# Flog Txt Version 1 # Analyzer Version: 4.6.0 # Analyzer Build Date: Jul 8 2022 06:26:21 # Log Creation Date: 05.08.2022 08:53:24.744 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files (x86)\\microsoft office\\office16\\winword.exe" page_root = "0x772a1000" os_pid = "0x11d4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x7b4" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Office16\\WINWORD.EXE\" /n" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 255 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 256 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 257 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 258 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 259 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 260 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 261 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 262 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 263 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 264 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 265 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 266 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 267 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 268 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 269 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 270 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 271 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 272 start_va = 0x520000 end_va = 0x521fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 273 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 274 start_va = 0x540000 end_va = 0x541fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 275 start_va = 0x550000 end_va = 0x551fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 276 start_va = 0x560000 end_va = 0x561fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 277 start_va = 0x570000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 278 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 279 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 280 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 281 start_va = 0x5b0000 end_va = 0x5b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 282 start_va = 0x5c0000 end_va = 0x5c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 283 start_va = 0x5d0000 end_va = 0x5dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 284 start_va = 0x5e0000 end_va = 0x5eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 285 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 286 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 287 start_va = 0x610000 end_va = 0x613fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 288 start_va = 0x630000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 289 start_va = 0x730000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 290 start_va = 0x830000 end_va = 0x8d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wwintl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\1033\\WWINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\1033\\wwintl.dll") Region: id = 291 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 292 start_va = 0x910000 end_va = 0xa97fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 293 start_va = 0xaa0000 end_va = 0xc20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000aa0000" filename = "" Region: id = 294 start_va = 0xc30000 end_va = 0xc6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 295 start_va = 0xcd0000 end_va = 0xcd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cd0000" filename = "" Region: id = 296 start_va = 0xce0000 end_va = 0xce0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 297 start_va = 0xd50000 end_va = 0xd8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 298 start_va = 0xd90000 end_va = 0xd90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 299 start_va = 0xda0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 300 start_va = 0xdc0000 end_va = 0xf78fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 301 start_va = 0xf80000 end_va = 0x1287fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso40uires.dll") Region: id = 302 start_va = 0x1300000 end_va = 0x132dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001300000" filename = "" Region: id = 303 start_va = 0x1330000 end_va = 0x1330fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 304 start_va = 0x1340000 end_va = 0x1340fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 305 start_va = 0x1350000 end_va = 0x1527fff monitored = 0 entry_point = 0x1351000 region_type = mapped_file name = "winword.exe" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\WINWORD.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\winword.exe") Region: id = 306 start_va = 0x1530000 end_va = 0x292ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001530000" filename = "" Region: id = 307 start_va = 0x2930000 end_va = 0x3250fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso99lres.dll") Region: id = 308 start_va = 0x3260000 end_va = 0x809efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msores.