001d00000x001d0fffprivateTrue
private_0x00000000001e00000x001e00000x001e0fffprivateTrue
private_0x00000000001f00000x001f00000x0026ffffprivateTrue
private_0x00000000002700000x002700000x0036ffffprivateTrue
private_0x00000000003700000x003700000x003effffprivateTrue
wshtcpip.dll.mui0x003f00000x003f0fffmapped_fileFalse
wship6.dll.mui0x004000000x00400fffmapped_fileFalse
pagefile_0x00000000004100000x004100000x00410fffpagefile_backedTrue
private_0x00000000004200000x004200000x0042ffffprivateTrue
pagefile_0x00000000004300000x004300000x00430fffpagefile_backedTrue
private_0x00000000004400000x004400000x00442fffprivateTrue
private_0x00000000004500000x004500000x00454fffprivateTrue
private_0x00000000004600000x004600000x00460fffprivateTrue
private_0x00000000004700000x004700000x004effffprivateTrue
private_0x00000000004f00000x004f00000x004f7fffprivateTrue
private_0x00000000005900000x005900000x0060ffffprivateTrue
pagefile_0x00000000006100000x006100000x006cffffpagefile_backedTrue
private_0x00000000006900000x006900000x0070ffffprivateTrue
SortDefault.nls0x007100000x009defffmapped_fileFalse
private_0x0000000000a000000x00a000000x00a7ffffprivateTrue
private_0x0000000000a900000x00a900000x00b0ffffprivateTrue
private_0x0000000000b200000x00b200000x00b9ffffprivateTrue
pagefile_0x0000000000ba00000x00ba00000x00d27fffpagefile_backedTrue
pagefile_0x0000000000d300000x00d300000x00eb0fffpagefile_backedTrue
private_0x0000000000ec00000x00ec00000x00fbffffprivateTrue
private_0x0000000000fc00000x00fc00000x0103ffffprivateTrue
private_0x00000000010800000x010800000x010fffffprivateTrue
private_0x00000000011700000x011700000x011effffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
svchost.exe0xff2900000xff29afffmapped_fileFalse
FWPUCLNT.DLL0x7fef9dd00000x7fef9e22fffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
FirewallAPI.dll0x7fefc5100000x7fefc5cafffmapped_fileFalse
WSHTCPIP.DLL0x7fefc5d00000x7fefc5d6fffmapped_fileFalse
RpcEpMap.dll0x7fefc5e00000x7fefc5f3fffmapped_fileFalse
rpcss.dll0x7fefc6000000x7fefc680fffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
wship6.dll0x7fefcba00000x7fefcba6fffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffdafffprivateTrue
private_0x000007fffffdb0000x7fffffdb0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x6b4, 0x70c, 0x294, 0x158, 0x2a0, 0x530, 0x2a8, 0x2ac, 0x2b0, 0x2b4, 0x2b8, 0x2bc, 0x6a8
ID#19
OS PID0x2c0
OS Parent PID0x1c0
Image Namesvchost.exe
Page Root0x1b5af000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
svchost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
private_0x00000000000f00000x000f00000x0012ffffprivateTrue
setupapi.dll.mui0x001300000x0013cfffmapped_fileFalse
setupapi.dll.mui0x001300000x0013cfffmapped_fileFalse
pagefile_0x00000000001400000x001400000x00140fffpagefile_backedTrue
private_0x00000000001500000x001500000x0015ffffprivateTrue
private_0x00000000001600000x001600000x0017ffffprivateTrue
private_0x00000000001600000x001600000x0017ffffprivateTrue
private_0x00000000001700000x001700000x001effffprivateTrue
private_0x00000000001800000x001800000x0019ffffprivateTrue
private_0x00000000001800000x001800000x0019ffffprivateTrue
private_0x00000000001a00000x001a00000x001bffffprivateTrue
private_0x00000000001a00000x001a00000x001bffffprivateTrue
pagefile_0x00000000001c00000x001c00000x001c0fffpagefile_backedTrue
pagefile_0x00000000001d00000x001d00000x001d0fffpagefile_backedTrue
private_0x00000000001e00000x001e00000x001e2fffprivateTrue
private_0x00000000001f00000x001f00000x001f4fffprivateTrue
private_0x00000000002000000x002000000x0027ffffprivateTrue
private_0x00000000002800000x002800000x0037ffffprivateTrue
private_0x00000000003800000x003800000x00380fffprivateTrue
private_0x00000000003900000x003900000x00397fffprivateTrue
private_0x00000000003a00000x003a00000x0049ffffprivateTrue
pagefile_0x00000000004a00000x004a00000x00627fffpagefile_backedTrue
pagefile_0x00000000006300000x006300000x007b0fffpagefile_backedTrue
pagefile_0x00000000007c00000x007c00000x0087ffffpagefile_backedTrue
private_0x00000000008b00000x008b00000x0092ffffprivateTrue
private_0x00000000009400000x009400000x009bffffprivateTrue
private_0x00000000009600000x009600000x009dffffprivateTrue
private_0x00000000009e00000x009e00000x00a5ffffprivateTrue
private_0x0000000000a600000x00a600000x00adffffprivateTrue
SortDefault.nls0x00ae00000x00daefffmapped_fileFalse
private_0x0000000000db00000x00db00000x00eaffffprivateTrue
private_0x0000000000eb00000x00eb00000x00f2ffffprivateTrue
private_0x0000000000f300000x00f300000x00f37fffprivateTrue
private_0x0000000000f400000x00f400000x00fbffffprivateTrue
private_0x00000000010000000x010000000x0107ffffprivateTrue
private_0x00000000011000000x011000000x0117ffffprivateTrue
private_0x00000000011800000x011800000x0127ffffprivateTrue
private_0x00000000013200000x013200000x0139ffffprivateTrue
private_0x00000000013500000x013500000x013cffffprivateTrue
private_0x00000000014400000x014400000x014bffffprivateTrue
private_0x00000000014c00000x014c00000x016bffffprivateTrue
private_0x00000000016c00000x016c00000x0173ffffprivateTrue
private_0x00000000017100000x017100000x0178ffffprivateTrue
private_0x00000000017600000x017600000x017dffffprivateTrue
private_0x00000000017f00000x017f00000x0186ffffprivateTrue
private_0x00000000018e00000x018e00000x0195ffffprivateTrue
private_0x00000000019900000x019900000x01a0ffffprivateTrue
private_0x0000000001a900000x01a900000x01b0ffffprivateTrue
private_0x0000000001b200000x01b200000x01b9ffffprivateTrue
private_0x0000000001ba00000x01ba00000x01c1ffffprivateTrue
private_0x0000000001ca00000x01ca00000x01d1ffffprivateTrue
private_0x0000000001d200000x01d200000x0211ffffprivateTrue
private_0x00000000021400000x021400000x021bffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
svchost.exe0xff2900000xff29afffmapped_fileFalse
winlogon.exe0xff4400000xff4b1fffmapped_fileFalse
services.exe0xffbc00000xffc12fffmapped_fileFalse
dhcpcsvc.dll0x7fef9d800000x7fef9d97fffmapped_fileFalse
dhcpcsvc6.dll0x7fef9da00000x7fef9db0fffmapped_fileFalse
dhcpcore6.dll0x7fef9e600000x7fef9e9afffmapped_fileFalse
dhcpcore.dll0x7fef9ea00000x7fef9ef0fffmapped_fileFalse
nrpsrv.dll0x7fef9f100000x7fef9f17fffmapped_fileFalse
lmhsvc.dll0x7fef9f200000x7fef9f29fffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
powrprof.dll0x7fefb1500000x7fefb17bfffmapped_fileFalse
audiosrv.dll0x7fefb1800000x7fefb22bfffmapped_fileFalse
powrprof.dll0x7fefb2000000x7fefb22bfffmapped_fileFalse
powrprof.dll0x7fefb3500000x7fefb37bfffmapped_fileFalse
avrt.dll0x7fefb3600000x7fefb368fffmapped_fileFalse
MMDevAPI.dll0x7fefb8500000x7fefb89afffmapped_fileFalse
propsys.dll0x7fefbcc00000x7fefbdebfffmapped_fileFalse
wevtsvc.dll0x7fefc3600000x7fefc4f5fffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
FirewallAPI.dll0x7fefc5100000x7fefc5cafffmapped_fileFalse
WSHTCPIP.DLL0x7fefc5d00000x7fefc5d6fffmapped_fileFalse
gpapi.dll0x7fefc6c00000x7fefc6dafffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
dnsapi.dll0x7fefca300000x7fefca8afffmapped_fileFalse
wship6.dll0x7fefcba00000x7fefcba6fffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
wevtapi.dll0x7fefcf100000x7fefcf7cfffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
winsta.dll0x7fefd2100000x7fefd24cfffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffff960000x7fffff960000x7fffff97fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9c0000x7fffff9c0000x7fffff9dfffprivateTrue
private_0x000007fffff9e0000x7fffff9e0000x7fffff9ffffprivateTrue
private_0x000007fffffa00000x7fffffa00000x7fffffa1fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffdcfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x5a0, 0x814, 0xe4, 0x418, 0x424, 0x434, 0x2d0, 0x3c4, 0x448, 0x44c, 0x2e4, 0x2e8, 0x550, 0x614, 0x300, 0x2c4, 0x30c, 0x354, 0x358, 0x35c, 0x360, 0x308, 0x2dc, 0x554, 0x528, 0x52c, 0x534, 0x3cc, 0x3d0, 0x3d4, 0x3d8, 0x558
ID#20
OS PID0x304
OS Parent PID0x198
Image Namelogonui.exe
Page Root0x178c4000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD Line"LogonUI.exe" /flags:0x0
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
private_0x00000000000200000x000200000x00020fffprivateTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00041fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
private_0x00000000000600000x000600000x00060fffprivateTrue
private_0x00000000000700000x000700000x000effffprivateTrue
locale.nls0x000f00000x00156fffmapped_fileFalse
pagefile_0x00000000001600000x001600000x0018ffffpagefile_backedTrue
pagefile_0x00000000001900000x001900000x00190fffpagefile_backedTrue
private_0x00000000001a00000x001a00000x0029ffffprivateTrue
pagefile_0x00000000002a00000x002a00000x002a0fffpagefile_backedTrue
pagefile_0x00000000002b00000x002b00000x002b1fffpagefile_backedTrue
pagefile_0x00000000002c00000x002c00000x002c1fffpagefile_backedTrue
pagefile_0x00000000002d00000x002d00000x002d1fffpagefile_backedTrue
private_0x00000000002e00000x002e00000x002effffprivateTrue
private_0x00000000002f00000x002f00000x003effffprivateTrue
pagefile_0x00000000003f00000x003f00000x00577fffpagefile_backedTrue
pagefile_0x00000000005800000x005800000x00700fffpagefile_backedTrue
pagefile_0x00000000007100000x007100000x00711fffpagefile_backedTrue
private_0x00000000007200000x007200000x0075ffffprivateTrue
authui.dll.mui0x007600000x00766fffmapped_fileFalse
pagefile_0x00000000007700000x007700000x00771fffpagefile_backedTrue
setupapi.dll.mui0x007800000x0078cfffmapped_fileFalse
private_0x00000000007900000x007900000x0080ffffprivateTrue
private_0x00000000008100000x008100000x00810fffprivateTrue
private_0x00000000008200000x008200000x00820fffprivateTrue
private_0x00000000008300000x008300000x00830fffprivateTrue
private_0x00000000008400000x008400000x00840fffprivateTrue
private_0x00000000008500000x008500000x008cffffprivateTrue
SortDefault.nls0x008d00000x00b9efffmapped_fileFalse
private_0x0000000000ba00000x00ba00000x00ba0fffprivateTrue
private_0x0000000000bb00000x00bb00000x00bb0fffprivateTrue
private_0x0000000000bc00000x00bc00000x00bc0fffprivateTrue
private_0x0000000000bd00000x00bd00000x00bd0fffprivateTrue
private_0x0000000000be00000x00be00000x00be0fffprivateTrue
private_0x0000000000bf00000x00bf00000x00bf0fffprivateTrue
private_0x0000000000c000000x00c000000x00c00fffprivateTrue
private_0x0000000000c100000x00c100000x00c10fffprivateTrue
private_0x0000000000c200000x00c200000x00c9ffffprivateTrue
private_0x0000000000ca00000x00ca00000x00ca0fffprivateTrue
private_0x0000000000cb00000x00cb00000x00cb0fffprivateTrue
private_0x0000000000cc00000x00cc00000x00cc0fffprivateTrue
private_0x0000000000cd00000x00cd00000x00cd0fffprivateTrue
private_0x0000000000ce00000x00ce00000x00ce0fffprivateTrue
private_0x0000000000cf00000x00cf00000x00cf0fffprivateTrue
private_0x0000000000d000000x00d000000x00d00fffprivateTrue
private_0x0000000000d100000x00d100000x00d10fffprivateTrue
private_0x0000000000d200000x00d200000x00d20fffprivateTrue
private_0x0000000000d300000x00d300000x00d30fffprivateTrue
private_0x0000000000d400000x00d400000x00d40fffprivateTrue
private_0x0000000000d500000x00d500000x00d50fffprivateTrue
private_0x0000000000d600000x00d600000x00d60fffprivateTrue
private_0x0000000000d700000x00d700000x00d70fffprivateTrue
private_0x0000000000d800000x00d800000x00d8ffffprivateTrue
private_0x0000000000d900000x00d900000x00e8ffffprivateTrue
private_0x0000000000e900000x00e900000x00e90fffprivateTrue
private_0x0000000000ea00000x00ea00000x00ea0fffprivateTrue
private_0x0000000000eb00000x00eb00000x00eb0fffprivateTrue
private_0x0000000000ec00000x00ec00000x00ec0fffprivateTrue
private_0x0000000000ed00000x00ed00000x00ed0fffprivateTrue
private_0x0000000000ee00000x00ee00000x00f5ffffprivateTrue
private_0x0000000000f600000x00f600000x00f60fffprivateTrue
private_0x0000000000f700000x00f700000x00f70fffprivateTrue
private_0x0000000000f800000x00f800000x00f80fffprivateTrue
private_0x0000000000f900000x00f900000x00f90fffprivateTrue
private_0x0000000000fa00000x00fa00000x00fa0fffprivateTrue
private_0x0000000000fb00000x00fb00000x00fb0fffprivateTrue
private_0x0000000000fc00000x00fc00000x00fc6fffprivateTrue
private_0x0000000000fd00000x00fd00000x00fd9fffprivateTrue
private_0x0000000000fe00000x00fe00000x00fe6fffprivateTrue
private_0x0000000000ff00000x00ff00000x01013fffprivateTrue
private_0x00000000010200000x010200000x01029fffprivateTrue
private_0x00000000010300000x010300000x01036fffprivateTrue
private_0x00000000010400000x010400000x01049fffprivateTrue
private_0x00000000010500000x010500000x01056fffprivateTrue
private_0x00000000010600000x010600000x01097fffprivateTrue
private_0x00000000010a00000x010a00000x010a9fffprivateTrue
private_0x00000000010b00000x010b00000x010b0fffprivateTrue
private_0x00000000010c00000x010c00000x010c0fffprivateTrue
private_0x00000000010d00000x010d00000x010d0fffprivateTrue
private_0x00000000010e00000x010e00000x010e0fffprivateTrue
private_0x00000000010f00000x010f00000x010f0fffprivateTrue
private_0x00000000011000000x011000000x01101fffprivateTrue
private_0x00000000011100000x011100000x01110fffprivateTrue
private_0x00000000011200000x011200000x01121fffprivateTrue
private_0x00000000011300000x011300000x01130fffprivateTrue
private_0x00000000011400000x011400000x01141fffprivateTrue
private_0x00000000011500000x011500000x01150fffprivateTrue
private_0x00000000011600000x011600000x01161fffprivateTrue
private_0x00000000011700000x011700000x01170fffprivateTrue
private_0x00000000011800000x011800000x01180fffprivateTrue
private_0x00000000011900000x011900000x01190fffprivateTrue
private_0x00000000011a00000x011a00000x011a0fffprivateTrue
private_0x00000000011b00000x011b00000x011b0fffprivateTrue
private_0x00000000011c00000x011c00000x011c0fffprivateTrue
private_0x00000000011d00000x011d00000x011d0fffprivateTrue
private_0x00000000011e00000x011e00000x011e0fffprivateTrue
private_0x00000000011f00000x011f00000x011f0fffprivateTrue
private_0x00000000012000000x012000000x01200fffprivateTrue
private_0x00000000012100000x012100000x01210fffprivateTrue
private_0x00000000012200000x012200000x01220fffprivateTrue
private_0x00000000012300000x012300000x01230fffprivateTrue
private_0x00000000012400000x012400000x01240fffprivateTrue
private_0x00000000012500000x012500000x01250fffprivateTrue
private_0x00000000012600000x012600000x01260fffprivateTrue
private_0x00000000012700000x012700000x01270fffprivateTrue
private_0x00000000012800000x012800000x01280fffprivateTrue
private_0x00000000012900000x012900000x0138ffffprivateTrue
private_0x00000000012900000x012900000x0138ffffprivateTrue
imageres.dll0x013900000x026e4fffmapped_fileFalse
private_0x00000000026f00000x026f00000x02701fffprivateTrue
pagefile_0x00000000027100000x027100000x02711fffpagefile_backedTrue
pagefile_0x00000000027200000x027200000x02721fffpagefile_backedTrue
pagefile_0x00000000027300000x027300000x02732fffpagefile_backedTrue
pagefile_0x00000000027400000x027400000x0274ffffpagefile_backedTrue
private_0x00000000027500000x027500000x027cffffprivateTrue
KernelBase.dll.mui0x027d00000x0288ffffmapped_fileFalse
pagefile_0x00000000028900000x028900000x02891fffpagefile_backedTrue
private_0x00000000028a00000x028a00000x028a0fffprivateTrue
private_0x00000000028b00000x028b00000x028b0fffprivateTrue
msctf.dll.mui0x028c00000x028c0fffmapped_fileFalse
oleaccrc.dll0x028d00000x028d0fffmapped_fileFalse
private_0x00000000028f00000x028f00000x028f0fffprivateTrue
private_0x00000000029200000x029200000x0299ffffprivateTrue
private_0x00000000029600000x029600000x029dffffprivateTrue
private_0x00000000029a00000x029a00000x029a0fffprivateTrue
private_0x00000000029b00000x029b00000x02a2ffffprivateTrue
private_0x0000000002a500000x02a500000x02acffffprivateTrue
private_0x0000000002b300000x02b300000x02baffffprivateTrue
private_0x0000000002bd00000x02bd00000x02c4ffffprivateTrue
private_0x0000000002c500000x02c500000x02ccffffprivateTrue
private_0x0000000002d000000x02d000000x02ffffffprivateTrue
pagefile_0x00000000030000000x030000000x030defffpagefile_backedTrue
private_0x00000000032000000x032000000x0327ffffprivateTrue
private_0x00000000033000000x033000000x033fffffprivateTrue
StaticCache.dat0x034000000x03d2ffffmapped_fileFalse
private_0x0000000003f600000x03f600000x0415ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
psapi.dll0x777d00000x777d6fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
LogonUI.exe0xfff400000xfff4afffmapped_fileFalse
UIAutomationCore.dll0x7fefb2300000x7fefb2e9fffmapped_fileFalse
oleacc.dll0x7fefb2f00000x7fefb343fffmapped_fileFalse
msimg32.dll0x7fefb3700000x7fefb376fffmapped_fileFalse
rtutils.dll0x7fefb3800000x7fefb390fffmapped_fileFalse
rasman.dll0x7fefb3a00000x7fefb3bbfffmapped_fileFalse
rasapi32.dll0x7fefb3c00000x7fefb421fffmapped_fileFalse
rasplap.dll0x7fefb4300000x7fefb497fffmapped_fileFalse
certCredProvider.dll0x7fefb4a00000x7fefb4c2fffmapped_fileFalse
samcli.dll0x7fefb4d00000x7fefb4e3fffmapped_fileFalse
wkscli.dll0x7fefb4f00000x7fefb504fffmapped_fileFalse
netutils.dll0x7fefb5100000x7fefb51bfffmapped_fileFalse
netapi32.dll0x7fefb5200000x7fefb535fffmapped_fileFalse
vaultcli.dll0x7fefb5400000x7fefb54dfffmapped_fileFalse
credui.dll0x7fefb5500000x7fefb583fffmapped_fileFalse
winbio.dll0x7fefb5900000x7fefb5a6fffmapped_fileFalse
BioCredProv.dll0x7fefb5b00000x7fefb5e1fffmapped_fileFalse
SmartcardCredentialProvider.dll0x7fefb5f00000x7fefb621fffmapped_fileFalse
VaultCredProvider.dll0x7fefb6300000x7fefb647fffmapped_fileFalse
wtsapi32.dll0x7fefb6500000x7fefb660fffmapped_fileFalse
winbrand.dll0x7fefb6700000x7fefb677fffmapped_fileFalse
WindowsCodecs.dll0x7fefb6800000x7fefb7e0fffmapped_fileFalse
xmllite.dll0x7fefb7f00000x7fefb824fffmapped_fileFalse
dwmapi.dll0x7fefb8300000x7fefb847fffmapped_fileFalse
MMDevAPI.dll0x7fefb8500000x7fefb89afffmapped_fileFalse
hid.dll0x7fefb8a00000x7fefb8aafffmapped_fileFalse
SndVolSSO.dll0x7fefb8b00000x7fefb8eafffmapped_fileFalse
duser.dll0x7fefb8f00000x7fefb932fffmapped_fileFalse
dui70.dll0x7fefb9400000x7fefba31fffmapped_fileFalse
GdiPlus.dll0x7fefba400000x7fefbc55fffmapped_fileFalse
uxtheme.dll0x7fefbc600000x7fefbcb5fffmapped_fileFalse
propsys.dll0x7fefbcc00000x7fefbdebfffmapped_fileFalse
samlib.dll0x7fefbdf00000x7fefbe0cfffmapped_fileFalse
shacct.dll0x7fefbe100000x7fefbe33fffmapped_fileFalse
comctl32.dll0x7fefbe400000x7fefc033fffmapped_fileFalse
cryptui.dll0x7fefc0400000x7fefc148fffmapped_fileFalse