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\msores.dll") Region: id = 309 start_va = 0x80a0000 end_va = 0x8214fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 310 start_va = 0x8220000 end_va = 0x831ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008220000" filename = "" Region: id = 311 start_va = 0x8320000 end_va = 0x8656fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 312 start_va = 0x8660000 end_va = 0x875ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008660000" filename = "" Region: id = 313 start_va = 0x8760000 end_va = 0x879ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008760000" filename = "" Region: id = 314 start_va = 0x87a0000 end_va = 0x889ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000087a0000" filename = "" Region: id = 315 start_va = 0x88a0000 end_va = 0x899ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000088a0000" filename = "" Region: id = 316 start_va = 0x89a0000 end_va = 0x89dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000089a0000" filename = "" Region: id = 317 start_va = 0x89e0000 end_va = 0x8adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000089e0000" filename = "" Region: id = 318 start_va = 0x8ae0000 end_va = 0x8b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ae0000" filename = "" Region: id = 319 start_va = 0x8b20000 end_va = 0x8c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b20000" filename = "" Region: id = 320 start_va = 0x8c20000 end_va = 0x8c68fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 321 start_va = 0x8c70000 end_va = 0x8d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008c70000" filename = "" Region: id = 322 start_va = 0x8d70000 end_va = 0x956ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1560258661-3990802383-1811730007-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat") Region: id = 323 start_va = 0x9570000 end_va = 0x996ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009570000" filename = "" Region: id = 324 start_va = 0x9970000 end_va = 0x9a2bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009970000" filename = "" Region: id = 325 start_va = 0x9a30000 end_va = 0x9a33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009a30000" filename = "" Region: id = 326 start_va = 0x9a40000 end_va = 0x9f31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009a40000" filename = "" Region: id = 327 start_va = 0x9f40000 end_va = 0x9f40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f40000" filename = "" Region: id = 328 start_va = 0x9f50000 end_va = 0x9f50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f50000" filename = "" Region: id = 329 start_va = 0x9f60000 end_va = 0x9f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f60000" filename = "" Region: id = 330 start_va = 0x9fa0000 end_va = 0xa09ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009fa0000" filename = "" Region: id = 331 start_va = 0xa0a0000 end_va = 0xa0a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a0a0000" filename = "" Region: id = 332 start_va = 0xa0b0000 end_va = 0xa0effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a0b0000" filename = "" Region: id = 333 start_va = 0xa0f0000 end_va = 0xa1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a0f0000" filename = "" Region: id = 334 start_va = 0xa1f0000 end_va = 0xa1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a1f0000" filename = "" Region: id = 335 start_va = 0xa200000 end_va = 0xa23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a200000" filename = "" Region: id = 336 start_va = 0xa240000 end_va = 0xa33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a240000" filename = "" Region: id = 337 start_va = 0xa340000 end_va = 0xa343fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a340000" filename = "" Region: id = 338 start_va = 0xa350000 end_va = 0xa350fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a350000" filename = "" Region: id = 339 start_va = 0xa360000 end_va = 0xa360fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a360000" filename = "" Region: id = 340 start_va = 0xa370000 end_va = 0xa37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a370000" filename = "" Region: id = 341 start_va = 0xa380000 end_va = 0xa38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a380000" filename = "" Region: id = 342 start_va = 0xa390000 end_va = 0xab8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a390000" filename = "" Region: id = 343 start_va = 0xab90000 end_va = 0xabcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ab90000" filename = "" Region: id = 344 start_va = 0xabd0000 end_va = 0xaccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000abd0000" filename = "" Region: id = 345 start_va = 0xacd0000 end_va = 0xad0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000acd0000" filename = "" Region: id = 346 start_va = 0xad10000 end_va = 0xae0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ad10000" filename = "" Region: id = 347 start_va = 0xae10000 end_va = 0xae4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ae10000" filename = "" Region: id = 348 start_va = 0xae50000 end_va = 0xaf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ae50000" filename = "" Region: id = 349 start_va = 0xaf50000 end_va = 0xaf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000af50000" filename = "" Region: id = 350 start_va = 0xaf90000 end_va = 0xb08ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000af90000" filename = "" Region: id = 351 start_va = 0xb090000 end_va = 0xb0cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b090000" filename = "" Region: id = 352 start_va = 0xb0d0000 end_va = 0xb1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b0d0000" filename = "" Region: id = 353 start_va = 0xb1d0000 end_va = 0xb1d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 354 start_va = 0xb1e0000 end_va = 0xb1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1e0000" filename = "" Region: id = 355 start_va = 0xb330000 end_va = 0xb52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b330000" filename = "" Region: id = 356 start_va = 0xb530000 end_va = 0xb5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b530000" filename = "" Region: id = 357 start_va = 0xb5b0000 end_va = 0xb5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\SysWOW64\\msxml6r.dll" (normalized: "c:\\windows\\syswow64\\msxml6r.dll") Region: id = 358 start_va = 0xb5c0000 end_va = 0xb5d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db") Region: id = 359 start_va = 0xb5e0000 end_va = 0xb5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b5e0000" filename = "" Region: id = 360 start_va = 0xb5f0000 end_va = 0xb5f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5f0000" filename = "" Region: id = 361 start_va = 0xb600000 end_va = 0xb601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b600000" filename = "" Region: id = 362 start_va = 0xb610000 end_va = 0xb610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b610000" filename = "" Region: id = 363 start_va = 0xb620000 end_va = 0xb621fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b620000" filename = "" Region: id = 364 start_va = 0xb630000 end_va = 0xb63ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b630000" filename = "" Region: id = 365 start_va = 0xb640000 end_va = 0xb64ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b640000" filename = "" Region: id = 366 start_va = 0xb650000 end_va = 0xb65ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b650000" filename = "" Region: id = 367 start_va = 0xb660000 end_va = 0xb66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b660000" filename = "" Region: id = 368 start_va = 0xb670000 end_va = 0xb74ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 369 start_va = 0xb750000 end_va = 0xc74ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 370 start_va = 0xc750000 end_va = 0xc82efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 371 start_va = 0xc830000 end_va = 0xcc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c830000" filename = "" Region: id = 372 start_va = 0xcc30000 end_va = 0xcc71fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "d2d1.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\d2d1.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\d2d1.dll.mui") Region: id = 373 start_va = 0xcc80000 end_va = 0xcd55fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cc80000" filename = "" Region: id = 374 start_va = 0xcd60000 end_va = 0xce35fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cd60000" filename = "" Region: id = 375 start_va = 0xce40000 end_va = 0xce5efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ce40000" filename = "" Region: id = 376 start_va = 0xce60000 end_va = 0xce7efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ce60000" filename = "" Region: id = 377 start_va = 0xd160000 end_va = 0xd564fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d160000" filename = "" Region: id = 378 start_va = 0xd570000 end_va = 0xd980fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d570000" filename = "" Region: id = 379 start_va = 0xd990000 end_va = 0xdd96fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d990000" filename = "" Region: id = 380 start_va = 0xddb0000 end_va = 0xde2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ddb0000" filename = "" Region: id = 381 start_va = 0xde30000 end_va = 0xde40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 382 start_va = 0xde50000 end_va = 0xee8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 383 start_va = 0xee90000 end_va = 0xf36dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ee90000" filename = "" Region: id = 384 start_va = 0x34400000 end_va = 0x3440ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034400000" filename = "" Region: id = 385 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 386 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 387 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 388 start_va = 0x689f0000 end_va = 0x68a12fff monitored = 0 entry_point = 0x68a069b0 region_type = mapped_file name = "globinputhost.dll" filename = "\\Windows\\SysWOW64\\globinputhost.dll" (normalized: "c:\\windows\\syswow64\\globinputhost.dll") Region: id = 389 start_va = 0x68a20000 end_va = 0x68a71fff monitored = 0 entry_point = 0x68a48290 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\SysWOW64\\BCP47Langs.dll" (normalized: "c:\\windows\\syswow64\\bcp47langs.dll") Region: id = 390 start_va = 0x68a80000 end_va = 0x68bb1fff monitored = 0 entry_point = 0x68aebf60 region_type = mapped_file name = "windows.globalization.dll" filename = "\\Windows\\SysWOW64\\Windows.Globalization.dll" (normalized: "c:\\windows\\syswow64\\windows.globalization.dll") Region: id = 391 start_va = 0x69830000 end_va = 0x69850fff monitored = 0 entry_point = 0x6983bdb0 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\SysWOW64\\cabinet.dll" (normalized: "c:\\windows\\syswow64\\cabinet.dll") Region: id = 392 start_va = 0x69860000 end_va = 0x6a054fff monitored = 0 entry_point = 0x698c5279 region_type = mapped_file name = "chart.