authui.dll0x7fefc1500000x7fefc32dfffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
netjoin.dll0x7fefcd200000x7fefcd51fffmapped_fileFalse
srvcli.dll0x7fefcd800000x7fefcda2fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
winsta.dll0x7fefd2100000x7fefd24cfffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
msasn1.dll0x7fefd4100000x7fefd41efffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
crypt32.dll0x7fefd5e00000x7fefd74bfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
wintrust.dll0x7fefd7800000x7fefd7b9fffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffdafffprivateTrue
private_0x000007fffffdb0000x7fffffdb0000x7fffffdcfffprivateTrue
private_0x000007fffffdd0000x7fffffdd0000x7fffffdefffprivateTrue
private_0x000007fffffdf0000x7fffffdf0000x7fffffdffffprivateTrue
OS TIDs
0x620, 0x308, 0x314, 0x318, 0x31c, 0x320, 0x324, 0x32c, 0x338, 0x33c, 0x350
ID#21
OS PID0x344
OS Parent PID0x1c0
Image Namesvchost.exe
Page Root0x19f79000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
svchost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
private_0x00000000000600000x000600000x00060fffprivateTrue
private_0x00000000000700000x000700000x00070fffprivateTrue
setupapi.dll.mui0x000800000x0008cfffmapped_fileFalse
private_0x00000000000900000x000900000x0018ffffprivateTrue
locale.nls0x001900000x001f6fffmapped_fileFalse
private_0x00000000002000000x002000000x0027ffffprivateTrue
private_0x00000000002800000x002800000x0037ffffprivateTrue
pagefile_0x00000000003800000x003800000x0043ffffpagefile_backedTrue
pagefile_0x00000000004400000x004400000x00440fffpagefile_backedTrue
pagefile_0x00000000004500000x004500000x00450fffpagefile_backedTrue
private_0x00000000004600000x004600000x00460fffprivateTrue
private_0x00000000004700000x004700000x0047ffffprivateTrue
pagefile_0x00000000004800000x004800000x00607fffpagefile_backedTrue
pagefile_0x00000000006100000x006100000x00790fffpagefile_backedTrue
private_0x00000000007a00000x007a00000x007a0fffprivateTrue
private_0x00000000007b00000x007b00000x0082ffffprivateTrue
pagefile_0x00000000008300000x008300000x00831fffpagefile_backedTrue
private_0x00000000008400000x008400000x00842fffprivateTrue
private_0x00000000008500000x008500000x008cffffprivateTrue
pagefile_0x00000000008d00000x008d00000x008d1fffpagefile_backedTrue
pagefile_0x00000000008e00000x008e00000x008e1fffpagefile_backedTrue
private_0x00000000008e00000x008e00000x008e4fffprivateTrue
private_0x00000000008f00000x008f00000x0096ffffprivateTrue
private_0x00000000009300000x009300000x009affffprivateTrue
private_0x00000000009700000x009700000x00970fffprivateTrue
private_0x00000000009800000x009800000x00987fffprivateTrue
umrdp.dll.mui0x009800000x00982fffmapped_fileFalse
pagefile_0x00000000009900000x009900000x00991fffpagefile_backedTrue
private_0x00000000009a00000x009a00000x009affffprivateTrue
pagefile_0x00000000009b00000x009b00000x009b0fffpagefile_backedTrue
rasdlg.dll.mui0x009c00000x009dffffmapped_fileFalse
pagefile_0x00000000009e00000x009e00000x009e0fffpagefile_backedTrue
private_0x00000000009f00000x009f00000x00a6ffffprivateTrue
private_0x0000000000a800000x00a800000x00afffffprivateTrue
private_0x0000000000b000000x00b000000x00b7ffffprivateTrue
private_0x0000000000b400000x00b400000x00b4ffffprivateTrue
private_0x0000000000b700000x00b700000x00b7ffffprivateTrue
SortDefault.nls0x00b800000x00e4efffmapped_fileFalse
private_0x0000000000e600000x00e600000x00edffffprivateTrue
private_0x0000000000f000000x00f000000x00f7ffffprivateTrue
private_0x0000000000f900000x00f900000x0100ffffprivateTrue
private_0x00000000010100000x010100000x0108ffffprivateTrue
private_0x00000000010a00000x010a00000x010affffprivateTrue
private_0x00000000010b00000x010b00000x0112ffffprivateTrue
private_0x00000000011400000x011400000x011bffffprivateTrue
private_0x00000000011c00000x011c00000x0123ffffprivateTrue
private_0x00000000012500000x012500000x012cffffprivateTrue
private_0x00000000012a00000x012a00000x0131ffffprivateTrue
private_0x00000000012f00000x012f00000x0136ffffprivateTrue
private_0x00000000013000000x013000000x0137ffffprivateTrue
private_0x00000000013a00000x013a00000x0141ffffprivateTrue
private_0x00000000014700000x014700000x014effffprivateTrue
private_0x00000000015500000x015500000x0164ffffprivateTrue
private_0x00000000016e00000x016e00000x0175ffffprivateTrue
private_0x00000000016f00000x016f00000x0176ffffprivateTrue
private_0x00000000017700000x017700000x017effffprivateTrue
private_0x00000000017c00000x017c00000x0183ffffprivateTrue
private_0x00000000018400000x018400000x0193ffffprivateTrue
private_0x00000000019600000x019600000x019dffffprivateTrue
private_0x0000000001a100000x01a100000x01a1ffffprivateTrue
private_0x0000000001ad00000x01ad00000x01b4ffffprivateTrue
private_0x0000000001ba00000x01ba00000x01c1ffffprivateTrue
private_0x0000000001ba00000x01ba00000x01c1ffffprivateTrue
private_0x0000000001c200000x01c200000x01d1ffffprivateTrue
private_0x0000000001d200000x01d200000x01e1ffffprivateTrue
private_0x0000000001e200000x01e200000x01f1ffffprivateTrue
private_0x00000000020100000x020100000x0201ffffprivateTrue
private_0x00000000020200000x020200000x0211ffffprivateTrue
private_0x00000000021500000x021500000x0215ffffprivateTrue
private_0x00000000021d00000x021d00000x021dffffprivateTrue
private_0x00000000021f00000x021f00000x021fffffprivateTrue
private_0x00000000022000000x022000000x022fffffprivateTrue
private_0x00000000023800000x023800000x0238ffffprivateTrue
private_0x00000000024200000x024200000x0249ffffprivateTrue
private_0x00000000024a00000x024a00000x0259ffffprivateTrue
sfc.dll0x73e500000x73e52fffmapped_fileFalse
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
svchost.exe0xff2900000xff29afffmapped_fileFalse
eappcfg.dll0x7fef4cf00000x7fef4d33fffmapped_fileFalse
eappcfg.dll0x7fef4cf00000x7fef4d33fffmapped_fileFalse
eappcfg.dll0x7fef4d000000x7fef4d43fffmapped_fileFalse
eappcfg.dll0x7fef4d000000x7fef4d43fffmapped_fileFalse
onex.dll0x7fef4d400000x7fef4d7ffffmapped_fileFalse
onex.dll0x7fef4d400000x7fef4d7ffffmapped_fileFalse
eappprxy.dll0x7fef4d500000x7fef4d63fffmapped_fileFalse
eappprxy.dll0x7fef4d500000x7fef4d63fffmapped_fileFalse
onex.dll0x7fef4d700000x7fef4daffffmapped_fileFalse
eappcfg.dll0x7fef4d700000x7fef4db3fffmapped_fileFalse
onex.dll0x7fef4d700000x7fef4daffffmapped_fileFalse
wlanhlp.dll0x7fef4d800000x7fef4da0fffmapped_fileFalse
wlanhlp.dll0x7fef4d800000x7fef4da0fffmapped_fileFalse
wlanhlp.dll0x7fef4db00000x7fef4dd0fffmapped_fileFalse
wlanhlp.dll0x7fef4db00000x7fef4dd0fffmapped_fileFalse
dot3api.dll0x7fef4dc00000x7fef4dd7fffmapped_fileFalse
eappprxy.dll0x7fef4dc00000x7fef4dd3fffmapped_fileFalse
eappprxy.dll0x7fef4dc00000x7fef4dd3fffmapped_fileFalse
eappcfg.dll0x7fef5eb00000x7fef5ef3fffmapped_fileFalse
onex.dll0x7fef5f000000x7fef5f3ffffmapped_fileFalse
wlanhlp.dll0x7fef5f400000x7fef5f60fffmapped_fileFalse
eappcfg.dll0x7fef5fb00000x7fef5ff3fffmapped_fileFalse
onex.dll0x7fef60000000x7fef603ffffmapped_fileFalse
eappprxy.dll0x7fef60600000x7fef6073fffmapped_fileFalse
eappcfg.dll0x7fef60600000x7fef60a3fffmapped_fileFalse
eappprxy.dll0x7fef60700000x7fef6083fffmapped_fileFalse
wlanhlp.dll0x7fef60800000x7fef60a0fffmapped_fileFalse
wlanapi.dll0x7fef60900000x7fef60affffmapped_fileFalse
rasapi32.dll0x7fef65c00000x7fef6621fffmapped_fileFalse
mprapi.dll0x7fef66300000x7fef6669fffmapped_fileFalse
rasdlg.dll0x7fef66700000x7fef6747fffmapped_fileFalse
netman.dll0x7fef67500000x7fef67abfffmapped_fileFalse
netshell.dll0x7fef69700000x7fef6bfafffmapped_fileFalse
wlanapi.dll0x7fef73500000x7fef736ffffmapped_fileFalse
wlanapi.dll0x7fef73500000x7fef736ffffmapped_fileFalse
wlanapi.dll0x7fef73500000x7fef736ffffmapped_fileFalse
wlanapi.dll0x7fef73500000x7fef736ffffmapped_fileFalse
wlanapi.dll0x7fef73500000x7fef736ffffmapped_fileFalse
dot3api.dll0x7fef73500000x7fef7367fffmapped_fileFalse
wlanutil.dll0x7fef73600000x7fef7366fffmapped_fileFalse
winspool.drv0x7fef77100000x7fef7780fffmapped_fileFalse
umrdp.dll0x7fef77900000x7fef77c8fffmapped_fileFalse
Apphlpdm.dll0x7fef7dd00000x7fef7ddbfffmapped_fileFalse
wer.dll0x7fef7e100000x7fef7e8bfffmapped_fileFalse
wdi.dll0x7fef82500000x7fef8268fffmapped_fileFalse
hnetcfg.dll0x7fef84f00000x7fef855afffmapped_fileFalse
wbemsvc.dll0x7fef86800000x7fef8693fffmapped_fileFalse
netcfgx.dll0x7fef88600000x7fef88e3fffmapped_fileFalse
wbemprox.dll0x7fef88f00000x7fef88fefffmapped_fileFalse
ntdsapi.dll0x7fef89000000x7fef8926fffmapped_fileFalse
fastprox.dll0x7fef89300000x7fef8a11fffmapped_fileFalse
wbemcomn.dll0x7fef8ba00000x7fef8c25fffmapped_fileFalse
trkwks.dll0x7fef8c700000x7fef8c91fffmapped_fileFalse
sysmain.dll0x7fef8ca00000x7fef8e4dfffmapped_fileFalse
sfc_os.dll0x7fef8e500000x7fef8e5ffffmapped_fileFalse
aepic.dll0x7fef8e600000x7fef8e71fffmapped_fileFalse
pcasvc.dll0x7fef8e800000x7fef8eb1fffmapped_fileFalse
uxsms.dll0x7fefa3e00000x7fefa3effffmapped_fileFalse
cscobj.dll0x7fefa3f00000x7fefa42efffmapped_fileFalse
wlanutil.dll0x7fefa8900000x7fefa896fffmapped_fileFalse
wlanutil.dll0x7fefa8900000x7fefa896fffmapped_fileFalse
wlanutil.dll0x7fefa8900000x7fefa896fffmapped_fileFalse
wlanutil.dll0x7fefa8900000x7fefa896fffmapped_fileFalse
wlanutil.dll0x7fefa8900000x7fefa896fffmapped_fileFalse
rasman.dll0x7fefa8a00000x7fefa8bbfffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
dsrole.dll0x7fefac500000x7fefac5bfffmapped_fileFalse
atl.dll0x7fefac600000x7fefac78fffmapped_fileFalse
atl.dll0x7fefac600000x7fefac78fffmapped_fileFalse
atl.dll0x7fefac600000x7fefac78fffmapped_fileFalse
nlaapi.dll0x7fefacc00000x7fefacd4fffmapped_fileFalse
mstask.dll0x7fefadb00000x7fefadecfffmapped_fileFalse
taskschd.dll0x7fefadf00000x7fefaf16fffmapped_fileFalse
PeerDist.dll0x7fefaf200000x7fefaf4ffffmapped_fileFalse
cscsvc.dll0x7fefaf500000x7fefaffbfffmapped_fileFalse
powrprof.dll0x7fefb1500000x7fefb17bfffmapped_fileFalse
audiosrv.dll0x7fefb1800000x7fefb22bfffmapped_fileFalse
avrt.dll0x7fefb3600000x7fefb368fffmapped_fileFalse
rtutils.dll0x7fefb3800000x7fefb390fffmapped_fileFalse
wtsapi32.dll0x7fefb6500000x7fefb660fffmapped_fileFalse
MMDevAPI.dll0x7fefb8500000x7fefb89afffmapped_fileFalse
propsys.dll0x7fefbcc00000x7fefbdebfffmapped_fileFalse
comctl32.dll0x7fefbe400000x7fefc033fffmapped_fileFalse
ntmarta.dll0x7fefc3300000x7fefc35cfffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
gpapi.dll0x7fefc6c00000x7fefc6dafffmapped_fileFalse
devrtl.dll0x7fefc6e00000x7fefc6f1fffmapped_fileFalse
pcwum.dll0x7fefc8200000x7fefc82cfffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
authz.dll0x7fefced00000x7fefcefefffmapped_fileFalse
wevtapi.dll0x7fefcf100000x7fefcf7cfffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
winsta.dll0x7fefd2100000x7fefd24cfffmapped_fileFalse
apphelp.dll0x7fefd2500000x7fefd2a6fffmapped_fileFalse
apphelp.dll0x7fefd2500000x7fefd2a6fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
msasn1.dll0x7fefd4100000x7fefd41efffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
crypt32.dll0x7fefd5e00000x7fefd74bfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
wintrust.dll0x7fefd7800000x7fefd7b9fffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffff940000x7fffff940000x7fffff95fffprivateTrue
private_0x000007fffff960000x7fffff960000x7fffff97fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9c0000x7fffff9c0000x7fffff9dfffprivateTrue
private_0x000007fffff9e0000x7fffff9e0000x7fffff9ffffprivateTrue
private_0x000007fffffa00000x7fffffa00000x7fffffa1fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffdcfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x10c, 0x108, 0x128, 0x13c, 0x154, 0x5c4, 0x604, 0xe4, 0x184, 0x618, 0x620, 0x624, 0x41c, 0x420, 0x348, 0x34c, 0x364, 0x368, 0x36c, 0x37c, 0x380, 0x384, 0x610, 0x394, 0x3a0, 0x7d4, 0x614, 0x3b0, 0x3b8, 0x3c4, 0x7b0, 0x3dc, 0x3ec, 0x3f8, 0x3fc, 0x350, 0x758
ID#22
OS PID0x370
OS Parent PID0x1c0
Image Namesvchost.exe
Page Root0x15742000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\svchost.exe -k LocalService
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
svchost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
pagefile_0x00000000000f00000x000f00000x000f0fffpagefile_backedTrue
es.dll0x001000000x00110fffmapped_fileFalse
stdole2.tlb0x001200000x00123fffmapped_fileFalse
private_0x00000000001300000x001300000x001affffprivateTrue
private_0x00000000001b00000x001b00000x002affffprivateTrue
private_0x00000000002b00000x002b00000x002b2fffprivateTrue
private_0x00000000002c00000x002c00000x003bffffprivateTrue
pagefile_0x00000000003c00000x003c00000x0047ffffpagefile_backedTrue
~FontCache-System.dat0x004800000x004cefffmapped_fileFalse
private_0x00000000004d00000x004d00000x004dffffprivateTrue
pagefile_0x00000000004e00000x004e00000x00667fffpagefile_backedTrue
pagefile_0x00000000006700000x006700000x007f0fffpagefile_backedTrue
netprofm.dll.mui0x008000000x00801fffmapped_fileFalse
private_0x00000000008000000x008000000x00804fffprivateTrue
private_0x00000000008100000x008100000x00810fffprivateTrue
pagefile_0x00000000008200000x008200000x00821fffpagefile_backedTrue
private_0x00000000008200000x008200000x00827fffprivateTrue
private_0x00000000008900000x008900000x0090ffffprivateTrue
private_0x00000000009300000x009300000x009affffprivateTrue
private_0x00000000009e00000x009e00000x00a5ffffprivateTrue
private_0x0000000000ad00000x00ad00000x00b4ffffprivateTrue
private_0x0000000000b500000x00b500000x00c4ffffprivateTrue
private_0x0000000000bc00000x00bc00000x00c3ffffprivateTrue
private_0x0000000000bf00000x00bf00000x00c6ffffprivateTrue
SortDefault.nls0x00c700000x00f3efffmapped_fileFalse
private_0x0000000000f600000x00f600000x00fdffffprivateTrue
private_0x00000000010300000x010300000x010affffprivateTrue
~FontCache-FontFace.dat0x010b00000x020affffmapped_fileFalse
private_0x00000000020b00000x020b00000x0212ffffprivateTrue
private_0x00000000021300000x021300000x021affffprivateTrue
private_0x00000000021b00000x021b00000x022affffprivateTrue
private_0x00000000022d00000x022d00000x0234ffffprivateTrue
private_0x00000000023000000x023000000x0237ffffprivateTrue
private_0x00000000023b00000x023b00000x0242ffffprivateTrue
private_0x00000000023b00000x023b00000x0242ffffprivateTrue
private_0x00000000024400000x024400000x024bffffprivateTrue
private_0x00000000024a00000x024a00000x0251ffffprivateTrue
private_0x00000000024e00000x024e00000x024effffprivateTrue
private_0x00000000025100000x025100000x0258ffffprivateTrue
private_0x00000000025a00000x025a00000x0269ffffprivateTrue
KernelBase.dll.mui0x026a00000x0275ffffmapped_fileFalse
private_0x00000000027800000x027800000x027fffffprivateTrue
private_0x00000000028000000x028000000x0287ffffprivateTrue
private_0x00000000028b00000x028b00000x0292ffffprivateTrue
private_0x00000000029300000x029300000x029affffprivateTrue
private_0x0000000002a000000x02a000000x02a0ffffprivateTrue
private_0x0000000002a100000x02a100000x02b0ffffprivateTrue
private_0x0000000002b600000x02b600000x02bdffffprivateTrue
private_0x0000000002c800000x02c800000x02cfffffprivateTrue
private_0x0000000002e500000x02e500000x02e5ffffprivateTrue
sfc.dll0x73e500000x73e52fffmapped_fileFalse
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
svchost.exe0xff2900000xff29afffmapped_fileFalse
winrnr.dll0x7fef76300000x7fef763afffmapped_fileFalse
pnrpnsp.dll0x7fef76400000x7fef7658fffmapped_fileFalse
NapiNSP.dll0x7fef76600000x7fef7674fffmapped_fileFalse
wer.dll0x7fef7e100000x7fef7e8bfffmapped_fileFalse
perftrack.dll0x7fef7e900000x7fef7f67fffmapped_fileFalse
npmproxy.dll0x7fef82400000x7fef824bfffmapped_fileFalse
wdi.dll0x7fef82500000x7fef8268fffmapped_fileFalse
netprofm.dll0x7fef82900000x7fef8303fffmapped_fileFalse
sfc_os.dll0x7fef8e500000x7fef8e5ffffmapped_fileFalse
aepic.dll0x7fef8e600000x7fef8e71fffmapped_fileFalse
nsisvc.dll0x7fef9f000000x7fef9f09fffmapped_fileFalse
webio.dll0x7fefa7600000x7fefa7c3fffmapped_fileFalse
winhttp.dll0x7fefa7d00000x7fefa840fffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
es.dll0x7fefabd00000x7fefac36fffmapped_fileFalse
nlaapi.dll0x7fefacc00000x7fefacd4fffmapped_fileFalse
FntCache.dll0x7fefb0200000x7fefb143fffmapped_fileFalse
dwmapi.dll0x7fefb8300000x7fefb847fffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
gpapi.dll0x7fefc6c00000x7fefc6dafffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
dnsapi.dll0x7fefca300000x7fefca8afffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
sxs.dll0x7fefd2c00000x7fefd350fffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9c0000x7fffff9c0000x7fffff9dfffprivateTrue
private_0x000007fffff9e0000x7fffff9e0000x7fffff9ffffprivateTrue
private_0x000007fffffa00000x7fffffa00000x7fffffa1fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdafffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x770, 0x590, 0x120, 0x14c, 0x7a8, 0x11c, 0x5ec, 0x414, 0x374, 0x378, 0x52c, 0x6dc, 0x6e8, 0x6ec, 0x388, 0x38c, 0x390, 0x704, 0x708, 0x3a4, 0x714, 0x75c, 0x3a8, 0x76c
ID#23
OS PID0x398
OS Parent PID0x1c0
Image Namesvchost.exe
Page Root0x1570c000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\svchost.exe -k netsvcs
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
svchost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x001dffffprivateTrue
private_0x00000000001e00000x001e00000x001e0fffprivateTrue
pagefile_0x00000000001f00000x001f00000x001f0fffpagefile_backedTrue
private_0x00000000002000000x002000000x0027ffffprivateTrue
pagefile_0x00000000002800000x002800000x00280fffpagefile_backedTrue
pagefile_0x00000000002900000x002900000x00290fffpagefile_backedTrue
private_0x00000000002a00000x002a00000x002affffprivateTrue
private_0x00000000002b00000x002b00000x003affffprivateTrue
pagefile_0x00000000003b00000x003b00000x00537fffpagefile_backedTrue
pagefile_0x00000000005400000x005400000x006c0fffpagefile_backedTrue
pagefile_0x00000000006d00000x006d00000x0078ffffpagefile_backedTrue
setupapi.dll.mui0x007900000x0079cfffmapped_fileFalse
taskcomp.dll.mui0x007a00000x007a3fffmapped_fileFalse
schedsvc.dll.mui0x007b00000x007b9fffmapped_fileFalse
private_0x00000000007c00000x007c00000x007c0fffprivateTrue
pagefile_0x00000000007d00000x007d00000x007d1fffpagefile_backedTrue
cversions.2.db0x007e00000x007e3fffmapped_fileTrue
pagefile_0x00000000007f00000x007f00000x007f1fffpagefile_backedTrue
cversions.2.db0x008000000x00803fffmapped_fileTrue
propsys.dll.mui0x008100000x0081dfffmapped_fileFalse