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\CHART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\chart.dll") Region: id = 393 start_va = 0x6a060000 end_va = 0x6a0f2fff monitored = 0 entry_point = 0x6a080ec0 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\SysWOW64\\twinapi.dll" (normalized: "c:\\windows\\syswow64\\twinapi.dll") Region: id = 394 start_va = 0x6a100000 end_va = 0x6a2eefff monitored = 0 entry_point = 0x6a145e20 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\SysWOW64\\msxml6.dll" (normalized: "c:\\windows\\syswow64\\msxml6.dll") Region: id = 395 start_va = 0x6a2f0000 end_va = 0x6a356fff monitored = 0 entry_point = 0x6a305a00 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 396 start_va = 0x6a360000 end_va = 0x6a393fff monitored = 0 entry_point = 0x6a378280 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\SysWOW64\\netprofm.dll" (normalized: "c:\\windows\\syswow64\\netprofm.dll") Region: id = 397 start_va = 0x6a3a0000 end_va = 0x6a541fff monitored = 0 entry_point = 0x6a3a1000 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\riched20.dll") Region: id = 398 start_va = 0x6a550000 end_va = 0x6a5ccfff monitored = 0 entry_point = 0x6a560db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 399 start_va = 0x6a5d0000 end_va = 0x6a628fff monitored = 0 entry_point = 0x6a5e0780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 400 start_va = 0x6a630000 end_va = 0x6a7a2fff monitored = 0 entry_point = 0x6a6dd220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 401 start_va = 0x6a7b0000 end_va = 0x6a80bfff monitored = 0 entry_point = 0x6a7b8880 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\SysWOW64\\d3d10_1core.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1core.dll") Region: id = 402 start_va = 0x6a810000 end_va = 0x6a927fff monitored = 0 entry_point = 0x6a8140b1 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\msptls.dll") Region: id = 403 start_va = 0x6a930000 end_va = 0x6acb8fff monitored = 0 entry_point = 0x6a9ccc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 404 start_va = 0x6acc0000 end_va = 0x6ba71fff monitored = 0 entry_point = 0x6acc1000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso.dll") Region: id = 405 start_va = 0x6ba80000 end_va = 0x6c017fff monitored = 0 entry_point = 0x6ba81000 region_type = mapped_file name = "mso99lwin32client.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso99lwin32client.dll") Region: id = 406 start_va = 0x6c020000 end_va = 0x6c734fff monitored = 0 entry_point = 0x6c021000 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 407 start_va = 0x6c740000 end_va = 0x6ca41fff monitored = 0 entry_point = 0x6c741000 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 408 start_va = 0x6ca50000 end_va = 0x6e6b1fff monitored = 0 entry_point = 0x6ca51000 region_type = mapped_file name = "wwlib.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\WWLIB.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\wwlib.dll") Region: id = 409 start_va = 0x6e6c0000 end_va = 0x6e6ecfff monitored = 0 entry_point = 0x6e6d2b00 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll") Region: id = 410 start_va = 0x6e760000 end_va = 0x6e775fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 411 start_va = 0x6e780000 end_va = 0x6e788fff monitored = 0 entry_point = 0x6e783830 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\SysWOW64\\npmproxy.dll" (normalized: "c:\\windows\\syswow64\\npmproxy.dll") Region: id = 412 start_va = 0x6e790000 end_va = 0x6e797fff monitored = 0 entry_point = 0x6e7917b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 413 start_va = 0x6e7a0000 end_va = 0x6e7cbfff monitored = 0 entry_point = 0x6e7c24b0 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\SysWOW64\\d3d10_1.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1.dll") Region: id = 414 start_va = 0x6e7d0000 end_va = 0x6e813fff monitored = 0 entry_point = 0x6e7eaaf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll") Region: id = 415 start_va = 0x6e820000 end_va = 0x6e82efff monitored = 0 entry_point = 0x6e822a50 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 416 start_va = 0x6e830000 end_va = 0x6e84cfff monitored = 0 entry_point = 0x6e837240 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll") Region: id = 417 start_va = 0x6e850000 end_va = 0x6e86ffff monitored = 0 entry_point = 0x6e862810 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 418 start_va = 0x6e870000 end_va = 0x6e875fff monitored = 0 entry_point = 0x6e871490 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 419 start_va = 0x6e880000 end_va = 0x6ea54fff monitored = 0 entry_point = 0x6e881000 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 420 start_va = 0x6ea60000 end_va = 0x6f651fff monitored = 0 entry_point = 0x6ea61000 region_type = mapped_file name = "oart.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\OART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\oart.dll") Region: id = 421 start_va = 0x6f660000 end_va = 0x6f6cffff monitored = 0 entry_point = 0x6f69ec20 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\SysWOW64\\msvcp140.dll" (normalized: "c:\\windows\\syswow64\\msvcp140.dll") Region: id = 422 start_va = 0x6f6d0000 end_va = 0x6f83afff monitored = 0 entry_point = 0x6f73e360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 423 start_va = 0x6f840000 end_va = 0x6f920fff monitored = 0 entry_point = 0x6f86e6b0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 424 start_va = 0x6f930000 end_va = 0x6f943fff monitored = 0 entry_point = 0x6f93e290 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\SysWOW64\\vcruntime140.