private_0x00000000008200000x008200000x0089ffffprivateTrue
private_0x00000000008a00000x008a00000x0091ffffprivateTrue
{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000013.db0x009200000x0094ffffmapped_fileTrue
wshtcpip.dll.mui0x009500000x00950fffmapped_fileFalse
wship6.dll.mui0x009600000x00960fffmapped_fileFalse
private_0x00000000009700000x009700000x00972fffprivateTrue
private_0x00000000009800000x009800000x00984fffprivateTrue
vsstrace.dll.mui0x009800000x00987fffmapped_fileFalse
private_0x00000000009900000x009900000x00a0ffffprivateTrue
private_0x00000000009900000x009900000x00a0ffffprivateTrue
private_0x0000000000a100000x00a100000x00a8ffffprivateTrue
private_0x0000000000a900000x00a900000x00a90fffprivateTrue
private_0x0000000000aa00000x00aa00000x00aa7fffprivateTrue
pagefile_0x0000000000aa00000x00aa00000x00aa0fffpagefile_backedTrue
private_0x0000000000ab00000x00ab00000x00abffffprivateTrue
pagefile_0x0000000000ac00000x00ac00000x00ac0fffpagefile_backedTrue
certprop.dll.mui0x00ad00000x00ad1fffmapped_fileFalse
private_0x0000000000ae00000x00ae00000x00b5ffffprivateTrue
SortDefault.nls0x00b600000x00e2efffmapped_fileFalse
private_0x0000000000e500000x00e500000x00ecffffprivateTrue
private_0x0000000000f300000x00f300000x00faffffprivateTrue
private_0x0000000000fc00000x00fc00000x0103ffffprivateTrue
private_0x00000000010400000x010400000x010bffffprivateTrue
private_0x00000000010c00000x010c00000x0113ffffprivateTrue
private_0x00000000011400000x011400000x011bffffprivateTrue
{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db0x011c00000x01225fffmapped_fileTrue
private_0x00000000012300000x012300000x012affffprivateTrue
private_0x00000000012e00000x012e00000x0135ffffprivateTrue
private_0x00000000013800000x013800000x013fffffprivateTrue
private_0x00000000014500000x014500000x014cffffprivateTrue
private_0x00000000014e00000x014e00000x0155ffffprivateTrue
private_0x00000000015700000x015700000x015effffprivateTrue
private_0x00000000016600000x016600000x016dffffprivateTrue
private_0x00000000017400000x017400000x017bffffprivateTrue
private_0x00000000018200000x018200000x0189ffffprivateTrue
private_0x00000000018f00000x018f00000x0196ffffprivateTrue
private_0x00000000019700000x019700000x019effffprivateTrue
private_0x0000000001a000000x01a000000x01a7ffffprivateTrue
private_0x0000000001a300000x01a300000x01aaffffprivateTrue
private_0x0000000001a400000x01a400000x01abffffprivateTrue
private_0x0000000001ac00000x01ac00000x01bbffffprivateTrue
private_0x0000000001bd00000x01bd00000x01c4ffffprivateTrue
private_0x0000000001cb00000x01cb00000x01d2ffffprivateTrue
private_0x0000000001d600000x01d600000x01ddffffprivateTrue
private_0x0000000001d600000x01d600000x01ddffffprivateTrue
private_0x0000000001de00000x01de00000x01e5ffffprivateTrue
private_0x0000000001e600000x01e600000x01f5ffffprivateTrue
private_0x0000000001f700000x01f700000x01feffffprivateTrue
private_0x00000000020000000x020000000x020fffffprivateTrue
private_0x00000000021000000x021000000x021fffffprivateTrue
private_0x00000000022300000x022300000x022affffprivateTrue
private_0x00000000022b00000x022b00000x0232ffffprivateTrue
private_0x00000000023900000x023900000x0240ffffprivateTrue
private_0x00000000024400000x024400000x024bffffprivateTrue
private_0x00000000024e00000x024e00000x0255ffffprivateTrue
private_0x00000000025800000x025800000x025fffffprivateTrue
pagefile_0x00000000026000000x026000000x026fffffpagefile_backedTrue
private_0x00000000027500000x027500000x027cffffprivateTrue
private_0x00000000028400000x028400000x028bffffprivateTrue
private_0x00000000029100000x029100000x0298ffffprivateTrue
private_0x00000000029a00000x029a00000x02a1ffffprivateTrue
private_0x0000000002a200000x02a200000x02b1ffffprivateTrue
private_0x0000000002b600000x02b600000x02bdffffprivateTrue
private_0x0000000002be00000x02be00000x02beffffprivateTrue
private_0x0000000002bf00000x02bf00000x02ceffffprivateTrue
private_0x0000000002cf00000x02cf00000x02d6ffffprivateTrue
private_0x0000000002d800000x02d800000x02d8ffffprivateTrue
private_0x0000000002e000000x02e000000x02e7ffffprivateTrue
private_0x0000000002ec00000x02ec00000x02f3ffffprivateTrue
private_0x0000000002f500000x02f500000x02fcffffprivateTrue
private_0x0000000002ff00000x02ff00000x0306ffffprivateTrue
private_0x00000000030000000x030000000x0307ffffprivateTrue
private_0x00000000030800000x030800000x030fffffprivateTrue
private_0x00000000031000000x031000000x0317ffffprivateTrue
private_0x00000000031800000x031800000x031fffffprivateTrue
private_0x00000000032000000x032000000x0327ffffprivateTrue
private_0x00000000032e00000x032e00000x0335ffffprivateTrue
private_0x00000000033600000x033600000x033dffffprivateTrue
private_0x00000000033e00000x033e00000x034dffffprivateTrue
private_0x00000000035300000x035300000x035affffprivateTrue
private_0x00000000036100000x036100000x0368ffffprivateTrue
private_0x00000000037000000x037000000x0370ffffprivateTrue
private_0x00000000037100000x037100000x0390ffffprivateTrue
private_0x00000000039200000x039200000x0399ffffprivateTrue
private_0x0000000003a400000x03a400000x03abffffprivateTrue
private_0x0000000003ae00000x03ae00000x03b5ffffprivateTrue
private_0x0000000003b900000x03b900000x03c0ffffprivateTrue
private_0x0000000003cc00000x03cc00000x03d3ffffprivateTrue
private_0x0000000003d600000x03d600000x03ddffffprivateTrue
private_0x0000000003e800000x03e800000x03efffffprivateTrue
private_0x0000000003f800000x03f800000x03ffffffprivateTrue
private_0x00000000040200000x040200000x0409ffffprivateTrue
private_0x00000000040a00000x040a00000x0411ffffprivateTrue
private_0x00000000042d00000x042d00000x0434ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
svchost.exe0xff2900000xff29afffmapped_fileFalse
SessEnv.dll0x7fef76800000x7fef76a3fffmapped_fileFalse
certprop.dll0x7fef76b00000x7fef76c6fffmapped_fileFalse
npmproxy.dll0x7fef82400000x7fef824bfffmapped_fileFalse
rasadhlp.dll0x7fef82800000x7fef8287fffmapped_fileFalse
netprofm.dll0x7fef82900000x7fef8303fffmapped_fileFalse
wbemess.dll0x7fef83100000x7fef838dfffmapped_fileFalse
resutils.dll0x7fef83900000x7fef83a8fffmapped_fileFalse
clusapi.dll0x7fef83b00000x7fef83fffffmapped_fileFalse
sscore.dll0x7fef84000000x7fef8407fffmapped_fileFalse
ncobjapi.dll0x7fef84100000x7fef8425fffmapped_fileFalse
WmiPrvSD.dll0x7fef84300000x7fef84ebfffmapped_fileFalse
hnetcfg.dll0x7fef84f00000x7fef855afffmapped_fileFalse
repdrvfs.dll0x7fef85600000x7fef85d2fffmapped_fileFalse
wmiutils.dll0x7fef85e00000x7fef8605fffmapped_fileFalse
browser.dll0x7fef86100000x7fef8634fffmapped_fileFalse
srvsvc.dll0x7fef86400000x7fef867cfffmapped_fileFalse
wbemsvc.dll0x7fef86800000x7fef8693fffmapped_fileFalse
esscli.dll0x7fef86a00000x7fef870efffmapped_fileFalse
wbemcore.dll0x7fef87100000x7fef883efffmapped_fileFalse
nci.dll0x7fef88400000x7fef8859fffmapped_fileFalse
netcfgx.dll0x7fef88600000x7fef88e3fffmapped_fileFalse
wbemprox.dll0x7fef88f00000x7fef88fefffmapped_fileFalse
ntdsapi.dll0x7fef89000000x7fef8926fffmapped_fileFalse
fastprox.dll0x7fef89300000x7fef8a11fffmapped_fileFalse
wdscore.dll0x7fef8a600000x7fef8aa6fffmapped_fileFalse
sqmapi.dll0x7fef8ab00000x7fef8af1fffmapped_fileFalse
iphlpsvc.dll0x7fef8b000000x7fef8b91fffmapped_fileFalse
wbemcomn.dll0x7fef8ba00000x7fef8c25fffmapped_fileFalse
WMIsvc.dll0x7fef8c300000x7fef8c6ffffmapped_fileFalse
IKEEXT.DLL0x7fef93900000x7fef9466fffmapped_fileFalse
vpnikeapi.dll0x7fef96400000x7fef964dfffmapped_fileFalse
vsstrace.dll0x7fef97100000x7fef9726fffmapped_fileFalse
vssapi.dll0x7fef97300000x7fef98dffffmapped_fileFalse
taskcomp.dll0x7fef9ae00000x7fef9b56fffmapped_fileFalse
ktmw32.dll0x7fef9b600000x7fef9b69fffmapped_fileFalse
schedsvc.dll0x7fef9b700000x7fef9c81fffmapped_fileFalse
wiarpc.dll0x7fef9c900000x7fef9c9efffmapped_fileFalse
fvecerts.dll0x7fef9ca00000x7fef9ca8fffmapped_fileFalse
tbs.dll0x7fef9cb00000x7fef9cb8fffmapped_fileFalse
fveapi.dll0x7fef9cc00000x7fef9d15fffmapped_fileFalse
shsvcs.dll0x7fef9d200000x7fef9d7dfffmapped_fileFalse
dhcpcsvc.dll0x7fef9d800000x7fef9d97fffmapped_fileFalse
dhcpcsvc6.dll0x7fef9da00000x7fef9db0fffmapped_fileFalse
FWPUCLNT.DLL0x7fef9dd00000x7fef9e22fffmapped_fileFalse
WinSCard.dll0x7fefa8500000x7fefa887fffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
Sens.dll0x7fefaba00000x7fefabb3fffmapped_fileFalse
es.dll0x7fefabd00000x7fefac36fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
dsrole.dll0x7fefac500000x7fefac5bfffmapped_fileFalse
atl.dll0x7fefac600000x7fefac78fffmapped_fileFalse
profsvc.dll0x7fefac800000x7fefacb6fffmapped_fileFalse
nlaapi.dll0x7fefacc00000x7fefacd4fffmapped_fileFalse
mmcss.dll0x7fefb0000000x7fefb01cfffmapped_fileFalse
themeservice.dll0x7fefb3500000x7fefb35ffffmapped_fileFalse
avrt.dll0x7fefb3600000x7fefb368fffmapped_fileFalse
rtutils.dll0x7fefb3800000x7fefb390fffmapped_fileFalse
samcli.dll0x7fefb4d00000x7fefb4e3fffmapped_fileFalse
wkscli.dll0x7fefb4f00000x7fefb504fffmapped_fileFalse
netutils.dll0x7fefb5100000x7fefb51bfffmapped_fileFalse
netapi32.dll0x7fefb5200000x7fefb535fffmapped_fileFalse
wtsapi32.dll0x7fefb6500000x7fefb660fffmapped_fileFalse
xmllite.dll0x7fefb7f00000x7fefb824fffmapped_fileFalse
uxtheme.dll0x7fefbc600000x7fefbcb5fffmapped_fileFalse
propsys.dll0x7fefbcc00000x7fefbdebfffmapped_fileFalse
samlib.dll0x7fefbdf00000x7fefbe0cfffmapped_fileFalse
comctl32.dll0x7fefbe400000x7fefc033fffmapped_fileFalse
ntmarta.dll0x7fefc3300000x7fefc35cfffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
FirewallAPI.dll0x7fefc5100000x7fefc5cafffmapped_fileFalse
WSHTCPIP.DLL0x7fefc5d00000x7fefc5d6fffmapped_fileFalse
gpapi.dll0x7fefc6c00000x7fefc6dafffmapped_fileFalse
devrtl.dll0x7fefc6e00000x7fefc6f1fffmapped_fileFalse
ubpm.dll0x7fefc7d00000x7fefc808fffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
pcwum.dll0x7fefc8200000x7fefc82cfffmapped_fileFalse
bcryptprimitives.dll0x7fefc8500000x7fefc89bfffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
logoncli.dll0x7fefca000000x7fefca2ffffmapped_fileFalse
dnsapi.dll0x7fefca300000x7fefca8afffmapped_fileFalse
wship6.dll0x7fefcba00000x7fefcba6fffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
netjoin.dll0x7fefcd200000x7fefcd51fffmapped_fileFalse
wmsgapi.dll0x7fefcd600000x7fefcd67fffmapped_fileFalse
sysntfy.dll0x7fefcd700000x7fefcd79fffmapped_fileFalse
srvcli.dll0x7fefcd800000x7fefcda2fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
bcrypt.dll0x7fefce500000x7fefce71fffmapped_fileFalse
ncrypt.dll0x7fefce800000x7fefceccfffmapped_fileFalse
authz.dll0x7fefced00000x7fefcefefffmapped_fileFalse
wevtapi.dll0x7fefcf100000x7fefcf7cfffmapped_fileFalse
cryptdll.dll0x7fefcf800000x7fefcf93fffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
winsta.dll0x7fefd2100000x7fefd24cfffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
sxs.dll0x7fefd2c00000x7fefd350fffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
msasn1.dll0x7fefd4100000x7fefd41efffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
crypt32.dll0x7fefd5e00000x7fefd74bfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
wintrust.dll0x7fefd7800000x7fefd7b9fffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffff580000x7fffff580000x7fffff59fffprivateTrue
private_0x000007fffff5a0000x7fffff5a0000x7fffff5bfffprivateTrue
private_0x000007fffff5c0000x7fffff5c0000x7fffff5dfffprivateTrue
private_0x000007fffff5e0000x7fffff5e0000x7fffff5ffffprivateTrue
private_0x000007fffff600000x7fffff600000x7fffff61fffprivateTrue
private_0x000007fffff620000x7fffff620000x7fffff63fffprivateTrue
private_0x000007fffff640000x7fffff640000x7fffff65fffprivateTrue
private_0x000007fffff660000x7fffff660000x7fffff67fffprivateTrue
private_0x000007fffff680000x7fffff680000x7fffff69fffprivateTrue
private_0x000007fffff6a0000x7fffff6a0000x7fffff6bfffprivateTrue
private_0x000007fffff6c0000x7fffff6c0000x7fffff6dfffprivateTrue
private_0x000007fffff6e0000x7fffff6e0000x7fffff6ffffprivateTrue
private_0x000007fffff700000x7fffff700000x7fffff71fffprivateTrue
private_0x000007fffff720000x7fffff720000x7fffff73fffprivateTrue
private_0x000007fffff740000x7fffff740000x7fffff75fffprivateTrue
private_0x000007fffff760000x7fffff760000x7fffff77fffprivateTrue
private_0x000007fffff780000x7fffff780000x7fffff79fffprivateTrue
private_0x000007fffff7a0000x7fffff7a0000x7fffff7bfffprivateTrue
private_0x000007fffff7c0000x7fffff7c0000x7fffff7dfffprivateTrue
private_0x000007fffff7e0000x7fffff7e0000x7fffff7ffffprivateTrue
private_0x000007fffff800000x7fffff800000x7fffff81fffprivateTrue
private_0x000007fffff820000x7fffff820000x7fffff83fffprivateTrue
private_0x000007fffff820000x7fffff820000x7fffff83fffprivateTrue
private_0x000007fffff840000x7fffff840000x7fffff85fffprivateTrue
private_0x000007fffff860000x7fffff860000x7fffff87fffprivateTrue
private_0x000007fffff880000x7fffff880000x7fffff89fffprivateTrue
private_0x000007fffff8a0000x7fffff8a0000x7fffff8bfffprivateTrue
private_0x000007fffff8c0000x7fffff8c0000x7fffff8dfffprivateTrue
private_0x000007fffff8e0000x7fffff8e0000x7fffff8ffffprivateTrue
private_0x000007fffff900000x7fffff900000x7fffff91fffprivateTrue
private_0x000007fffff920000x7fffff920000x7fffff93fffprivateTrue
private_0x000007fffff920000x7fffff920000x7fffff93fffprivateTrue
private_0x000007fffff940000x7fffff940000x7fffff95fffprivateTrue
private_0x000007fffff960000x7fffff960000x7fffff97fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9c0000x7fffff9c0000x7fffff9dfffprivateTrue
private_0x000007fffff9e0000x7fffff9e0000x7fffff9ffffprivateTrue
private_0x000007fffffa00000x7fffffa00000x7fffffa1fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x118, 0x114, 0x124, 0x790, 0x5a4, 0x5ac, 0x79c, 0x7a0, 0x5bc, 0x1b8, 0x77c, 0x1cc, 0x228, 0x7d8, 0x7d4, 0x680, 0x7e4, 0x7f0, 0x7f4, 0x60c, 0x61c, 0x628, 0x734, 0x634, 0x690, 0x63c, 0x640, 0x644, 0x648, 0x64c, 0x650, 0x658, 0x65c, 0x660, 0x664, 0x668, 0x66c, 0x674, 0x464, 0x67c, 0x46c, 0x684, 0x474, 0x68c, 0x47c, 0x480, 0x698, 0x69c, 0x498, 0x69c, 0x32c, 0x6e4, 0x780, 0x39c, 0x3ac, 0x3b4, 0x724, 0x3bc, 0x3c0, 0x3c8
ID#24
OS PID0x3e0
OS Parent PID0x1c0
Image Namesvchost.exe
Page Root0x15054000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\svchost.exe -k GPSvcGroup
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
svchost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
private_0x00000000000600000x000600000x00060fffprivateTrue
private_0x00000000000700000x000700000x0016ffffprivateTrue
locale.nls0x001700000x001d6fffmapped_fileFalse
private_0x00000000001e00000x001e00000x0025ffffprivateTrue
private_0x00000000002600000x002600000x00260fffprivateTrue
gpsvc.dll.mui0x002700000x0027afffmapped_fileFalse
private_0x00000000002800000x002800000x00282fffprivateTrue
private_0x00000000002900000x002900000x00294fffprivateTrue
private_0x00000000002a00000x002a00000x002a0fffprivateTrue
private_0x00000000002b00000x002b00000x002b7fffprivateTrue
private_0x00000000003000000x003000000x0030ffffprivateTrue
private_0x00000000003100000x003100000x0040ffffprivateTrue
pagefile_0x00000000004100000x004100000x00597fffpagefile_backedTrue
pagefile_0x00000000005a00000x005a00000x00720fffpagefile_backedTrue
pagefile_0x00000000007300000x007300000x007effffpagefile_backedTrue
private_0x00000000008000000x008000000x0087ffffprivateTrue
private_0x00000000008b00000x008b00000x0092ffffprivateTrue
private_0x00000000009300000x009300000x009affffprivateTrue
private_0x00000000009e00000x009e00000x00a5ffffprivateTrue
SortDefault.nls0x00a600000x00d2efffmapped_fileFalse
private_0x0000000000d800000x00d800000x00dfffffprivateTrue
private_0x0000000000e100000x00e100000x00e1ffffprivateTrue
private_0x0000000000fc00000x00fc00000x0103ffffprivateTrue
private_0x00000000010a00000x010a00000x0111ffffprivateTrue
private_0x00000000011500000x011500000x011cffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
svchost.exe0xff2900000xff29afffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
dsrole.dll0x7fefac500000x7fefac5bfffmapped_fileFalse
nlaapi.dll0x7fefacc00000x7fefacd4fffmapped_fileFalse
gpsvc.dll0x7feface00000x7fefada1fffmapped_fileFalse
samlib.dll0x7fefbdf00000x7fefbe0cfffmapped_fileFalse
gpapi.dll0x7fefc6c00000x7fefc6dafffmapped_fileFalse
sysntfy.dll0x7fefcd700000x7fefcd79fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffdafffprivateTrue
private_0x000007fffffdb0000x7fffffdb0000x7fffffdcfffprivateTrue
private_0x000007fffffdd0000x7fffffdd0000x7fffffdefffprivateTrue
private_0x000007fffffdf0000x7fffffdf0000x7fffffdffffprivateTrue
OS TIDs
0xe4, 0x384, 0x148, 0x62c, 0x5a8, 0x394, 0x3e4, 0x3e8, 0x120, 0xbc, 0x64
ID#25
OS PID0x210
OS Parent PID0x24c
Image Namedllhost.exe
Page Root0x1208f000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD LineC:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
private_0x00000000000200000x000200000x00020fffprivateTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
private_0x00000000000400000x000400000x00040fffprivateTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
pagefile_0x00000000000600000x000600000x00060fffpagefile_backedTrue
pagefile_0x00000000000700000x000700000x00070fffpagefile_backedTrue
pagefile_0x00000000000800000x000800000x00080fffpagefile_backedTrue
private_0x00000000000900000x000900000x0009ffffprivateTrue
private_0x00000000000b00000x000b00000x001affffprivateTrue
locale.nls0x001b00000x00216fffmapped_fileFalse
private_0x00000000002b00000x002b00000x003affffprivateTrue
private_0x00000000003b00000x003b00000x004affffprivateTrue
pagefile_0x00000000004b00000x004b00000x00637fffpagefile_backedTrue
pagefile_0x00000000006400000x006400000x007c0fffpagefile_backedTrue
pagefile_0x00000000007d00000x007d00000x0088ffffpagefile_backedTrue
private_0x00000000008900000x008900000x0098ffffprivateTrue
private_0x00000000009900000x009900000x0099ffffprivateTrue
private_0x00000000009b00000x009b00000x00aaffffprivateTrue
private_0x0000000000ad00000x00ad00000x00bcffffprivateTrue
private_0x0000000000c300000x00c300000x00d2ffffprivateTrue
SortDefault.nls0x00d300000x00ffefffmapped_fileFalse
private_0x00000000010b00000x010b00000x011affffprivateTrue
private_0x00000000012600000x012600000x0135ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
dllhost.exe0xff0300000xff036fffmapped_fileFalse
IDStore.dll0x7fefaaa00000x7fefaab1fffmapped_fileFalse
comctl32.dll0x7fefaac00000x7fefab5ffffmapped_fileFalse
samlib.dll0x7fefbdf00000x7fefbe0cfffmapped_fileFalse
shacct.dll0x7fefbe100000x7fefbe33fffmapped_fileFalse
ntmarta.dll0x7fefc3300000x7fefc35cfffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd8fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x130, 0x260, 0x28c, 0x2ac, 0x2fc, 0x36c, 0x384
ID#26
OS PID0x390
OS Parent PID0x198
Image Nameslui.exe
Page Root0x1652b000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD Line"C:\Windows\system32\slui.exe"
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
pagefile_0x00000000000200000x000200000x00021fffpagefile_backedTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00042fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
slui.exe.mui0x000d00000x000d2fffmapped_fileFalse
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
private_0x00000000000f00000x000f00000x000f0fffprivateTrue
private_0x00000000001000000x001000000x0017ffffprivateTrue
private_0x00000000001800000x001800000x00180fffprivateTrue
pagefile_0x00000000001900000x001900000x00191fffpagefile_backedTrue
pagefile_0x00000000001a00000x001a00000x001a0fffpagefile_backedTrue
private_0x00000000001b00000x001b00000x002affffprivateTrue
private_0x00000000002b00000x002b00000x003affffprivateTrue
private_0x00000000003b00000x003b00000x0042ffffprivateTrue
private_0x00000000004300000x004300000x0043ffffprivateTrue
pagefile_0x00000000004400000x004400000x005c7fffpagefile_backedTrue
pagefile_0x00000000005d00000x005d00000x00750fffpagefile_backedTrue
pagefile_0x00000000007600000x007600000x01b5ffffpagefile_backedTrue
pagefile_0x0000000001b600000x01b600000x01c3efffpagefile_backedTrue
pagefile_0x0000000001c400000x01c400000x01c40fffpagefile_backedTrue
pagefile_0x0000000001c500000x01c500000x01c50fffpagefile_backedTrue
pagefile_0x0000000001c600000x01c600000x01c61fffpagefile_backedTrue
setupapi.dll.mui0x01c700000x01c7cfffmapped_fileFalse
private_0x0000000001c800000x01c800000x01cfffffprivateTrue
pagefile_0x0000000001d000000x01d000000x01d01fffpagefile_backedTrue
private_0x0000000001d100000x01d100000x01d8ffffprivateTrue
sppcomapi.dll0x01d900000x01da7fffmapped_fileFalse
private_0x0000000001db00000x01db00000x01e2ffffprivateTrue
private_0x0000000001eb00000x01eb00000x01f2ffffprivateTrue
SortDefault.nls0x01f300000x021fefffmapped_fileFalse
private_0x00000000023000000x023000000x0237ffffprivateTrue
private_0x00000000024100000x024100000x0248ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
slui.exe0xffe400000xffe98fffmapped_fileFalse
slwga.dll0x7fefa3f00000x7fefa3f7fffmapped_fileFalse
msi.dll0x7fefa4000000x7fefa71cfffmapped_fileFalse
tapi32.dll0x7fefa7200000x7fefa75ffffmapped_fileFalse
webio.dll0x7fefa7600000x7fefa7c3fffmapped_fileFalse
winhttp.dll0x7fefa7d00000x7fefa840fffmapped_fileFalse
WinSCard.dll0x7fefa8500000x7fefa887fffmapped_fileFalse
sppcext.dll0x7fefa8900000x7fefa9b9fffmapped_fileFalse
sppcomapi.dll0x7fefa9c00000x7fefa9fcfffmapped_fileFalse
sppc.dll0x7fefaa000000x7fefaa26fffmapped_fileFalse
sppcommdlg.dll0x7fefaa300000x7fefaa90fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
rasman.dll0x7fefb3a00000x7fefb3bbfffmapped_fileFalse
rasapi32.dll0x7fefb3c00000x7fefb421fffmapped_fileFalse
wtsapi32.dll0x7fefb6500000x7fefb660fffmapped_fileFalse
winbrand.dll0x7fefb6700000x7fefb677fffmapped_fileFalse
uxtheme.dll0x7fefbc600000x7fefbcb5fffmapped_fileFalse
comctl32.dll0x7fefbe400000x7fefc033fffmapped_fileFalse
cryptui.dll0x7fefc0400000x7fefc148fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
sxs.dll0x7fefd2c00000x7fefd350fffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
msasn1.dll0x7fefd4100000x7fefd41efffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
crypt32.dll0x7fefd5e00000x7fefd74bfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffdafffprivateTrue
private_0x000007fffffdb0000x7fffffdb0000x7fffffdcfffprivateTrue
private_0x000007fffffdd0000x7fffffdd0000x7fffffdefffprivateTrue
private_0x000007fffffdf0000x7fffffdf0000x7fffffdffffprivateTrue
OS TIDs
0x3b0, 0x3b8, 0x3c4, 0x37c, 0x3cc, 0x3d0, 0x3a0
ID#27
OS PID0x1b8
OS Parent PID0x344
Image Namedwm.exe
Page Root0x161b5000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD Line"C:\Windows\system32\Dwm.exe"
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
dwm.exe.mui0x000200000x00024fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00041fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
private_0x00000000000600000x000600000x00060fffprivateTrue
private_0x00000000000700000x000700000x000effffprivateTrue
private_0x00000000000f00000x000f00000x001effffprivateTrue
locale.nls0x001f00000x00256fffmapped_fileFalse
pagefile_0x00000000002600000x002600000x003e7fffpagefile_backedTrue
pagefile_0x00000000003f00000x003f00000x00570fffpagefile_backedTrue
pagefile_0x00000000005800000x005800000x0197ffffpagefile_backedTrue
private_0x00000000019800000x019800000x01980fffprivateTrue
private_0x00000000019900000x019900000x01a8ffffprivateTrue
private_0x0000000001aa00000x01aa00000x01aaffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
dwm.exe0xffe000000xffe22fffmapped_fileFalse
d3d11.dll0x7fef9f300000x7fefa104fffmapped_fileFalse
dxgi.dll0x7fefa1100000x7fefa16cfffmapped_fileFalse
d3d10_1core.dll0x7fefa1700000x7fefa1c6fffmapped_fileFalse
d3d10_1.dll0x7fefa1d00000x7fefa203fffmapped_fileFalse
dwmcore.dll0x7fefa2100000x7fefa3a1fffmapped_fileFalse
dwmredir.dll0x7fefa3b00000x7fefa3d6fffmapped_fileFalse
WindowsCodecs.dll0x7fefb6800000x7fefb7e0fffmapped_fileFalse
dwmapi.dll0x7fefb8300000x7fefb847fffmapped_fileFalse
uxtheme.dll0x7fefbc600000x7fefbcb5fffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd3fffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x868, 0x86c, 0x12c, 0x404, 0x408, 0x40c, 0x410
ID#28
OS PID0x428
OS Parent PID0x1c0
Image Namesvchost.exe
Page Root0x1613d000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\svchost.exe -k NetworkService
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
svchost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
vsstrace.dll.mui0x000f00000x000f7fffmapped_fileFalse
pagefile_0x00000000001000000x001000000x00100fffpagefile_backedTrue
pagefile_0x00000000001100000x001100000x00110fffpagefile_backedTrue
private_0x00000000001200000x001200000x00120fffprivateTrue
termsrv.dll.mui0x001200000x00129fffmapped_fileFalse
private_0x00000000001300000x001300000x00132fffprivateTrue
private_0x00000000001400000x001400000x001bffffprivateTrue
private_0x00000000001c00000x001c00000x001c4fffprivateTrue
setupapi.dll.mui0x001c00000x001ccfffmapped_fileFalse
private_0x00000000001d00000x001d00000x001d0fffprivateTrue
private_0x00000000001e00000x001e00000x002dffffprivateTrue
private_0x00000000002e00000x002e00000x003dffffprivateTrue
pagefile_0x00000000003e00000x003e00000x0049ffffpagefile_backedTrue
private_0x00000000004a00000x004a00000x004a7fffprivateTrue
private_0x00000000004b00000x004b00000x004bffffprivateTrue
pagefile_0x00000000004c00000x004c00000x00647fffpagefile_backedTrue
pagefile_0x00000000006500000x006500000x007d0fffpagefile_backedTrue
private_0x00000000007e00000x007e00000x007e3fffprivateTrue
private_0x00000000007e00000x007e00000x007e3fffprivateTrue
private_0x00000000007e00000x007e00000x007e3fffprivateTrue
private_0x00000000007e00000x007e00000x007e0fffprivateTrue
private_0x00000000007e00000x007e00000x007e3fffprivateTrue
private_0x00000000007f00000x007f00000x007f0fffprivateTrue
private_0x00000000008500000x008500000x008cffffprivateTrue
private_0x00000000008e00000x008e00000x0095ffffprivateTrue
private_0x00000000009800000x009800000x009fffffprivateTrue
private_0x0000000000a700000x00a700000x00aeffffprivateTrue
private_0x0000000000af00000x00af00000x00b6ffffprivateTrue
private_0x0000000000b300000x00b300000x00baffffprivateTrue
private_0x0000000000b700000x00b700000x00b7ffffprivateTrue
private_0x0000000000ba00000x00ba00000x00baffffprivateTrue
SortDefault.nls0x00bb00000x00e7efffmapped_fileFalse
private_0x0000000000e900000x00e900000x00f0ffffprivateTrue
private_0x0000000000f800000x00f800000x00ffffffprivateTrue
private_0x00000000010100000x010100000x0108ffffprivateTrue
private_0x00000000010d00000x010d00000x0114ffffprivateTrue
private_0x00000000011c00000x011c00000x0123ffffprivateTrue
private_0x00000000012400000x012400000x012bffffprivateTrue
private_0x00000000012d00000x012d00000x0134ffffprivateTrue
private_0x00000000013600000x013600000x013dffffprivateTrue
private_0x00000000013e00000x013e00000x0145ffffprivateTrue
private_0x00000000014900000x014900000x0150ffffprivateTrue
private_0x00000000015100000x015100000x0160ffffprivateTrue
private_0x00000000016100000x016100000x0170ffffprivateTrue
private_0x00000000016900000x016900000x0170ffffprivateTrue
private_0x00000000016b00000x016b00000x0172ffffprivateTrue
private_0x00000000017500000x017500000x017cffffprivateTrue
private_0x00000000017d00000x017d00000x018cffffprivateTrue
private_0x00000000017f00000x017f00000x0186ffffprivateTrue
private_0x00000000019100000x019100000x0191ffffprivateTrue
private_0x00000000019200000x019200000x01a1ffffprivateTrue
private_0x0000000001a400000x01a400000x01abffffprivateTrue
private_0x0000000001ad00000x01ad00000x01b4ffffprivateTrue
private_0x0000000001bc00000x01bc00000x01c3ffffprivateTrue
private_0x0000000001c400000x01c400000x01cbffffprivateTrue
private_0x0000000001c400000x01c400000x01cbffffprivateTrue
private_0x0000000001cc00000x01cc00000x01d3ffffprivateTrue
private_0x0000000001d400000x01d400000x01e3ffffprivateTrue
private_0x0000000001e800000x01e800000x01e8ffffprivateTrue
private_0x0000000001f400000x01f400000x01fbffffprivateTrue
private_0x0000000001fe00000x01fe00000x0205ffffprivateTrue
private_0x00000000020200000x020200000x0209ffffprivateTrue
private_0x00000000020c00000x020c00000x0213ffffprivateTrue
KernelBase.dll.mui0x021400000x021fffffmapped_fileFalse
private_0x00000000022000000x022000000x0220ffffprivateTrue
private_0x00000000022100000x022100000x0228ffffprivateTrue
private_0x00000000022200000x022200000x0229ffffprivateTrue
private_0x00000000022f00000x022f00000x0236ffffprivateTrue
private_0x00000000023800000x023800000x0238ffffprivateTrue
private_0x00000000023900000x023900000x0240ffffprivateTrue
private_0x00000000024100000x024100000x0248ffffprivateTrue
private_0x00000000024a00000x024a00000x0251ffffprivateTrue
private_0x00000000025f00000x025f00000x0266ffffprivateTrue
private_0x00000000026800000x026800000x026fffffprivateTrue
private_0x00000000026900000x026900000x0270ffffprivateTrue
private_0x00000000028000000x028000000x0280ffffprivateTrue
private_0x00000000028300000x028300000x0283ffffprivateTrue
private_0x00000000029e00000x029e00000x029effffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
svchost.exe0xff2900000xff29afffmapped_fileFalse
winrnr.dll0x7fef76300000x7fef763afffmapped_fileFalse
pnrpnsp.dll0x7fef76400000x7fef7658fffmapped_fileFalse
NapiNSP.dll0x7fef76600000x7fef7674fffmapped_fileFalse
rdpwsx.dll0x7fef77d00000x7fef77e6fffmapped_fileFalse
rdpcorekmts.dll0x7fef77f00000x7fef7819fffmapped_fileFalse
umb.dll0x7fef78200000x7fef7832fffmapped_fileFalse
d3d8thk.dll0x7fef78400000x7fef7846fffmapped_fileFalse
d3d9.dll0x7fef78500000x7fef7a4efffmapped_fileFalse
tlscsp.dll0x7fef7a500000x7fef7a65fffmapped_fileFalse
rdpcorets.dll0x7fef7a700000x7fef7d90fffmapped_fileFalse
regapi.dll0x7fef7da00000x7fef7dbafffmapped_fileFalse
lsmproxy.dll0x7fef7f700000x7fef7f80fffmapped_fileFalse
icaapi.dll0x7fef81800000x7fef8189fffmapped_fileFalse
termsrv.dll0x7fef81900000x7fef8239fffmapped_fileFalse
rasadhlp.dll0x7fef82800000x7fef8287fffmapped_fileFalse
ncsi.dll0x7fef93500000x7fef9388fffmapped_fileFalse
ssdpapi.dll0x7fef96500000x7fef9660fffmapped_fileFalse
nlasvc.dll0x7fef96700000x7fef96bdfffmapped_fileFalse
vsstrace.dll0x7fef97100000x7fef9726fffmapped_fileFalse
vssapi.dll0x7fef97300000x7fef98dffffmapped_fileFalse
dhcpcsvc.dll0x7fef9d800000x7fef9d97fffmapped_fileFalse
dhcpcsvc6.dll0x7fef9da00000x7fef9db0fffmapped_fileFalse
dnsext.dll0x7fef9dc00000x7fef9dc6fffmapped_fileFalse
FWPUCLNT.DLL0x7fef9dd00000x7fef9e22fffmapped_fileFalse
dnsrslvr.dll0x7fef9e300000x7fef9e5ffffmapped_fileFalse
webio.dll0x7fefa7600000x7fefa7c3fffmapped_fileFalse
winhttp.dll0x7fefa7d00000x7fefa840fffmapped_fileFalse
cryptnet.dll0x7fefaad00000x7fefaaf6fffmapped_fileFalse
cryptsvc.dll0x7fefab000000x7fefab31fffmapped_fileFalse
wkssvc.dll0x7fefab400000x7fefab5ffffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
es.dll0x7fefabd00000x7fefac36fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
atl.dll0x7fefac600000x7fefac78fffmapped_fileFalse
nlaapi.dll0x7fefacc00000x7fefacd4fffmapped_fileFalse
samcli.dll0x7fefb4d00000x7fefb4e3fffmapped_fileFalse
wkscli.dll0x7fefb4f00000x7fefb504fffmapped_fileFalse
netutils.dll0x7fefb5100000x7fefb51bfffmapped_fileFalse
wtsapi32.dll0x7fefb6500000x7fefb660fffmapped_fileFalse
dwmapi.dll0x7fefb8300000x7fefb847fffmapped_fileFalse
propsys.dll0x7fefbcc00000x7fefbdebfffmapped_fileFalse
samlib.dll0x7fefbdf00000x7fefbe0cfffmapped_fileFalse
ntmarta.dll0x7fefc3300000x7fefc35cfffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
WSHTCPIP.DLL0x7fefc5d00000x7fefc5d6fffmapped_fileFalse
gpapi.dll0x7fefc6c00000x7fefc6dafffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
pcwum.dll0x7fefc8200000x7fefc82cfffmapped_fileFalse
bcryptprimitives.dll0x7fefc8500000x7fefc89bfffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
dnsapi.dll0x7fefca300000x7fefca8afffmapped_fileFalse
wship6.dll0x7fefcba00000x7fefcba6fffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
netjoin.dll0x7fefcd200000x7fefcd51fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
bcrypt.dll0x7fefce500000x7fefce71fffmapped_fileFalse
ncrypt.dll0x7fefce800000x7fefceccfffmapped_fileFalse
wevtapi.dll0x7fefcf100000x7fefcf7cfffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
winsta.dll0x7fefd2100000x7fefd24cfffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
msasn1.dll0x7fefd4100000x7fefd41efffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
crypt32.dll0x7fefd5e00000x7fefd74bfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
wintrust.dll0x7fefd7800000x7fefd7b9fffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffff860000x7fffff860000x7fffff87fffprivateTrue
private_0x000007fffff880000x7fffff880000x7fffff89fffprivateTrue
private_0x000007fffff880000x7fffff880000x7fffff89fffprivateTrue
private_0x000007fffff880000x7fffff880000x7fffff89fffprivateTrue
private_0x000007fffff880000x7fffff880000x7fffff89fffprivateTrue
private_0x000007fffff8a0000x7fffff8a0000x7fffff8bfffprivateTrue
private_0x000007fffff8c0000x7fffff8c0000x7fffff8dfffprivateTrue
private_0x000007fffff8e0000x7fffff8e0000x7fffff8ffffprivateTrue
private_0x000007fffff900000x7fffff900000x7fffff91fffprivateTrue
private_0x000007fffff920000x7fffff920000x7fffff93fffprivateTrue
private_0x000007fffff920000x7fffff920000x7fffff93fffprivateTrue
private_0x000007fffff940000x7fffff940000x7fffff95fffprivateTrue
private_0x000007fffff960000x7fffff960000x7fffff97fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9c0000x7fffff9c0000x7fffff9dfffprivateTrue
private_0x000007fffff9e0000x7fffff9e0000x7fffff9ffffprivateTrue
private_0x000007fffffa00000x7fffffa00000x7fffffa1fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x670, 0x58c, 0x5a8, 0x798, 0x5b0, 0x5b4, 0x7a4, 0x5c0, 0x5c8, 0x5cc, 0x7c0, 0x7c4, 0x7c8, 0x850, 0x6e0, 0x864, 0x794, 0x42c, 0x430, 0x438, 0x43c, 0x440, 0x444, 0x450, 0x454, 0x458, 0x45c, 0x460, 0x468, 0x478, 0x36c, 0x870, 0x7ac, 0x7b0, 0x528, 0x568, 0x720, 0x728, 0x72c, 0x540, 0x744, 0x514, 0x55c, 0x560, 0x56c
ID#29
OS PID0x490
OS Parent PID0x1c0
Image Namespoolsv.exe
Page Root0x11e44000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\System32\spoolsv.exe
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
spoolsv.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x000effffprivateTrue
private_0x00000000000f00000x000f00000x000f0fffprivateTrue
setupapi.dll.mui0x001000000x0010cfffmapped_fileFalse
private_0x00000000001100000x001100000x00110fffprivateTrue
private_0x00000000001200000x001200000x0015ffffprivateTrue
private_0x00000000001600000x001600000x0025ffffprivateTrue
pagefile_0x00000000002600000x002600000x00261fffpagefile_backedTrue
pagefile_0x00000000002700000x002700000x00270fffpagefile_backedTrue
pagefile_0x00000000002800000x002800000x00280fffpagefile_backedTrue
localspl.dll.mui0x002900000x002a0fffmapped_fileFalse
private_0x00000000002b00000x002b00000x003affffprivateTrue
pagefile_0x00000000003b00000x003b00000x00537fffpagefile_backedTrue
pagefile_0x00000000005400000x005400000x006c0fffpagefile_backedTrue
pagefile_0x00000000006d00000x006d00000x01acffffpagefile_backedTrue
msxml6r.dll0x01ad00000x01ad0fffmapped_fileFalse
WSDMon.dll.mui0x01ae00000x01ae0fffmapped_fileFalse
private_0x0000000001af00000x01af00000x01b2ffffprivateTrue
private_0x0000000001b300000x01b300000x01b4ffffprivateTrue
win32spl.dll.mui0x01b500000x01b50fffmapped_fileFalse
inetpp.dll.mui0x01b600000x01b60fffmapped_fileFalse
private_0x0000000001bb00000x01bb00000x01bbffffprivateTrue
private_0x0000000001bc00000x01bc00000x01c3ffffprivateTrue
private_0x0000000001c700000x01c700000x01caffffprivateTrue
private_0x0000000001cf00000x01cf00000x01d2ffffprivateTrue
private_0x0000000001d300000x01d300000x01d6ffffprivateTrue
private_0x0000000001d800000x01d800000x01dbffffprivateTrue
private_0x0000000001dc00000x01dc00000x01dfffffprivateTrue
private_0x0000000001e000000x01e000000x01e3ffffprivateTrue
private_0x0000000001e500000x01e500000x01ecffffprivateTrue
private_0x0000000001ed00000x01ed00000x01f0ffffprivateTrue
private_0x0000000001f400000x01f400000x01fbffffprivateTrue
private_0x00000000020200000x020200000x0205ffffprivateTrue
SortDefault.nls0x020600000x0232efffmapped_fileFalse
private_0x00000000023c00000x023c00000x023cffffprivateTrue
KernelBase.dll.mui0x023d00000x0248ffffmapped_fileFalse
private_0x00000000024c00000x024c00000x0253ffffprivateTrue
private_0x00000000025400000x025400000x02640fffprivateTrue
private_0x00000000026500000x026500000x0274ffffprivateTrue
private_0x00000000027600000x027600000x0279ffffprivateTrue
private_0x00000000027a00000x027a00000x027dffffprivateTrue
private_0x00000000028000000x028000000x0287ffffprivateTrue
private_0x00000000029000000x029000000x0293ffffprivateTrue
private_0x00000000029400000x029400000x029bffffprivateTrue
private_0x00000000029d00000x029d00000x02a0ffffprivateTrue
private_0x00000000029e00000x029e00000x02a1ffffprivateTrue
private_0x0000000002a300000x02a300000x02aaffffprivateTrue
private_0x0000000002ab00000x02ab00000x02eaffffprivateTrue
private_0x0000000002ee00000x02ee00000x02f1ffffprivateTrue
private_0x0000000002f500000x02f500000x02f5ffffprivateTrue
private_0x0000000002f600000x02f600000x0305ffffprivateTrue
private_0x00000000030600000x030600000x0315ffffprivateTrue
private_0x00000000031700000x031700000x031affffprivateTrue
private_0x00000000031b00000x031b00000x031effffprivateTrue
private_0x00000000033a00000x033a00000x033affffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
spoolsv.exe0xffc000000xffc8bfffmapped_fileFalse
tcpmon.dll0x7fef72000000x7fef7233fffmapped_fileFalse
localspl.dll0x7fef73700000x7fef745dfffmapped_fileFalse
wsnmp32.dll0x7fef74d00000x7fef74e3fffmapped_fileFalse
snmpapi.dll0x7fef74f00000x7fef74fafffmapped_fileFalse
FXSMON.dll0x7fef75000000x7fef750dfffmapped_fileFalse
PrintIsolationProxy.dll0x7fef75100000x7fef751ffffmapped_fileFalse
spoolss.dll0x7fef75200000x7fef7531fffmapped_fileFalse
winspool.drv0x7fef77100000x7fef7780fffmapped_fileFalse
umb.dll0x7fef78200000x7fef7832fffmapped_fileFalse
rasadhlp.dll0x7fef82800000x7fef8287fffmapped_fileFalse
msxml6.dll0x7fef91500000x7fef9340fffmapped_fileFalse
webservices.dll0x7fef94700000x7fef958efffmapped_fileFalse
WSDApi.dll0x7fef95900000x7fef9620fffmapped_fileFalse
fundisc.dll0x7fef96c00000x7fef96f2fffmapped_fileFalse
FWPUCLNT.DLL0x7fef9dd00000x7fef9e22fffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
dsrole.dll0x7fefac500000x7fefac5bfffmapped_fileFalse
atl.dll0x7fefac600000x7fefac78fffmapped_fileFalse
powrprof.dll0x7fefb1500000x7fefb17bfffmapped_fileFalse
netutils.dll0x7fefb5100000x7fefb51bfffmapped_fileFalse
cscapi.dll0x7fefc1b00000x7fefc1befffmapped_fileFalse
inetpp.dll0x7fefc1c00000x7fefc1ecfffmapped_fileFalse
win32spl.dll0x7fefc1f00000x7fefc2acfffmapped_fileFalse
winprint.dll0x7fefc2b00000x7fefc2bdfffmapped_fileFalse
fdPnp.dll0x7fefc2c00000x7fefc2cffffmapped_fileFalse
WSDMon.dll0x7fefc2d00000x7fefc309fffmapped_fileFalse
WlS0WndH.dll0x7fefc3100000x7fefc316fffmapped_fileFalse
usbmon.dll0x7fefc3200000x7fefc32efffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
FirewallAPI.dll0x7fefc5100000x7fefc5cafffmapped_fileFalse
WSHTCPIP.DLL0x7fefc5d00000x7fefc5d6fffmapped_fileFalse
gpapi.dll0x7fefc6c00000x7fefc6dafffmapped_fileFalse
devrtl.dll0x7fefc6e00000x7fefc6f1fffmapped_fileFalse
SPInf.dll0x7fefc7000000x7fefc71efffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
dnsapi.dll0x7fefca300000x7fefca8afffmapped_fileFalse
wship6.dll0x7fefcba00000x7fefcba6fffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
srvcli.dll0x7fefcd800000x7fefcda2fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
msasn1.dll0x7fefd4100000x7fefd41efffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
crypt32.dll0x7fefd5e00000x7fefd74bfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
wintrust.dll0x7fefd7800000x7fefd7b9fffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9c0000x7fffff9c0000x7fffff9dfffprivateTrue
private_0x000007fffff9e0000x7fffff9e0000x7fffff9ffffprivateTrue
private_0x000007fffffa00000x7fffffa00000x7fffffa1fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffdafffprivateTrue
private_0x000007fffffdb0000x7fffffdb0000x7fffffdcfffprivateTrue
private_0x000007fffffdd0000x7fffffdd0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x56c, 0x7a8, 0x628, 0x54c, 0x65c, 0x26c, 0x6dc, 0x71c, 0x72c, 0x7a4, 0x494, 0x7bc, 0x49c, 0x560, 0x4a4, 0x4a8, 0x4ac, 0x4b8, 0x7cc, 0x478, 0x7d4
ID#30
OS PID0x4b0
OS Parent PID0x1c0
Image Nametaskhost.exe
Page Root0x1553a000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD Line"taskhost.exe"
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
taskhost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
private_0x00000000000400000x000400000x00040fffprivateTrue
locale.nls0x000500000x000b6fffmapped_fileFalse
private_0x00000000000c00000x000c00000x000c0fffprivateTrue
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
pagefile_0x00000000000e00000x000e00000x000e0fffpagefile_backedTrue
pagefile_0x00000000000f00000x000f00000x000f0fffpagefile_backedTrue
pagefile_0x00000000001000000x001000000x00100fffpagefile_backedTrue
private_0x00000000001100000x001100000x00129fffprivateTrue
MsCtfMonitor.dll.mui0x001300000x00130fffmapped_fileFalse
pagefile_0x00000000001400000x001400000x00141fffpagefile_backedTrue
private_0x00000000001500000x001500000x001cffffprivateTrue
msutb.dll.mui0x001d00000x001d1fffmapped_fileFalse
private_0x00000000001e00000x001e00000x0021ffffprivateTrue
private_0x00000000002200000x002200000x00220fffprivateTrue
private_0x00000000002200000x002200000x00220fffprivateTrue
private_0x00000000002300000x002300000x00230fffprivateTrue
private_0x00000000002300000x002300000x00230fffprivateTrue
winmm.dll.mui0x002400000x00245fffmapped_fileFalse
pagefile_0x00000000002500000x002500000x00252fffpagefile_backedTrue
setupapi.dll.mui0x002500000x0025cfffmapped_fileFalse
private_0x00000000002800000x002800000x0037ffffprivateTrue
private_0x00000000003800000x003800000x0047ffffprivateTrue
private_0x00000000004d00000x004d00000x004dffffprivateTrue
pagefile_0x00000000004e00000x004e00000x00667fffpagefile_backedTrue
pagefile_0x00000000006700000x006700000x007f0fffpagefile_backedTrue
pagefile_0x00000000008000000x008000000x01bfffffpagefile_backedTrue
private_0x0000000001ca00000x01ca00000x01d1ffffprivateTrue
private_0x0000000001d300000x01d300000x01daffffprivateTrue
pagefile_0x0000000001db00000x01db00000x01e8efffpagefile_backedTrue
private_0x0000000001e900000x01e900000x01f0ffffprivateTrue
private_0x0000000001f100000x01f100000x01f8ffffprivateTrue
private_0x0000000001f900000x01f900000x0200ffffprivateTrue
private_0x00000000020a00000x020a00000x0211ffffprivateTrue
private_0x00000000021500000x021500000x021cffffprivateTrue
private_0x00000000021a00000x021a00000x0221ffffprivateTrue
private_0x00000000022200000x022200000x0229ffffprivateTrue
private_0x00000000022c00000x022c00000x0233ffffprivateTrue
KernelBase.dll.mui0x023400000x023fffffmapped_fileFalse
private_0x00000000024300000x024300000x024affffprivateTrue
private_0x00000000024900000x024900000x0250ffffprivateTrue
private_0x00000000025000000x025000000x0257ffffprivateTrue
private_0x00000000025300000x025300000x025affffprivateTrue
private_0x00000000025f00000x025f00000x0266ffffprivateTrue
private_0x00000000026300000x026300000x026affffprivateTrue
private_0x00000000026b00000x026b00000x027affffprivateTrue
SortDefault.nls0x027b00000x02a7efffmapped_fileFalse
private_0x0000000002ac00000x02ac00000x02b3ffffprivateTrue
private_0x0000000002c400000x02c400000x02cbffffprivateTrue
private_0x0000000002eb00000x02eb00000x02ebffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
normaliz.dll0x777c00000x777c2fffmapped_fileFalse
psapi.dll0x777d00000x777d6fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
taskhost.exe0xff6b00000xff6c3fffmapped_fileFalse
CertEnroll.dll0x7fef72c00000x7fef74a5fffmapped_fileFalse
certcli.dll0x7fef74b00000x7fef7523fffmapped_fileFalse
pautoenr.dll0x7fef75300000x7fef753ffffmapped_fileFalse
winmm.dll0x7fef76d00000x7fef770afffmapped_fileFalse
npmproxy.dll0x7fef82400000x7fef824bfffmapped_fileFalse
dimsjob.dll0x7fef82700000x7fef827dfffmapped_fileFalse
netprofm.dll0x7fef82900000x7fef8303fffmapped_fileFalse
esent.dll0x7fef8ec00000x7fef9139fffmapped_fileFalse
api-ms-win-downlevel-advapi32-l2-1-0.dll0x7fef91400000x7fef9143fffmapped_fileFalse
HotStartUserAgent.dll0x7fef99b00000x7fef99bafffmapped_fileFalse
msutb.dll0x7fef99c00000x7fef99fcfffmapped_fileFalse
MsCtfMonitor.dll0x7fef9a000000x7fef9a0afffmapped_fileFalse
PlaySndSrv.dll0x7fef9a100000x7fef9a27fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
dsrole.dll0x7fefac500000x7fefac5bfffmapped_fileFalse
atl.dll0x7fefac600000x7fefac78fffmapped_fileFalse
nlaapi.dll0x7fefacc00000x7fefacd4fffmapped_fileFalse
taskschd.dll0x7fefadf00000x7fefaf16fffmapped_fileFalse
AuxiliaryDisplayServices.dll0x7fefb2a00000x7fefb2c3fffmapped_fileFalse
wtsapi32.dll0x7fefb6500000x7fefb660fffmapped_fileFalse
dwmapi.dll0x7fefb8300000x7fefb847fffmapped_fileFalse
uxtheme.dll0x7fefbc600000x7fefbcb5fffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
winsta.dll0x7fefd2100000x7fefd24cfffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
msasn1.dll0x7fefd4100000x7fefd41efffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
api-ms-win-downlevel-ole32-l1-1-0.dll0x7fefd4900000x7fefd493fffmapped_fileFalse
api-ms-win-downlevel-user32-l1-1-0.dll0x7fefd5400000x7fefd543fffmapped_fileFalse
api-ms-win-downlevel-advapi32-l1-1-0.dll0x7fefd5500000x7fefd554fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
api-ms-win-downlevel-version-l1-1-0.dll0x7fefd5d00000x7fefd5d3fffmapped_fileFalse
crypt32.dll0x7fefd5e00000x7fefd74bfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
api-ms-win-downlevel-normaliz-l1-1-0.dll0x7fefd7700000x7fefd772fffmapped_fileFalse
api-ms-win-downlevel-shlwapi-l1-1-0.dll0x7fefd7c00000x7fefd7c3fffmapped_fileFalse
iertutil.dll0x7fefd7d00000x7fefda7afffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
wininet.dll0x7feff0200000x7feff250fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdefffprivateTrue
OS TIDs
0x600, 0x7fc, 0x4fc, 0x500, 0x504, 0x5f4, 0x6e0, 0x28c, 0x4b4, 0x4bc, 0x4d0, 0x7dc, 0x4dc, 0x5f0, 0x5f8, 0x4e8, 0x4ec
ID#31
OS PID0x4c4
OS Parent PID0x1c0
Image Namesvchost.exe
Page Root0x15e73000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
svchost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x001cffffprivateTrue
private_0x00000000001d00000x001d00000x001d0fffprivateTrue
private_0x00000000001e00000x001e00000x0025ffffprivateTrue
pagefile_0x00000000002600000x002600000x0031ffffpagefile_backedTrue
private_0x00000000003200000x003200000x00320fffprivateTrue
bfe.dll.mui0x003300000x00336fffmapped_fileFalse
FirewallAPI.dll.mui0x003400000x0035bfffmapped_fileFalse
private_0x00000000003600000x003600000x00360fffprivateTrue
pagefile_0x00000000003700000x003700000x00370fffpagefile_backedTrue
pagefile_0x00000000003800000x003800000x00380fffpagefile_backedTrue
private_0x00000000003900000x003900000x0039ffffprivateTrue
private_0x00000000003a00000x003a00000x0041ffffprivateTrue
private_0x00000000004200000x004200000x00427fffprivateTrue
private_0x00000000004300000x004300000x00433fffprivateTrue
private_0x00000000004400000x004400000x0053ffffprivateTrue
pagefile_0x00000000005400000x005400000x006c7fffpagefile_backedTrue
pagefile_0x00000000006d00000x006d00000x00850fffpagefile_backedTrue
private_0x00000000008600000x008600000x00863fffprivateTrue
private_0x00000000008700000x008700000x00873fffprivateTrue
private_0x00000000008800000x008800000x00883fffprivateTrue
private_0x00000000008900000x008900000x00892fffprivateTrue
private_0x00000000008a00000x008a00000x008a0fffprivateTrue
private_0x00000000008b00000x008b00000x0092ffffprivateTrue
private_0x00000000009300000x009300000x00930fffprivateTrue
private_0x00000000009400000x009400000x00940fffprivateTrue
private_0x00000000009500000x009500000x009cffffprivateTrue
private_0x00000000009d00000x009d00000x00a4ffffprivateTrue
private_0x0000000000a500000x00a500000x00a50fffprivateTrue
private_0x0000000000a600000x00a600000x00a60fffprivateTrue
private_0x0000000000a700000x00a700000x00a70fffprivateTrue
private_0x0000000000a800000x00a800000x00afffffprivateTrue
private_0x0000000000b000000x00b000000x00b7ffffprivateTrue
private_0x0000000000b800000x00b800000x00bfffffprivateTrue
private_0x0000000000bb00000x00bb00000x00c2ffffprivateTrue
private_0x0000000000c000000x00c000000x00c00fffprivateTrue
private_0x0000000000c100000x00c100000x00c10fffprivateTrue
private_0x0000000000c200000x00c200000x00c22fffprivateTrue
SortDefault.nls0x00c300000x00efefffmapped_fileFalse
private_0x0000000000f000000x00f000000x00f04fffprivateTrue
private_0x0000000000f100000x00f100000x00f10fffprivateTrue
private_0x0000000000f200000x00f200000x00f27fffprivateTrue
private_0x0000000000f600000x00f600000x00fdffffprivateTrue
private_0x0000000000f700000x00f700000x00feffffprivateTrue
private_0x0000000000ff00000x00ff00000x0106ffffprivateTrue
private_0x00000000010800000x010800000x010fffffprivateTrue
private_0x00000000011100000x011100000x0118ffffprivateTrue
private_0x00000000011300000x011300000x011affffprivateTrue
private_0x00000000011e00000x011e00000x0125ffffprivateTrue
private_0x00000000012a00000x012a00000x0131ffffprivateTrue
private_0x00000000013600000x013600000x013dffffprivateTrue
private_0x00000000014400000x014400000x014bffffprivateTrue
private_0x00000000014c00000x014c00000x0153ffffprivateTrue
private_0x00000000015400000x015400000x015bffffprivateTrue
private_0x00000000015d00000x015d00000x0164ffffprivateTrue
private_0x00000000016600000x016600000x016dffffprivateTrue
private_0x00000000016e00000x016e00000x017dffffprivateTrue
private_0x00000000017e00000x017e00000x018dffffprivateTrue
private_0x00000000019700000x019700000x019effffprivateTrue
private_0x0000000001a000000x01a000000x01a7ffffprivateTrue
private_0x0000000001a800000x01a800000x01afffffprivateTrue
private_0x0000000001b400000x01b400000x01c3ffffprivateTrue
private_0x0000000001ca00000x01ca00000x01d1ffffprivateTrue
private_0x0000000001d800000x01d800000x01dfffffprivateTrue
private_0x0000000001e300000x01e300000x01eaffffprivateTrue
private_0x0000000001f100000x01f100000x01f1ffffprivateTrue
private_0x00000000020500000x020500000x0216ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
svchost.exe0xff2900000xff29afffmapped_fileFalse
wdiasqmmodule.dll0x7fef7dc00000x7fef7dccfffmapped_fileFalse
radardt.dll0x7fef7de00000x7fef7dfcfffmapped_fileFalse
pnpts.dll0x7fef7e000000x7fef7e07fffmapped_fileFalse
diagperf.dll0x7fef7f900000x7fef80d9fffmapped_fileFalse
npmproxy.dll0x7fef82400000x7fef824bfffmapped_fileFalse
wdi.dll0x7fef82500000x7fef8268fffmapped_fileFalse
netprofm.dll0x7fef82900000x7fef8303fffmapped_fileFalse
wfapigp.dll0x7fef97000000x7fef9709fffmapped_fileFalse
MPSSVC.dll0x7fef98e00000x7fef99adfffmapped_fileFalse
BFE.DLL0x7fef9a300000x7fef9adffffmapped_fileFalse
dhcpcsvc.dll0x7fef9d800000x7fef9d97fffmapped_fileFalse
dhcpcsvc6.dll0x7fef9da00000x7fef9db0fffmapped_fileFalse
FWPUCLNT.DLL0x7fef9dd00000x7fef9e22fffmapped_fileFalse
dps.dll0x7fefaaa00000x7fefaacbfffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
nlaapi.dll0x7fefacc00000x7fefacd4fffmapped_fileFalse
taskschd.dll0x7fefadf00000x7fefaf16fffmapped_fileFalse
wtsapi32.dll0x7fefb6500000x7fefb660fffmapped_fileFalse
ntmarta.dll0x7fefc3300000x7fefc35cfffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
FirewallAPI.dll0x7fefc5100000x7fefc5cafffmapped_fileFalse
WSHTCPIP.DLL0x7fefc5d00000x7fefc5d6fffmapped_fileFalse
gpapi.dll0x7fefc6c00000x7fefc6dafffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
pcwum.dll0x7fefc8200000x7fefc82cfffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
wship6.dll0x7fefcba00000x7fefcba6fffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
bcrypt.dll0x7fefce500000x7fefce71fffmapped_fileFalse
authz.dll0x7fefced00000x7fefcefefffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffff8e0000x7fffff8e0000x7fffff8ffffprivateTrue
private_0x000007fffff900000x7fffff900000x7fffff91fffprivateTrue
private_0x000007fffff920000x7fffff920000x7fffff93fffprivateTrue
private_0x000007fffff940000x7fffff940000x7fffff95fffprivateTrue
private_0x000007fffff960000x7fffff960000x7fffff97fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9c0000x7fffff9c0000x7fffff9dfffprivateTrue
private_0x000007fffff9e0000x7fffff9e0000x7fffff9ffffprivateTrue
private_0x000007fffffa00000x7fffffa00000x7fffffa1fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x584, 0x588, 0x778, 0x788, 0x774, 0x5d0, 0x5fc, 0x730, 0x504, 0x600, 0x420, 0x608, 0x604, 0x6f0, 0x6b0, 0x4c8, 0x4cc, 0x4e0, 0x4f0, 0x4f4, 0x4f8, 0x508, 0x51c, 0x520, 0x524, 0x538, 0x53c, 0x544, 0x768, 0x564, 0x760, 0x57c, 0x580
ID#32
OS PID0x570
OS Parent PID0x1c0
Image Namesvchost.exe
Page Root0x148f0000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
svchost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
pagefile_0x00000000000f00000x000f00000x000f0fffpagefile_backedTrue
pagefile_0x00000000001000000x001000000x00100fffpagefile_backedTrue
msxml6r.dll0x001100000x00110fffmapped_fileFalse
private_0x00000000001200000x001200000x0013ffffprivateTrue
wshtcpip.dll.mui0x001400000x00140fffmapped_fileFalse
wship6.dll.mui0x001500000x00150fffmapped_fileFalse
private_0x00000000001600000x001600000x001dffffprivateTrue
private_0x00000000001e00000x001e00000x001e2fffprivateTrue
private_0x00000000001f00000x001f00000x001f4fffprivateTrue
private_0x00000000002000000x002000000x00200fffprivateTrue
private_0x00000000002100000x002100000x00217fffprivateTrue
private_0x00000000002900000x002900000x0038ffffprivateTrue
pagefile_0x00000000003900000x003900000x0044ffffpagefile_backedTrue
private_0x00000000004800000x004800000x0048ffffprivateTrue
private_0x00000000004900000x004900000x0058ffffprivateTrue
pagefile_0x00000000005900000x005900000x00717fffpagefile_backedTrue
pagefile_0x00000000007200000x007200000x008a0fffpagefile_backedTrue
private_0x00000000008d00000x008d00000x0094ffffprivateTrue
private_0x00000000009600000x009600000x009dffffprivateTrue
private_0x0000000000a300000x00a300000x00aaffffprivateTrue
private_0x0000000000b100000x00b100000x00b8ffffprivateTrue
private_0x0000000000bb00000x00bb00000x00c2ffffprivateTrue
private_0x0000000000c400000x00c400000x00cbffffprivateTrue
SortDefault.nls0x00cc00000x00f8efffmapped_fileFalse
private_0x00000000010100000x010100000x0108ffffprivateTrue
private_0x00000000011000000x011000000x0117ffffprivateTrue
private_0x00000000011900000x011900000x0120ffffprivateTrue
private_0x00000000012900000x012900000x0130ffffprivateTrue
KernelBase.dll.mui0x013100000x013cffffmapped_fileFalse
private_0x00000000013f00000x013f00000x0146ffffprivateTrue
private_0x00000000014700000x014700000x0186ffffprivateTrue
private_0x00000000018b00000x018b00000x0192ffffprivateTrue
private_0x00000000019500000x019500000x019cffffprivateTrue
private_0x0000000001aa00000x01aa00000x01b1ffffprivateTrue
private_0x0000000001ba00000x01ba00000x01c1ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
svchost.exe0xff2900000xff29afffmapped_fileFalse
msxml6.dll0x7fef91500000x7fef9340fffmapped_fileFalse
webservices.dll0x7fef94700000x7fef958efffmapped_fileFalse
WSDApi.dll0x7fef95900000x7fef9620fffmapped_fileFalse
FDResPub.dll0x7fef96300000x7fef963bfffmapped_fileFalse
httpapi.dll0x7fef96400000x7fef964dfffmapped_fileFalse
fundisc.dll0x7fef96c00000x7fef96f2fffmapped_fileFalse
dhcpcsvc.dll0x7fef9d800000x7fef9d97fffmapped_fileFalse
dhcpcsvc6.dll0x7fef9da00000x7fef9db0fffmapped_fileFalse
webio.dll0x7fefa7600000x7fefa7c3fffmapped_fileFalse
winhttp.dll0x7fefa7d00000x7fefa840fffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
atl.dll0x7fefac600000x7fefac78fffmapped_fileFalse
wkscli.dll0x7fefb4f00000x7fefb504fffmapped_fileFalse
netutils.dll0x7fefb5100000x7fefb51bfffmapped_fileFalse
xmllite.dll0x7fefb7f00000x7fefb824fffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
FirewallAPI.dll0x7fefc5100000x7fefc5cafffmapped_fileFalse
WSHTCPIP.DLL0x7fefc5d00000x7fefc5d6fffmapped_fileFalse
pcwum.dll0x7fefc8200000x7fefc82cfffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
wship6.dll0x7fefcba00000x7fefcba6fffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffdcfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x6fc, 0x594, 0x598, 0x59c, 0x74c, 0x5b8, 0x324, 0x764, 0x5d4, 0x5d8, 0x5dc, 0x5e0, 0x5e4, 0x5e8, 0x574, 0x578, 0x784
ID#33
OS PID0x6f4
OS Parent PID0x1c0
Image Namesppsvc.exe
Page Root0x0fe81000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\sppsvc.exe
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
sppsvc.exe.mui0x000200000x00024fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
private_0x00000000000600000x000600000x00060fffprivateTrue
locale.nls0x000700000x000d6fffmapped_fileFalse
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
private_0x00000000000f00000x000f00000x000f0fffprivateTrue
private_0x00000000001800000x001800000x0018ffffprivateTrue
private_0x00000000001a00000x001a00000x0021ffffprivateTrue
private_0x00000000002200000x002200000x0031ffffprivateTrue
private_0x00000000003500000x003500000x0044ffffprivateTrue
pagefile_0x00000000004500000x004500000x005d7fffpagefile_backedTrue
pagefile_0x00000000005e00000x005e00000x00760fffpagefile_backedTrue
pagefile_0x00000000007700000x007700000x0082ffffpagefile_backedTrue
private_0x00000000008600000x008600000x008dffffprivateTrue
private_0x00000000009000000x009000000x0097ffffprivateTrue
private_0x00000000009a00000x009a00000x00a1ffffprivateTrue
private_0x0000000000a200000x00a200000x00b1ffffprivateTrue
private_0x0000000000b600000x00b600000x00bdffffprivateTrue
private_0x0000000000bf00000x00bf00000x00c6ffffprivateTrue
private_0x0000000000cc00000x00cc00000x00d3ffffprivateTrue
private_0x0000000000da00000x00da00000x00e1ffffprivateTrue
SortDefault.nls0x00e200000x010eefffmapped_fileFalse
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
sppsvc.exe0xff8c00000xffc1efffmapped_fileFalse
sppobjs.dll0x7fef72400000x7fef734cfffmapped_fileFalse
sppwinob.dll0x7fef74600000x7fef74cafffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
dnsapi.dll0x7fefca300000x7fefca8afffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd8fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x6f8, 0x40c, 0x700, 0x710, 0x718, 0x71c, 0x738, 0x440
ID#34
OS PID0x73c
OS Parent PID0x1c0
Image Namesvchost.exe
Page Root0x0f58c000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
svchost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
private_0x00000000000600000x000600000x00060fffprivateTrue
private_0x00000000000700000x000700000x00070fffprivateTrue
private_0x00000000000800000x000800000x00082fffprivateTrue
pagefile_0x00000000000900000x000900000x00090fffpagefile_backedTrue
private_0x00000000000a00000x000a00000x0011ffffprivateTrue
locale.nls0x001200000x00186fffmapped_fileFalse
FirewallAPI.dll.mui0x001900000x001abfffmapped_fileFalse
private_0x00000000001b00000x001b00000x001b4fffprivateTrue
private_0x00000000001c00000x001c00000x001c0fffprivateTrue
private_0x00000000001d00000x001d00000x001d7fffprivateTrue
private_0x00000000001f00000x001f00000x002effffprivateTrue
private_0x00000000002f00000x002f00000x0036ffffprivateTrue
private_0x00000000003800000x003800000x0038ffffprivateTrue
private_0x00000000003900000x003900000x0048ffffprivateTrue
private_0x00000000004c00000x004c00000x0053ffffprivateTrue
private_0x00000000005900000x005900000x0060ffffprivateTrue
pagefile_0x00000000006100000x006100000x006cffffpagefile_backedTrue
private_0x00000000006d00000x006d00000x0074ffffprivateTrue
private_0x00000000007500000x007500000x007cffffprivateTrue
SortDefault.nls0x007d00000x00a9efffmapped_fileFalse
private_0x0000000000ae00000x00ae00000x00b5ffffprivateTrue
private_0x0000000000c800000x00c800000x00cfffffprivateTrue
pagefile_0x0000000000d000000x00d000000x00e87fffpagefile_backedTrue
pagefile_0x0000000000e900000x00e900000x01010fffpagefile_backedTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
svchost.exe0xff2900000xff29afffmapped_fileFalse
FwRemoteSvr.dll0x7fef80e00000x7fef80f5fffmapped_fileFalse
IPSECSVC.DLL0x7fef81000000x7fef817dfffmapped_fileFalse
dhcpcsvc.dll0x7fef9d800000x7fef9d97fffmapped_fileFalse
dhcpcsvc6.dll0x7fef9da00000x7fef9db0fffmapped_fileFalse
FWPUCLNT.DLL0x7fef9dd00000x7fef9e22fffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
FirewallAPI.dll0x7fefc5100000x7fefc5cafffmapped_fileFalse
WSHTCPIP.DLL0x7fefc5d00000x7fefc5d6fffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
wship6.dll0x7fefcba00000x7fefcba6fffmapped_fileFalse
mswsock.dll0x7fefcbb00000x7fefcc04fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
authz.dll0x7fefced00000x7fefcefefffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdafffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x874, 0x78c, 0x740, 0x748, 0x750, 0x754, 0x44c
ID#35
OS PID0x7b4
OS Parent PID0x24c
Image Namerundll32.exe
Page Root0x12d3f000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
rundll32.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
pagefile_0x00000000000f00000x000f00000x000f1fffpagefile_backedTrue
pagefile_0x00000000001000000x001000000x00100fffpagefile_backedTrue
private_0x00000000001100000x001100000x0011ffffprivateTrue
private_0x00000000001a00000x001a00000x0021ffffprivateTrue
private_0x00000000002200000x002200000x0031ffffprivateTrue
pagefile_0x00000000003200000x003200000x003fefffpagefile_backedTrue
private_0x00000000004100000x004100000x0050ffffprivateTrue
pagefile_0x00000000005100000x005100000x00697fffpagefile_backedTrue
pagefile_0x00000000006a00000x006a00000x00820fffpagefile_backedTrue
pagefile_0x00000000008300000x008300000x01c2ffffpagefile_backedTrue
private_0x0000000001c300000x01c300000x01caffffprivateTrue
private_0x0000000001d400000x01d400000x01dbffffprivateTrue
private_0x0000000001dd00000x01dd00000x01e4ffffprivateTrue
private_0x0000000001ed00000x01ed00000x01f4ffffprivateTrue
SortDefault.nls0x01f500000x0221efffmapped_fileFalse
private_0x00000000023a00000x023a00000x0241ffffprivateTrue
private_0x00000000024800000x024800000x024fffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
rundll32.exe0xff2300000xff23efffmapped_fileFalse
actxprxy.dll0x7fef75400000x7fef762dfffmapped_fileFalse
dwmapi.dll0x7fefb8300000x7fefb847fffmapped_fileFalse
uxtheme.dll0x7fefbc600000x7fefbcb5fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
imagehlp.dll0x7feff4500000x7feff468fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd6fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x7f8, 0x7b8, 0x7d0, 0x7e0, 0x7e8, 0x7ec
ID#36
OS PID0x410
OS Parent PID0x1c0
Image Nametaskhost.exe
Page Root0x0e99f000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD Linetaskhost.exe SYSTEM
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
taskhost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
private_0x00000000000400000x000400000x00040fffprivateTrue
locale.nls0x000500000x000b6fffmapped_fileFalse
private_0x00000000000c00000x000c00000x000c0fffprivateTrue
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
pagefile_0x00000000000e00000x000e00000x000e0fffpagefile_backedTrue
pagefile_0x00000000000f00000x000f00000x000f0fffpagefile_backedTrue
pagefile_0x00000000001000000x001000000x00102fffpagefile_backedTrue
private_0x00000000001300000x001300000x001affffprivateTrue
private_0x00000000001d00000x001d00000x002cffffprivateTrue
private_0x00000000002d00000x002d00000x003cffffprivateTrue
private_0x00000000003d00000x003d00000x003dffffprivateTrue
pagefile_0x00000000003e00000x003e00000x00567fffpagefile_backedTrue
pagefile_0x00000000005700000x005700000x006f0fffpagefile_backedTrue
pagefile_0x00000000007000000x007000000x007bffffpagefile_backedTrue
private_0x00000000008600000x008600000x008dffffprivateTrue
private_0x00000000009100000x009100000x0098ffffprivateTrue
private_0x00000000009c00000x009c00000x00a3ffffprivateTrue
private_0x0000000000a400000x00a400000x00a4ffffprivateTrue
private_0x0000000000a900000x00a900000x00b0ffffprivateTrue
private_0x0000000000b600000x00b600000x00bdffffprivateTrue
private_0x0000000000ce00000x00ce00000x00d5ffffprivateTrue
SortDefault.nls0x00d600000x0102efffmapped_fileFalse
private_0x00000000011200000x011200000x0119ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
taskhost.exe0xff6b00000xff6c3fffmapped_fileFalse
CertEnroll.dll0x7fef70500000x7fef7235fffmapped_fileFalse
certcli.dll0x7fef73e00000x7fef7453fffmapped_fileFalse
pautoenr.dll0x7fef75200000x7fef752ffffmapped_fileFalse
npmproxy.dll0x7fef82400000x7fef824bfffmapped_fileFalse
dimsjob.dll0x7fef82700000x7fef827dfffmapped_fileFalse
netprofm.dll0x7fef82900000x7fef8303fffmapped_fileFalse
dsrole.dll0x7fefac500000x7fefac5bfffmapped_fileFalse
atl.dll0x7fefac600000x7fefac78fffmapped_fileFalse
nlaapi.dll0x7fefacc00000x7fefacd4fffmapped_fileFalse
taskschd.dll0x7fefadf00000x7fefaf16fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
msasn1.dll0x7fefd4100000x7fefd41efffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
crypt32.dll0x7fefd5e00000x7fefd74bfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd3fffprivateTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x45c, 0x52c, 0x534, 0x540, 0x560, 0x56c, 0x478
ID#37
OS PID0x468
OS Parent PID0x24c
Image Nameslui.exe
Page Root0x0e551000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD LineC:\Windows\System32\slui.exe -Embedding
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
pagefile_0x00000000000200000x000200000x00021fffpagefile_backedTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00042fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
slui.exe.mui0x000d00000x000d2fffmapped_fileFalse
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
private_0x00000000000f00000x000f00000x000f0fffprivateTrue
pagefile_0x00000000001000000x001000000x00100fffpagefile_backedTrue
pagefile_0x00000000001100000x001100000x00111fffpagefile_backedTrue
pagefile_0x00000000001200000x001200000x00120fffpagefile_backedTrue
pagefile_0x00000000001300000x001300000x00130fffpagefile_backedTrue
pagefile_0x00000000001400000x001400000x00141fffpagefile_backedTrue
setupapi.dll.mui0x001500000x0015cfffmapped_fileFalse
private_0x00000000001600000x001600000x001dffffprivateTrue
private_0x00000000001e00000x001e00000x002dffffprivateTrue
pagefile_0x00000000002e00000x002e00000x002e1fffpagefile_backedTrue
sppcomapi.dll0x002f00000x00307fffmapped_fileFalse
stdole2.tlb0x003100000x00313fffmapped_fileFalse
sppcommdlg.dll.mui0x003200000x0032cfffmapped_fileFalse
private_0x00000000003300000x003300000x0042ffffprivateTrue
pagefile_0x00000000004300000x004300000x005b7fffpagefile_backedTrue
netmsg.dll0x005c00000x005c0fffmapped_fileFalse
netmsg.dll.mui0x005d00000x005fffffmapped_fileFalse
private_0x00000000006000000x006000000x0060ffffprivateTrue
pagefile_0x00000000006100000x006100000x00790fffpagefile_backedTrue
pagefile_0x00000000007a00000x007a00000x01b9ffffpagefile_backedTrue
slc.dll.mui0x01ba00000x01badfffmapped_fileFalse
private_0x0000000001bb00000x01bb00000x01bb0fffprivateTrue
private_0x0000000001bd00000x01bd00000x01c4ffffprivateTrue
private_0x0000000001c600000x01c600000x01cdffffprivateTrue
private_0x0000000001d000000x01d000000x01d7ffffprivateTrue
private_0x0000000001d800000x01d800000x01dbffffprivateTrue
private_0x0000000001dd00000x01dd00000x01e4ffffprivateTrue
SortDefault.nls0x01e500000x0211efffmapped_fileFalse
pagefile_0x00000000021200000x021200000x021fefffpagefile_backedTrue
private_0x00000000022100000x022100000x0228ffffprivateTrue
private_0x00000000022c00000x022c00000x0233ffffprivateTrue
private_0x00000000023e00000x023e00000x0245ffffprivateTrue
private_0x00000000024d00000x024d00000x0254ffffprivateTrue
private_0x00000000025800000x025800000x025fffffprivateTrue
private_0x00000000026700000x026700000x026effffprivateTrue
private_0x00000000027800000x027800000x027fffffprivateTrue
private_0x00000000028400000x028400000x028bffffprivateTrue
KernelBase.dll.mui0x028c00000x0297ffffmapped_fileFalse
private_0x00000000029800000x029800000x02a7ffffprivateTrue
private_0x0000000002b000000x02b000000x02b7ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
slui.exe0xffe400000xffe98fffmapped_fileFalse
slwga.dll0x7fefa3f00000x7fefa3f7fffmapped_fileFalse
msi.dll0x7fefa4000000x7fefa71cfffmapped_fileFalse
tapi32.dll0x7fefa7200000x7fefa75ffffmapped_fileFalse
webio.dll0x7fefa7600000x7fefa7c3fffmapped_fileFalse
winhttp.dll0x7fefa7d00000x7fefa840fffmapped_fileFalse
WinSCard.dll0x7fefa8500000x7fefa887fffmapped_fileFalse
sppcext.dll0x7fefa8900000x7fefa9b9fffmapped_fileFalse
sppcomapi.dll0x7fefa9c00000x7fefa9fcfffmapped_fileFalse
sppc.dll0x7fefaa000000x7fefaa26fffmapped_fileFalse
sppcommdlg.dll0x7fefaa300000x7fefaa90fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
rasman.dll0x7fefb3a00000x7fefb3bbfffmapped_fileFalse
rasapi32.dll0x7fefb3c00000x7fefb421fffmapped_fileFalse
wtsapi32.dll0x7fefb6500000x7fefb660fffmapped_fileFalse
winbrand.dll0x7fefb6700000x7fefb677fffmapped_fileFalse
xmllite.dll0x7fefb7f00000x7fefb824fffmapped_fileFalse
dwmapi.dll0x7fefb8300000x7fefb847fffmapped_fileFalse
duser.dll0x7fefb8f00000x7fefb932fffmapped_fileFalse
uxtheme.dll0x7fefbc600000x7fefbcb5fffmapped_fileFalse
comctl32.dll0x7fefbe400000x7fefc033fffmapped_fileFalse
cryptui.dll0x7fefc0400000x7fefc148fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
sxs.dll0x7fefd2c00000x7fefd350fffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
msasn1.dll0x7fefd4100000x7fefd41efffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
crypt32.dll0x7fefd5e00000x7fefd74bfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffdafffprivateTrue
private_0x000007fffffdb0000x7fffffdb0000x7fffffdcfffprivateTrue
private_0x000007fffffdd0000x7fffffdd0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x36c, 0x514, 0x2fc, 0x260, 0x28c, 0x2ac, 0x130, 0x4f4, 0x51c, 0x35c, 0x360, 0x358, 0x528
ID#38
OS PID0x540
OS Parent PID0x198
Image Nameuserinit.exe
Page Root0x0d9d3000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD LineC:\Windows\system32\userinit.exe
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
userinit.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
private_0x00000000000600000x000600000x00060fffprivateTrue
private_0x00000000000700000x000700000x00070fffprivateTrue
private_0x00000000000800000x000800000x000fffffprivateTrue
locale.nls0x001000000x00166fffmapped_fileFalse
private_0x00000000002000000x002000000x0020ffffprivateTrue
private_0x00000000002700000x002700000x0036ffffprivateTrue
private_0x00000000003700000x003700000x0046ffffprivateTrue
pagefile_0x00000000004700000x004700000x005f7fffpagefile_backedTrue
pagefile_0x00000000006000000x006000000x00780fffpagefile_backedTrue
pagefile_0x00000000007900000x007900000x01b8ffffpagefile_backedTrue
pagefile_0x0000000001b900000x01b900000x01c6efffpagefile_backedTrue
private_0x0000000001d400000x01d400000x01dbffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
userinit.exe0xff2000000xff20bfffmapped_fileFalse
dwmapi.dll0x7fefb8300000x7fefb847fffmapped_fileFalse
uxtheme.dll0x7fefbc600000x7fefbcb5fffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd3fffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x51c, 0x3b0, 0x45c
ID#39
OS PID0x320
OS Parent PID0x540
Image Nameexplorer.exe
Page Root0x0d48f000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\Explorer.EXE
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
pagefile_0x00000000000200000x000200000x00021fffpagefile_backedTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00041fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
explorer.exe.mui0x000d00000x000d5fffmapped_fileFalse
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
private_0x00000000000f00000x000f00000x000f0fffprivateTrue
setupapi.dll.mui0x001000000x0010cfffmapped_fileFalse
private_0x00000000001100000x001100000x0011ffffprivateTrue
private_0x00000000001200000x001200000x0015ffffprivateTrue
pagefile_0x00000000001600000x001600000x00160fffpagefile_backedTrue
pagefile_0x00000000001700000x001700000x00171fffpagefile_backedTrue
pagefile_0x00000000001800000x001800000x00180fffpagefile_backedTrue
pagefile_0x00000000001900000x001900000x00191fffpagefile_backedTrue
private_0x00000000001a00000x001a00000x001a0fffprivateTrue
pagefile_0x00000000001b00000x001b00000x001b0fffpagefile_backedTrue
private_0x00000000001c00000x001c00000x0023ffffprivateTrue
private_0x00000000002400000x002400000x00281fffprivateTrue
pagefile_0x00000000002900000x002900000x00291fffpagefile_backedTrue
private_0x00000000002a00000x002a00000x002e1fffprivateTrue
imageres.dll.mui0x002f00000x002f0fffmapped_fileFalse
pagefile_0x00000000002f00000x002f00000x002f1fffpagefile_backedTrue
private_0x00000000003000000x003000000x003fffffprivateTrue
private_0x00000000004000000x004000000x004fffffprivateTrue
pagefile_0x00000000005000000x005000000x00687fffpagefile_backedTrue
pagefile_0x00000000006900000x006900000x00810fffpagefile_backedTrue
pagefile_0x00000000008200000x008200000x01c1ffffpagefile_backedTrue
private_0x0000000001c200000x01c200000x01c79fffprivateTrue
pagefile_0x0000000001c800000x01c800000x01c81fffpagefile_backedTrue
msctf.dll.mui0x01c900000x01c90fffmapped_fileFalse
private_0x0000000001ca00000x01ca00000x01d1ffffprivateTrue
pagefile_0x0000000001d200000x01d200000x01dfefffpagefile_backedTrue
pagefile_0x0000000001e000000x01e000000x01e0ffffpagefile_backedTrue
pagefile_0x0000000001e100000x01e100000x01e1ffffpagefile_backedTrue
pagefile_0x0000000001e200000x01e200000x01e2ffffpagefile_backedTrue
comctl32.dll.mui0x01e300000x01e32fffmapped_fileFalse
private_0x0000000001e400000x01e400000x01e40fffprivateTrue
private_0x0000000001e500000x01e500000x01e50fffprivateTrue
private_0x0000000001e600000x01e600000x01e68fffprivateTrue
private_0x0000000001e600000x01e600000x01e68fffprivateTrue
private_0x0000000001e700000x01e700000x01eeffffprivateTrue
SortDefault.nls0x01ef00000x021befffmapped_fileFalse
private_0x00000000021c00000x021c00000x022bffffprivateTrue
private_0x00000000022c00000x022c00000x023c7fffprivateTrue
private_0x00000000023d00000x023d00000x024cffffprivateTrue
private_0x00000000024d00000x024d00000x024fdfffprivateTrue
cversions.2.db0x025000000x02503fffmapped_fileTrue
private_0x00000000025100000x025100000x0258ffffprivateTrue
private_0x00000000025900000x025900000x0278ffffprivateTrue
{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000026.db0x027900000x027b6fffmapped_fileTrue
{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000013.db0x027c00000x027effffmapped_fileTrue
msutb.dll.mui0x027f00000x027f1fffmapped_fileFalse
private_0x00000000028000000x028000000x02800fffprivateTrue
private_0x00000000028100000x028100000x02810fffprivateTrue
private_0x00000000028200000x028200000x0289ffffprivateTrue
private_0x00000000028a00000x028a00000x0291ffffprivateTrue
explorerframe.dll.mui0x029200000x02924fffmapped_fileFalse
private_0x00000000029300000x029300000x02930fffprivateTrue
private_0x00000000029400000x029400000x02943fffprivateTrue
private_0x00000000029500000x029500000x02953fffprivateTrue
private_0x00000000029600000x029600000x029dffffprivateTrue
private_0x00000000029e00000x029e00000x02adffffprivateTrue
private_0x0000000002ae00000x02ae00000x02b0ffffprivateTrue
private_0x0000000002ae00000x02ae00000x02b0ffffprivateTrue
private_0x0000000002ae00000x02ae00000x02ae0fffprivateTrue
pagefile_0x0000000002af00000x02af00000x02af0fffpagefile_backedTrue
private_0x0000000002b000000x02b000000x02b00fffprivateTrue
pagefile_0x0000000002b100000x02b100000x02b11fffpagefile_backedTrue
pagefile_0x0000000002b200000x02b200000x02b21fffpagefile_backedTrue
pagefile_0x0000000002b300000x02b300000x02b31fffpagefile_backedTrue
private_0x0000000002b400000x02b400000x02bbffffprivateTrue
StaticCache.dat0x02bc00000x034effffmapped_fileFalse
{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db0x034f00000x03555fffmapped_fileTrue
private_0x00000000035600000x035600000x035dffffprivateTrue
private_0x00000000035800000x035800000x035fffffprivateTrue
private_0x00000000035e00000x035e00000x0365ffffprivateTrue
authui.dll.mui0x035e00000x035e6fffmapped_fileFalse
private_0x00000000035f00000x035f00000x035f0fffprivateTrue
private_0x00000000036000000x036000000x03600fffprivateTrue
private_0x00000000036100000x036100000x03610fffprivateTrue
private_0x00000000036200000x036200000x03620fffprivateTrue
private_0x00000000036300000x036300000x03630fffprivateTrue
private_0x00000000036400000x036400000x03640fffprivateTrue
private_0x00000000036500000x036500000x03650fffprivateTrue
private_0x00000000036600000x036600000x03660fffprivateTrue
private_0x00000000036700000x036700000x03670fffprivateTrue
private_0x00000000036800000x036800000x03680fffprivateTrue
private_0x00000000036900000x036900000x03690fffprivateTrue
private_0x00000000036a00000x036a00000x036a0fffprivateTrue
private_0x00000000036b00000x036b00000x036b0fffprivateTrue
private_0x00000000036c00000x036c00000x036c0fffprivateTrue
private_0x00000000036d00000x036d00000x036d0fffprivateTrue
private_0x00000000036e00000x036e00000x03700fffprivateTrue
propsys.dll.mui0x037100000x0371dfffmapped_fileFalse
pagefile_0x00000000037200000x037200000x03721fffpagefile_backedTrue
private_0x00000000037300000x037300000x037affffprivateTrue
cversions.2.db0x037b00000x037b3fffmapped_fileTrue
{80CEF694-92F9-4BDC-B349-951A4243108B}.2.ver0x0000000000000001.db0x037c00000x037c0fffmapped_fileTrue
private_0x00000000037d00000x037d00000x0384ffffprivateTrue
private_0x00000000038500000x038500000x03853fffprivateTrue
private_0x00000000038600000x038600000x03860fffprivateTrue
private_0x00000000038700000x038700000x038effffprivateTrue
stobject.dll.mui0x038700000x03871fffmapped_fileFalse
pagefile_0x00000000038800000x038800000x03881fffpagefile_backedTrue
pagefile_0x00000000038900000x038900000x03891fffpagefile_backedTrue
cversions.2.db0x038a00000x038a3fffmapped_fileTrue
private_0x00000000038b00000x038b00000x038bffffprivateTrue
private_0x00000000038c00000x038c00000x038c0fffprivateTrue
sndvolsso.dll.mui0x038d00000x038d0fffmapped_fileFalse
AltTab.dll.mui0x038e00000x038e0fffmapped_fileFalse
private_0x00000000038f00000x038f00000x03937fffprivateTrue
private_0x00000000039400000x039400000x03940fffprivateTrue
thumbcache_1024.db0x039500000x03950fffmapped_fileTrue
thumbcache_sr.db0x039600000x03960fffmapped_fileTrue
thumbcache_idx.db0x039700000x03973fffmapped_fileTrue
private_0x00000000039800000x039800000x039cffffprivateTrue
pnidui.dll.mui0x039d00000x039d4fffmapped_fileFalse
private_0x00000000039e00000x039e00000x03a5ffffprivateTrue
pagefile_0x0000000003a600000x03a600000x03a61fffpagefile_backedTrue
pagefile_0x0000000003a700000x03a700000x03a71fffpagefile_backedTrue
pagefile_0x0000000003a800000x03a800000x03a81fffpagefile_backedTrue
pagefile_0x0000000003a900000x03a900000x03a91fffpagefile_backedTrue
private_0x0000000003aa00000x03aa00000x03b1ffffprivateTrue
pagefile_0x0000000003b200000x03b200000x03b21fffpagefile_backedTrue
pagefile_0x0000000003b300000x03b300000x03b31fffpagefile_backedTrue
bthprops.cpl.mui0x03b400000x03b46fffmapped_fileFalse
pagefile_0x0000000003b500000x03b500000x03b51fffpagefile_backedTrue
private_0x0000000003b800000x03b800000x03bfffffprivateTrue
private_0x0000000003c300000x03c300000x03caffffprivateTrue
KernelBase.dll.mui0x03cb00000x03d6ffffmapped_fileFalse
private_0x0000000003d800000x03d800000x03dfffffprivateTrue
private_0x0000000003e600000x03e600000x03edffffprivateTrue
private_0x0000000003ee00000x03ee00000x040dffffprivateTrue
thumbcache_32.db0x040e00000x041dffffmapped_fileTrue
thumbcache_96.db0x041e00000x042dffffmapped_fileTrue
thumbcache_256.db0x042e00000x043dffffmapped_fileTrue
private_0x00000000044300000x044300000x044affffprivateTrue
private_0x00000000044b00000x044b00000x0452ffffprivateTrue
private_0x00000000045300000x045300000x045affffprivateTrue
imageres.dll0x045b00000x05904fffmapped_fileFalse
private_0x00000000059400000x059400000x059bffffprivateTrue
private_0x00000000059d00000x059d00000x05a4ffffprivateTrue
private_0x0000000005a600000x05a600000x05adffffprivateTrue
private_0x0000000005b400000x05b400000x05bbffffprivateTrue
private_0x0000000005c500000x05c500000x05ccffffprivateTrue
private_0x0000000005d500000x05d500000x05dcffffprivateTrue
private_0x0000000005e100000x05e100000x05e1ffffprivateTrue
private_0x0000000005ed00000x05ed00000x05f4ffffprivateTrue
private_0x0000000005fb00000x05fb00000x05fbffffprivateTrue
private_0x0000000005fd00000x05fd00000x0604ffffprivateTrue
private_0x00000000060800000x060800000x060fffffprivateTrue
private_0x00000000060e00000x060e00000x0615ffffprivateTrue
private_0x00000000061900000x061900000x0620ffffprivateTrue
private_0x00000000063000000x063000000x0637ffffprivateTrue
private_0x00000000063f00000x063f00000x0646ffffprivateTrue
imageres.dll0x72ad00000x73e25fffmapped_fileFalse
ksuser.dll0x751b00000x751b5fffmapped_fileFalse
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
normaliz.dll0x777c00000x777c2fffmapped_fileFalse
psapi.dll0x777d00000x777d6fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
explorer.exe0xff5900000xff84ffffmapped_fileFalse
FXSAPI.dll0x7fef4a500000x7fef4aecfffmapped_fileFalse
FXSST.dll0x7fef4af00000x7fef4bc6fffmapped_fileFalse
api-ms-win-downlevel-shell32-l1-1-0.dll0x7fef4de00000x7fef4de3fffmapped_fileFalse
ieframe.dll0x7fef4df00000x7fef5ae1fffmapped_fileFalse
ieframe.dll0x7fef52700000x7fef5f61fffmapped_fileFalse
bthprops.cpl0x7fef5af00000x7fef5ba4fffmapped_fileFalse
QAGENT.DLL0x7fef5bb00000x7fef5bf4fffmapped_fileFalse
WWanAPI.dll0x7fef5c000000x7fef5c5dfffmapped_fileFalse
hgcpl.dll0x7fef5c600000x7fef5cb4fffmapped_fileFalse
imapi2.dll0x7fef5cc00000x7fef5d3efffmapped_fileFalse
SyncCenter.dll0x7fef5d400000x7fef5f6afffmapped_fileFalse
ActionCenter.dll0x7fef5f700000x7fef6031fffmapped_fileFalse
mssprxy.dll0x7fef60400000x7fef605cfffmapped_fileFalse
wwapi.dll0x7fef60600000x7fef606cfffmapped_fileFalse
webcheck.dll0x7fef60700000x7fef60aefffmapped_fileFalse
provsvc.dll0x7fef60700000x7fef60a0fffmapped_fileFalse
srchadmin.dll0x7fef65600000x7fef65b7fffmapped_fileFalse
pnidui.dll0x7fef67b00000x7fef696cfffmapped_fileFalse
netshell.dll0x7fef69700000x7fef6bfafffmapped_fileFalse
DXP.dll0x7fef6c000000x7fef6c73fffmapped_fileFalse
prnfldr.dll0x7fef6c800000x7fef6ce8fffmapped_fileFalse
batmeter.dll0x7fef6cf00000x7fef6da9fffmapped_fileFalse
networkexplorer.dll0x7fef6db00000x7fef6f4bfffmapped_fileFalse
gameux.dll0x7fef6f500000x7fef71f2fffmapped_fileFalse
wlanapi.dll0x7fef73500000x7fef736ffffmapped_fileFalse
actxprxy.dll0x7fef75400000x7fef762dfffmapped_fileFalse
winmm.dll0x7fef76d00000x7fef770afffmapped_fileFalse
winspool.drv0x7fef77100000x7fef7780fffmapped_fileFalse
wer.dll0x7fef7e100000x7fef7e8bfffmapped_fileFalse
npmproxy.dll0x7fef82400000x7fef824bfffmapped_fileFalse
netprofm.dll0x7fef82900000x7fef8303fffmapped_fileFalse
ncsi.dll0x7fef93500000x7fef9388fffmapped_fileFalse
msutb.dll0x7fef99c00000x7fef99fcfffmapped_fileFalse
dhcpcsvc.dll0x7fef9d800000x7fef9d97fffmapped_fileFalse
dhcpcsvc6.dll0x7fef9da00000x7fef9db0fffmapped_fileFalse
FWPUCLNT.DLL0x7fef9dd00000x7fef9e22fffmapped_fileFalse
cscobj.dll0x7fefa3f00000x7fefa42efffmapped_fileFalse
cryptui.dll0x7fefa4300000x7fefa538fffmapped_fileFalse
GdiPlus.dll0x7fefa5400000x7fefa755fffmapped_fileFalse
webio.dll0x7fefa7600000x7fefa7c3fffmapped_fileFalse
winhttp.dll0x7fefa7d00000x7fefa840fffmapped_fileFalse
api-ms-win-downlevel-shell32-l1-1-0.dll0x7fefa8900000x7fefa893fffmapped_fileFalse
wlanutil.dll0x7fefa8900000x7fefa896fffmapped_fileFalse
authui.dll0x7fefa8c00000x7fefaa9dfffmapped_fileFalse
winnsi.dll0x7fefab600000x7fefab6afffmapped_fileFalse
IPHLPAPI.DLL0x7fefab700000x7fefab96fffmapped_fileFalse
es.dll0x7fefabd00000x7fefac36fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
atl.dll0x7fefac600000x7fefac78fffmapped_fileFalse
nlaapi.dll0x7fefacc00000x7fefacd4fffmapped_fileFalse
powrprof.dll0x7fefb1500000x7fefb17bfffmapped_fileFalse
QUTIL.DLL0x7fefb2300000x7fefb24efffmapped_fileFalse
stobject.dll0x7fefb2500000x7fefb292fffmapped_fileFalse
tiptsf.dll0x7fefb2d00000x7fefb34efffmapped_fileFalse
avrt.dll0x7fefb3600000x7fefb368fffmapped_fileFalse
Syncreg.dll0x7fefb3a00000x7fefb3b5fffmapped_fileFalse
wdmaud.drv0x7fefb3c00000x7fefb3fafffmapped_fileFalse
msftedit.dll0x7fefb4000000x7fefb4c5fffmapped_fileFalse
samcli.dll0x7fefb4d00000x7fefb4e3fffmapped_fileFalse
wkscli.dll0x7fefb4f00000x7fefb504fffmapped_fileFalse
netutils.dll0x7fefb5100000x7fefb51bfffmapped_fileFalse
msls31.dll0x7fefb5400000x7fefb581fffmapped_fileFalse
shacct.dll0x7fefb5900000x7fefb5b3fffmapped_fileFalse
timedate.cpl0x7fefb5c00000x7fefb642fffmapped_fileFalse
wtsapi32.dll0x7fefb6500000x7fefb660fffmapped_fileFalse
AltTab.dll0x7fefb6700000x7fefb67ffffmapped_fileFalse
WindowsCodecs.dll0x7fefb6800000x7fefb7e0fffmapped_fileFalse
xmllite.dll0x7fefb7f00000x7fefb824fffmapped_fileFalse
xmllite.dll0x7fefb7f00000x7fefb824fffmapped_fileFalse
dwmapi.dll0x7fefb8300000x7fefb847fffmapped_fileFalse
MMDevAPI.dll0x7fefb8500000x7fefb89afffmapped_fileFalse
thumbcache.dll0x7fefb8a00000x7fefb8befffmapped_fileFalse
linkinfo.dll0x7fefb8c00000x7fefb8cbfffmapped_fileFalse
shdocvw.dll0x7fefb8d00000x7fefb903fffmapped_fileFalse
SndVolSSO.dll0x7fefb9100000x7fefb94afffmapped_fileFalse
ntshrui.dll0x7fefb9500000x7fefb9cffffmapped_fileFalse
cscui.dll0x7fefb9d00000x7fefba4dfffmapped_fileFalse
EhStorShell.dll0x7fefba500000x7fefba84fffmapped_fileFalse
ExplorerFrame.dll0x7fefba900000x7fefbc59fffmapped_fileFalse
uxtheme.dll0x7fefbc600000x7fefbcb5fffmapped_fileFalse
propsys.dll0x7fefbcc00000x7fefbdebfffmapped_fileFalse
samlib.dll0x7fefbdf00000x7fefbe0cfffmapped_fileFalse
hid.dll0x7fefbe100000x7fefbe1afffmapped_fileFalse
IconCodecService.dll0x7fefbe200000x7fefbe27fffmapped_fileFalse
cscdll.dll0x7fefbe300000x7fefbe3bfffmapped_fileFalse
comctl32.dll0x7fefbe400000x7fefc033fffmapped_fileFalse
dui70.dll0x7fefc0400000x7fefc131fffmapped_fileFalse
duser.dll0x7fefc1400000x7fefc182fffmapped_fileFalse
cscapi.dll0x7fefc1b00000x7fefc1befffmapped_fileFalse
ntmarta.dll0x7fefc3300000x7fefc35cfffmapped_fileFalse
version.dll0x7fefc5000000x7fefc50bfffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
srvcli.dll0x7fefcd800000x7fefcda2fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
wevtapi.dll0x7fefcf100000x7fefcf7cfffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
winsta.dll0x7fefd2100000x7fefd24cfffmapped_fileFalse
apphelp.dll0x7fefd2500000x7fefd2a6fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
sxs.dll0x7fefd2c00000x7fefd350fffmapped_fileFalse
sxs.dll0x7fefd2c00000x7fefd350fffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
msasn1.dll0x7fefd4100000x7fefd41efffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
api-ms-win-downlevel-ole32-l1-1-0.dll0x7fefd4900000x7fefd493fffmapped_fileFalse
api-ms-win-downlevel-user32-l1-1-0.dll0x7fefd5400000x7fefd543fffmapped_fileFalse
api-ms-win-downlevel-advapi32-l1-1-0.dll0x7fefd5500000x7fefd554fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
api-ms-win-downlevel-version-l1-1-0.dll0x7fefd5d00000x7fefd5d3fffmapped_fileFalse
crypt32.dll0x7fefd5e00000x7fefd74bfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
api-ms-win-downlevel-normaliz-l1-1-0.dll0x7fefd7700000x7fefd772fffmapped_fileFalse
wintrust.dll0x7fefd7800000x7fefd7b9fffmapped_fileFalse
api-ms-win-downlevel-shlwapi-l1-1-0.dll0x7fefd7c00000x7fefd7c3fffmapped_fileFalse
iertutil.dll0x7fefd7d00000x7fefda7afffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
nsi.dll0x7feff0100000x7feff017fffmapped_fileFalse
wininet.dll0x7feff0200000x7feff250fffmapped_fileFalse
urlmon.dll0x7feff2600000x7feff3c7fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ws2_32.dll0x7feff8c00000x7feff90cfffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffff860000x7fffff860000x7fffff87fffprivateTrue
private_0x000007fffff880000x7fffff880000x7fffff89fffprivateTrue
private_0x000007fffff8a0000x7fffff8a0000x7fffff8bfffprivateTrue
private_0x000007fffff8c0000x7fffff8c0000x7fffff8dfffprivateTrue
private_0x000007fffff8e0000x7fffff8e0000x7fffff8ffffprivateTrue
private_0x000007fffff900000x7fffff900000x7fffff91fffprivateTrue
private_0x000007fffff920000x7fffff920000x7fffff93fffprivateTrue
private_0x000007fffff940000x7fffff940000x7fffff95fffprivateTrue
private_0x000007fffff960000x7fffff960000x7fffff97fffprivateTrue
private_0x000007fffff980000x7fffff980000x7fffff99fffprivateTrue
private_0x000007fffff9a0000x7fffff9a0000x7fffff9bfffprivateTrue
private_0x000007fffff9c0000x7fffff9c0000x7fffff9dfffprivateTrue
private_0x000007fffff9e0000x7fffff9e0000x7fffff9ffffprivateTrue
private_0x000007fffffa00000x7fffffa00000x7fffffa1fffprivateTrue
private_0x000007fffffa20000x7fffffa20000x7fffffa3fffprivateTrue
private_0x000007fffffa40000x7fffffa40000x7fffffa5fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd6fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x3cc, 0x80c, 0x810, 0x818, 0x81c, 0x820, 0x860, 0x31c, 0x548, 0x33c, 0x620, 0x314, 0x318, 0x338, 0x350, 0x2ac, 0x130, 0x71c, 0x7a8, 0x3cc, 0x3d0, 0x358, 0x360, 0x4f4, 0x35c, 0x7bc, 0x7d8, 0x37c, 0x3b8, 0x3a0, 0x2fc, 0x260, 0x560, 0x478
ID#40
OS PID0x5b0
OS Parent PID0x1c0
Image Namesearchindexer.exe
Page Root0x101ff000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD LineC:\Windows\system32\SearchIndexer.exe /Embedding
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
SearchIndexer.exe.mui0x000200000x00021fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
private_0x00000000000f00000x000f00000x0016ffffprivateTrue
private_0x00000000000f00000x000f00000x0016ffffprivateTrue
private_0x00000000001700000x001700000x0026ffffprivateTrue
private_0x00000000001700000x001700000x0026ffffprivateTrue
private_0x00000000002700000x002700000x0027ffffprivateTrue
pagefile_0x00000000002800000x002800000x00280fffpagefile_backedTrue
pagefile_0x00000000002900000x002900000x00290fffpagefile_backedTrue
pagefile_0x00000000002a00000x002a00000x002b5fffpagefile_backedTrue
pagefile_0x00000000002c00000x002c00000x002c0fffpagefile_backedTrue
pagefile_0x00000000002d00000x002d00000x002d0fffpagefile_backedTrue
pagefile_0x00000000002e00000x002e00000x002e0fffpagefile_backedTrue
private_0x00000000002f00000x002f00000x003effffprivateTrue
private_0x00000000002f00000x002f00000x003effffprivateTrue
pagefile_0x00000000003f00000x003f00000x00577fffpagefile_backedTrue
pagefile_0x00000000005800000x005800000x00580fffpagefile_backedTrue
cversions.2.db0x005900000x00593fffmapped_fileTrue
cversions.2.db0x005a00000x005a3fffmapped_fileTrue
private_0x00000000005b00000x005b00000x005bffffprivateTrue
private_0x00000000005b00000x005b00000x005bffffprivateTrue
pagefile_0x00000000005c00000x005c00000x00740fffpagefile_backedTrue
pagefile_0x00000000007500000x007500000x0080ffffpagefile_backedTrue
private_0x00000000008100000x008100000x0090ffffprivateTrue
cversions.2.db0x009100000x00913fffmapped_fileTrue
private_0x00000000009200000x009200000x0099ffffprivateTrue
private_0x00000000009200000x009200000x0099ffffprivateTrue
private_0x00000000009a00000x009a00000x00a1ffffprivateTrue
private_0x00000000009a00000x009a00000x00a1ffffprivateTrue
SortDefault.nls0x00a200000x00ceefffmapped_fileFalse
{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000013.db0x00cf00000x00d1ffffmapped_fileTrue
{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db0x00d200000x00d85fffmapped_fileTrue
{80CEF694-92F9-4BDC-B349-951A4243108B}.2.ver0x0000000000000001.db0x00d900000x00d90fffmapped_fileTrue
tquery.dll.mui0x00da00000x00dcffffmapped_fileFalse
private_0x0000000000dd00000x00dd00000x00dd0fffprivateTrue
private_0x0000000000de00000x00de00000x00e5ffffprivateTrue
private_0x0000000000e600000x00e600000x00e67fffprivateTrue
private_0x0000000000e600000x00e600000x00e67fffprivateTrue
private_0x0000000000e700000x00e700000x00eeffffprivateTrue
private_0x0000000000ef00000x00ef00000x00f09fffprivateTrue
private_0x0000000000f100000x00f100000x00f1ffffprivateTrue
private_0x0000000000f200000x00f200000x00f2ffffprivateTrue
private_0x0000000000f300000x00f300000x00f3ffffprivateTrue
private_0x0000000000f300000x00f300000x00f3ffffprivateTrue
private_0x0000000000f400000x00f400000x00f40fffprivateTrue
ESENT.dll.mui0x00f500000x00f67fffmapped_fileFalse
private_0x0000000000f700000x00f700000x00f71fffprivateTrue
private_0x0000000000f800000x00f800000x00ffffffprivateTrue
private_0x0000000000f800000x00f800000x00ffffffprivateTrue
private_0x00000000010000000x010000000x01000fffprivateTrue
private_0x00000000010100000x010100000x01017fffprivateTrue
private_0x00000000010200000x010200000x01027fffprivateTrue
private_0x00000000010300000x010300000x0103ffffprivateTrue
private_0x00000000010400000x010400000x01047fffprivateTrue
private_0x00000000010500000x010500000x01057fffprivateTrue
private_0x00000000010600000x010600000x0106ffffprivateTrue
private_0x00000000010700000x010700000x0107ffffprivateTrue
private_0x00000000010800000x010800000x01087fffprivateTrue
private_0x00000000010900000x010900000x01097fffprivateTrue
private_0x00000000010a00000x010a00000x010a7fffprivateTrue
Windows.edb0x010b00000x010bffffmapped_fileTrue
private_0x00000000010c00000x010c00000x0113ffffprivateTrue
private_0x00000000011400000x011400000x0123ffffprivateTrue
private_0x00000000011400000x011400000x0123ffffprivateTrue
private_0x00000000012400000x012400000x0133ffffprivateTrue
private_0x00000000013400000x013400000x0143ffffprivateTrue
private_0x00000000014400000x014400000x0153ffffprivateTrue
private_0x00000000015400000x015400000x0163ffffprivateTrue
private_0x00000000015400000x015400000x0163ffffprivateTrue
pagefile_0x00000000016400000x016400000x0164ffffpagefile_backedTrue
pagefile_0x00000000016500000x016500000x0165ffffpagefile_backedTrue
pagefile_0x00000000016600000x016600000x0166ffffpagefile_backedTrue
pagefile_0x00000000016700000x016700000x0167ffffpagefile_backedTrue
pagefile_0x00000000016800000x016800000x0168ffffpagefile_backedTrue
pagefile_0x00000000016900000x016900000x0169ffffpagefile_backedTrue
pagefile_0x00000000016a00000x016a00000x016affffpagefile_backedTrue
pagefile_0x00000000016b00000x016b00000x016bffffpagefile_backedTrue
pagefile_0x00000000016c00000x016c00000x016cffffpagefile_backedTrue
pagefile_0x00000000016d00000x016d00000x016dffffpagefile_backedTrue
pagefile_0x00000000016e00000x016e00000x016effffpagefile_backedTrue
pagefile_0x00000000016f00000x016f00000x016fffffpagefile_backedTrue
pagefile_0x00000000017000000x017000000x0170ffffpagefile_backedTrue
pagefile_0x00000000017100000x017100000x0171ffffpagefile_backedTrue
pagefile_0x00000000017200000x017200000x0172ffffpagefile_backedTrue
pagefile_0x00000000017300000x017300000x0173ffffpagefile_backedTrue
pagefile_0x00000000017400000x017400000x0174ffffpagefile_backedTrue
pagefile_0x00000000017500000x017500000x0175ffffpagefile_backedTrue
pagefile_0x00000000017600000x017600000x0176ffffpagefile_backedTrue
pagefile_0x00000000017700000x017700000x0177ffffpagefile_backedTrue
pagefile_0x00000000017800000x017800000x0178ffffpagefile_backedTrue
pagefile_0x00000000017900000x017900000x0179ffffpagefile_backedTrue
pagefile_0x00000000017a00000x017a00000x017affffpagefile_backedTrue
pagefile_0x00000000017b00000x017b00000x017bffffpagefile_backedTrue
pagefile_0x00000000017c00000x017c00000x017cffffpagefile_backedTrue
pagefile_0x00000000017d00000x017d00000x017dffffpagefile_backedTrue
pagefile_0x00000000017e00000x017e00000x017effffpagefile_backedTrue
pagefile_0x00000000017f00000x017f00000x017fffffpagefile_backedTrue
pagefile_0x00000000018000000x018000000x0180ffffpagefile_backedTrue
pagefile_0x00000000018100000x018100000x0181ffffpagefile_backedTrue
pagefile_0x00000000018200000x018200000x0182ffffpagefile_backedTrue
pagefile_0x00000000018300000x018300000x0183ffffpagefile_backedTrue
private_0x00000000018400000x018400000x0193ffffprivateTrue
private_0x00000000018400000x018400000x0193ffffprivateTrue
private_0x00000000019400000x019400000x0293ffffprivateTrue
private_0x00000000019400000x019400000x0293ffffprivateTrue
private_0x00000000029400000x029400000x02a3ffffprivateTrue
pagefile_0x0000000002a400000x02a400000x02abffffpagefile_backedTrue
pagefile_0x0000000002ac00000x02ac00000x02b3ffffpagefile_backedTrue
Windows.edb0x02b400000x02b4ffffmapped_fileTrue
Windows.edb0x02b500000x02b5ffffmapped_fileTrue
Windows.edb0x02b600000x02b6ffffmapped_fileTrue
Windows.edb0x02b700000x02b7ffffmapped_fileTrue
Windows.edb0x02b800000x02b8ffffmapped_fileTrue
Windows.edb0x02b900000x02b9ffffmapped_fileTrue
Windows.edb0x02ba00000x02baffffmapped_fileTrue
Windows.edb0x02bb00000x02bbffffmapped_fileTrue
Windows.edb0x02bc00000x02bcffffmapped_fileTrue
Windows.edb0x02bd00000x02bdffffmapped_fileTrue
Windows.edb0x02be00000x02beffffmapped_fileTrue
Windows.edb0x02bf00000x02bfffffmapped_fileTrue
Windows.edb0x02c000000x02c0ffffmapped_fileTrue
Windows.edb0x02c100000x02c1ffffmapped_fileTrue
Windows.edb0x02c200000x02c2ffffmapped_fileTrue
private_0x0000000002c300000x02c300000x02c3ffffprivateTrue
private_0x0000000002c400000x02c400000x02c4ffffprivateTrue
private_0x0000000002c500000x02c500000x02c5ffffprivateTrue
Windows.edb0x02c600000x02c6ffffmapped_fileTrue
Windows.edb0x02c700000x02c7ffffmapped_fileTrue
Windows.edb0x02c800000x02c8ffffmapped_fileTrue
Windows.edb0x02c900000x02c9ffffmapped_fileTrue
Windows.edb0x02ca00000x02caffffmapped_fileTrue
private_0x0000000002cb00000x02cb00000x02cbffffprivateTrue
Windows.edb0x02cc00000x02ccffffmapped_fileTrue
Windows.edb0x02cd00000x02cdffffmapped_fileTrue
Windows.edb0x02ce00000x02ceffffmapped_fileTrue
Windows.edb0x02cf00000x02cfffffmapped_fileTrue
pagefile_0x0000000002d000000x02d000000x02d00fffpagefile_backedTrue
pagefile_0x0000000002d100000x02d100000x02d1afffpagefile_backedTrue
00010001.wid0x02d300000x02d3ffffmapped_fileTrue
00010001.dir0x02d400000x02d40fffmapped_fileTrue
00010002.wid0x02d500000x02d5ffffmapped_fileTrue
00010002.dir0x02d600000x02d60fffmapped_fileTrue
00010003.wid0x02d700000x02d7ffffmapped_fileTrue
private_0x0000000002d800000x02d800000x02dfffffprivateTrue
00010003.dir0x02e000000x02e00fffmapped_fileTrue
0001000D.wid0x02e100000x02e1ffffmapped_fileTrue
0001000D.dir0x02e200000x02e20fffmapped_fileTrue
00010012.wid0x02e300000x02e3ffffmapped_fileTrue
00010012.dir0x02e400000x02e40fffmapped_fileTrue
00010013.wid0x02e500000x02e5ffffmapped_fileTrue
00010013.dir0x02e600000x02e60fffmapped_fileTrue
private_0x0000000002e700000x02e700000x02eeffffprivateTrue
private_0x0000000002f700000x02f700000x02feffffprivateTrue
private_0x00000000031500000x031500000x031cffffprivateTrue
private_0x00000000032300000x032300000x032affffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
psapi.dll0x777d00000x777d6fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
SearchIndexer.exe0xff1000000xff191fffmapped_fileFalse
SearchIndexer.exe0xff1000000xff191fffmapped_fileFalse
mssprxy.dll0x7fef60400000x7fef605cfffmapped_fileFalse
mssprxy.dll0x7fef60400000x7fef605cfffmapped_fileFalse
tquery.dll.mui0x7fef60b00000x7fef60e0fffmapped_fileFalse
mssrch.dll0x7fef60f00000x7fef6312fffmapped_fileFalse
mssrch.dll0x7fef60f00000x7fef6312fffmapped_fileFalse
tquery.dll0x7fef63200000x7fef6559fffmapped_fileFalse
tquery.dll0x7fef63200000x7fef6559fffmapped_fileFalse
esent.dll0x7fef8ec00000x7fef9139fffmapped_fileFalse
esent.dll0x7fef8ec00000x7fef9139fffmapped_fileFalse
msidle.dll0x7fefb3700000x7fefb376fffmapped_fileFalse
msidle.dll0x7fefb3700000x7fefb376fffmapped_fileFalse
propsys.dll0x7fefbcc00000x7fefbdebfffmapped_fileFalse
ntmarta.dll0x7fefc3300000x7fefc35cfffmapped_fileFalse
credssp.dll0x7fefc8100000x7fefc819fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
secur32.dll0x7fefce200000x7fefce2afffmapped_fileFalse
sspicli.dll0x7fefd0600000x7fefd084fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
Wldap32.dll0x7fefdf000000x7fefdf51fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffa60000x7fffffa60000x7fffffa7fffprivateTrue
private_0x000007fffffa80000x7fffffa80000x7fffffa9fffprivateTrue
private_0x000007fffffaa0000x7fffffaa0000x7fffffabfffprivateTrue
private_0x000007fffffac0000x7fffffac0000x7fffffadfffprivateTrue
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd3fffprivateTrue
private_0x000007fffffd40000x7fffffd40000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x71c, 0x528, 0x358, 0x35c, 0x28c, 0x698, 0x690, 0x560, 0x7d4, 0x804, 0x808, 0x308, 0x130
ID#41
OS PID0x824
OS Parent PID0x5b0
Image Namesearchprotocolhost.exe
Page Root0x0ae8c000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD Line"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-272637189-1204002015-1709914517-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-272637189-1204002015-1709914517-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
private_0x00000000000100000x000100000x0002ffffprivateTrue
private_0x00000000000200000x000200000x00020fffprivateTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
private_0x00000000000400000x000400000x00040fffprivateTrue
locale.nls0x000500000x000b6fffmapped_fileFalse
private_0x00000000000c00000x000c00000x001bffffprivateTrue
private_0x00000000001c00000x001c00000x001c0fffprivateTrue
private_0x00000000001d00000x001d00000x001d0fffprivateTrue
pagefile_0x00000000001e00000x001e00000x001e0fffpagefile_backedTrue
pagefile_0x00000000001f00000x001f00000x001f0fffpagefile_backedTrue
pagefile_0x00000000002000000x002000000x0020ffffpagefile_backedTrue
pagefile_0x00000000002100000x002100000x0021ffffpagefile_backedTrue
private_0x00000000002200000x002200000x0029ffffprivateTrue
private_0x00000000002c00000x002c00000x0033ffffprivateTrue
private_0x00000000003400000x003400000x003bffffprivateTrue
private_0x00000000003e00000x003e00000x004dffffprivateTrue
pagefile_0x00000000004e00000x004e00000x00667fffpagefile_backedTrue
private_0x00000000006d00000x006d00000x006dffffprivateTrue
pagefile_0x00000000006e00000x006e00000x00860fffpagefile_backedTrue
pagefile_0x00000000008700000x008700000x01c6ffffpagefile_backedTrue
private_0x0000000001ca00000x01ca00000x01d1ffffprivateTrue
private_0x0000000001d500000x01d500000x01dcffffprivateTrue
private_0x0000000001e800000x01e800000x01efffffprivateTrue
private_0x0000000001f000000x01f000000x01ffffffprivateTrue
private_0x00000000020200000x020200000x0209ffffprivateTrue
SortDefault.nls0x020a00000x0236efffmapped_fileFalse
private_0x00000000025100000x025100000x0258ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
SearchProtocolHost.exe0xff1b00000xff1f0fffmapped_fileFalse
mapi32.dll0x7fef4bd00000x7fef4beafffmapped_fileFalse
mssvp.dll0x7fef4bf00000x7fef4cb1fffmapped_fileFalse
msshooks.dll0x7fef4dd00000x7fef4dd7fffmapped_fileFalse
mssprxy.dll0x7fef60400000x7fef605cfffmapped_fileFalse
tquery.dll0x7fef63200000x7fef6559fffmapped_fileFalse
cscobj.dll0x7fefa3f00000x7fefa42efffmapped_fileFalse
msidle.dll0x7fefb3700000x7fefb376fffmapped_fileFalse
cscapi.dll0x7fefc1b00000x7fefc1befffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
RpcRtRemote.dll0x7fefd3600000x7fefd373fffmapped_fileFalse
profapi.dll0x7fefd4200000x7fefd42efffmapped_fileFalse
userenv.dll0x7fefd4700000x7fefd48dfffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
private_0x000007fffffae0000x7fffffae0000x7fffffaffffprivateTrue
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd30000x7fffffd30000x7fffffd4fffprivateTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd5fffprivateTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd7fffprivateTrue
private_0x000007fffffd80000x7fffffd80000x7fffffd9fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x828, 0x82c, 0x830, 0x834, 0x854, 0x858, 0x85c
ID#42
OS PID0x838
OS Parent PID0x5b0
Image Namesearchfilterhost.exe
Page Root0x0f2a9000
Monitor Reasonchild_process
Unmonitor Reason(still running)
CMD Line"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
private_0x00000000000200000x000200000x00020fffprivateTrue
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
pagefile_0x00000000000400000x000400000x00040fffpagefile_backedTrue
private_0x00000000000500000x000500000x00050fffprivateTrue
locale.nls0x000600000x000c6fffmapped_fileFalse
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
private_0x00000000000e00000x000e00000x000e0fffprivateTrue
pagefile_0x00000000000f00000x000f00000x000f0fffpagefile_backedTrue
pagefile_0x00000000001000000x001000000x00100fffpagefile_backedTrue
private_0x00000000001200000x001200000x0012ffffprivateTrue
private_0x00000000001a00000x001a00000x0021ffffprivateTrue
pagefile_0x00000000002200000x002200000x002dffffpagefile_backedTrue
private_0x00000000003000000x003000000x003fffffprivateTrue
private_0x00000000004000000x004000000x004fffffprivateTrue
pagefile_0x00000000005000000x005000000x00687fffpagefile_backedTrue
pagefile_0x00000000006900000x006900000x00810fffpagefile_backedTrue
private_0x00000000008200000x008200000x0091ffffprivateTrue
private_0x00000000009600000x009600000x0096ffffprivateTrue
private_0x0000000000a000000x00a000000x00a7ffffprivateTrue
private_0x0000000000b300000x00b300000x00baffffprivateTrue
private_0x0000000000cc00000x00cc00000x00d3ffffprivateTrue
private_0x0000000000d700000x00d700000x00deffffprivateTrue
private_0x0000000000e900000x00e900000x00f0ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
SearchFilterHost.exe0xff9e00000xff9fffffmapped_fileFalse
mscoreei.dll0x7fef4cc00000x7fef4d56fffmapped_fileTrue
mscoree.dll0x7fef4d600000x7fef4dcefffmapped_fileTrue
msshooks.dll0x7fef4dd00000x7fef4dd7fffmapped_fileFalse
tquery.dll0x7fef63200000x7fef6559fffmapped_fileFalse
rsaenh.dll0x7fefc9100000x7fefc956fffmapped_fileFalse
cryptsp.dll0x7fefcc100000x7fefcc26fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd60000x7fffffd60000x7fffffd6fffprivateTrue
private_0x000007fffffda0000x7fffffda0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x840, 0x844, 0x84c, 0x848, 0x83c
ID#43
OS PID0x878
OS Parent PID0x1c0
Image Nametaskhost.exe
Page Root0x0a904000
Monitor Reasonchild_process
Unmonitor Reasonself_terminated
CMD Line"taskhost.exe"
Current DirectoryC:\Windows\system32\
Name Start VA End VA Type Monitored
private_0x00000000000100000x000100000x0002ffffprivateTrue
pagefile_0x00000000000100000x000100000x0001ffffpagefile_backedTrue
taskhost.exe.mui0x000200000x00020fffmapped_fileFalse
pagefile_0x00000000000300000x000300000x00033fffpagefile_backedTrue
private_0x00000000000400000x000400000x00040fffprivateTrue
locale.nls0x000500000x000b6fffmapped_fileFalse
private_0x00000000000c00000x000c00000x000c0fffprivateTrue
private_0x00000000000d00000x000d00000x000d0fffprivateTrue
pagefile_0x00000000000e00000x000e00000x000e0fffpagefile_backedTrue
pagefile_0x00000000000f00000x000f00000x000f0fffpagefile_backedTrue
setupapi.dll.mui0x001000000x0010cfffmapped_fileFalse
private_0x00000000001300000x001300000x0013ffffprivateTrue
private_0x00000000001400000x001400000x001bffffprivateTrue
private_0x00000000001d00000x001d00000x0024ffffprivateTrue
private_0x00000000002500000x002500000x0034ffffprivateTrue
private_0x00000000003500000x003500000x0044ffffprivateTrue
pagefile_0x00000000004500000x004500000x005d7fffpagefile_backedTrue
pagefile_0x00000000005e00000x005e00000x00760fffpagefile_backedTrue
pagefile_0x00000000007700000x007700000x0082ffffpagefile_backedTrue
private_0x00000000008300000x008300000x008affffprivateTrue
private_0x00000000009300000x009300000x009affffprivateTrue
private_0x0000000000a200000x00a200000x00a9ffffprivateTrue
private_0x0000000000b100000x00b100000x00b8ffffprivateTrue
user32.dll0x773e00000x774d9fffmapped_fileFalse
kernel32.dll0x774e00000x775fefffmapped_fileFalse
ntdll.dll0x776000000x777a8fffmapped_fileFalse
private_0x000000007efe00000x7efe00000x7ffdffffprivateTrue
private_0x000000007ffe00000x7ffe00000x7ffeffffprivateTrue
taskhost.exe0xff6b00000xff6c3fffmapped_fileFalse
wlanutil.dll0x7fefa8900000x7fefa896fffmapped_fileFalse
slc.dll0x7fefac400000x7fefac4afffmapped_fileFalse
AuxiliaryDisplayServices.dll0x7fefb2a00000x7fefb2c3fffmapped_fileFalse
wtsapi32.dll0x7fefb6500000x7fefb660fffmapped_fileFalse
cryptbase.dll0x7fefd2b00000x7fefd2befffmapped_fileFalse
cfgmgr32.dll0x7fefd4300000x7fefd465fffmapped_fileFalse
KernelBase.dll0x7fefd5600000x7fefd5cbfffmapped_fileFalse
devobj.dll0x7fefd7500000x7fefd769fffmapped_fileFalse
setupapi.dll0x7fefda800000x7fefdc56fffmapped_fileFalse
advapi32.dll0x7fefdce00000x7fefddbafffmapped_fileFalse
clbcatq.dll0x7fefddc00000x7fefde58fffmapped_fileFalse
msvcrt.dll0x7fefdf600000x7fefdffefffmapped_fileFalse
oleaut32.dll0x7fefe0000000x7fefe0d6fffmapped_fileFalse
shell32.dll0x7fefe0e00000x7fefee67fffmapped_fileFalse
sechost.dll0x7fefee700000x7fefee8efffmapped_fileFalse
msctf.dll0x7fefee900000x7fefef98fffmapped_fileFalse
gdi32.dll0x7fefefa00000x7feff006fffmapped_fileFalse
shlwapi.dll0x7feff3d00000x7feff440fffmapped_fileFalse
usp10.dll0x7feff4700000x7feff538fffmapped_fileFalse
rpcrt4.dll0x7feff5400000x7feff66cfffmapped_fileFalse
lpk.dll0x7feff6700000x7feff67dfffmapped_fileFalse
imm32.dll0x7feff6800000x7feff6adfffmapped_fileFalse
ole32.dll0x7feff6b00000x7feff8b2fffmapped_fileFalse
apisetschema.dll0x7feff9200000x7feff920fffmapped_fileFalse
pagefile_0x000007fffffb00000x7fffffb00000x7fffffd2fffpagefile_backedTrue
private_0x000007fffffd50000x7fffffd50000x7fffffd6fffprivateTrue
private_0x000007fffffd70000x7fffffd70000x7fffffd8fffprivateTrue
private_0x000007fffffd90000x7fffffd90000x7fffffdafffprivateTrue
private_0x000007fffffdb0000x7fffffdb0000x7fffffdbfffprivateTrue
private_0x000007fffffdc0000x7fffffdc0000x7fffffddfffprivateTrue
private_0x000007fffffde0000x7fffffde0000x7fffffdffffprivateTrue
OS TIDs
0x884, 0x888, 0x88c, 0x87c, 0x880
PID Filename MD5 SHA1
0x830c:\users\user\appdata\local\temp\2625.tmp d41d8cd98f00b204e9800998ecf8427eda39a3ee5e6b4b0d3255bfef95601890afd80709
0x830c:\users\user\appdata\local\temp\2625.tmp f1b737d166a077efe10e02a68f1d65dddcfc585361d553ccd91109cb9aeb54d5f022ec44
0x830c:\users\user\appdata\local\temp\2625.tmp f1b737d166a077efe10e02a68f1d65dddcfc585361d553ccd91109cb9aeb54d5f022ec44
Overview Kernel Behavior Statistics PE Info Expand all Collapse all