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140.dll") Region: id = 425 start_va = 0x6fc60000 end_va = 0x6fdaafff monitored = 0 entry_point = 0x6fcc1660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 426 start_va = 0x6fdb0000 end_va = 0x6fde2fff monitored = 0 entry_point = 0x6fdc0e70 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 427 start_va = 0x6fdf0000 end_va = 0x6fdf9fff monitored = 0 entry_point = 0x6fdf3200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 428 start_va = 0x6ff10000 end_va = 0x70127fff monitored = 0 entry_point = 0x6ffb97b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\SysWOW64\\d3d10warp.dll" (normalized: "c:\\windows\\syswow64\\d3d10warp.dll") Region: id = 429 start_va = 0x70660000 end_va = 0x7072cfff monitored = 0 entry_point = 0x706b29c0 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll") Region: id = 430 start_va = 0x70730000 end_va = 0x707d6fff monitored = 0 entry_point = 0x70766240 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\SysWOW64\\dcomp.dll" (normalized: "c:\\windows\\syswow64\\dcomp.dll") Region: id = 431 start_va = 0x707e0000 end_va = 0x709f9fff monitored = 0 entry_point = 0x70875550 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll") Region: id = 432 start_va = 0x70a50000 end_va = 0x70ad2fff monitored = 0 entry_point = 0x70a737c0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll") Region: id = 433 start_va = 0x70ae0000 end_va = 0x70cd0fff monitored = 0 entry_point = 0x70bc3cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 434 start_va = 0x70d70000 end_va = 0x711fdfff monitored = 0 entry_point = 0x710fa320 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\SysWOW64\\d2d1.dll" (normalized: "c:\\windows\\syswow64\\d2d1.dll") Region: id = 435 start_va = 0x713a0000 end_va = 0x713bcfff monitored = 0 entry_point = 0x713a3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 436 start_va = 0x71560000 end_va = 0x7157afff monitored = 0 entry_point = 0x71569050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 437 start_va = 0x72cb0000 end_va = 0x72d24fff monitored = 0 entry_point = 0x72ce9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 438 start_va = 0x72dd0000 end_va = 0x72fdefff monitored = 0 entry_point = 0x72e7b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 439 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 440 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 441 start_va = 0x73f20000 end_va = 0x73f2efff monitored = 0 entry_point = 0x73f22e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 442 start_va = 0x73f30000 end_va = 0x73f8efff monitored = 0 entry_point = 0x73f34af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 443 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 444 start_va = 0x74340000 end_va = 0x743c3fff monitored = 0 entry_point = 0x74366220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 445 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 446 start_va = 0x74520000 end_va = 0x745acfff monitored = 0 entry_point = 0x74569b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 447 start_va = 0x745b0000 end_va = 0x74aa8fff monitored = 0 entry_point = 0x747b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 448 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 449 start_va = 0x74dc0000 end_va = 0x74eaafff monitored = 0 entry_point = 0x74dfd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 450 start_va = 0x74eb0000 end_va = 0x762aefff monitored = 0 entry_point = 0x7506b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 451 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 452 start_va = 0x76470000 end_va = 0x764b3fff monitored = 0 entry_point = 0x76477410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 453 start_va = 0x764e0000 end_va = 0x765fefff monitored = 0 entry_point = 0x76525980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 454 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 455 start_va = 0x76680000 end_va = 0x76711fff monitored = 0 entry_point = 0x766b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 456 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 457 start_va = 0x76800000 end_va = 0x76836fff monitored = 0 entry_point = 0x76803b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 458 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 459 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 460 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 461 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 462 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 463 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 464 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 465 start_va = 0x77170000 end_va = 0x771c9fff monitored = 0 entry_point = 0x77197e70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\SysWOW64\\coml2.dll" (normalized: "c:\\windows\\syswow64\\coml2.dll") Region: id = 466 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 467 start_va = 0x7fea0000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fea0000" filename = "" Region: id = 468 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 469 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 470 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 471 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 472 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 473 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 474 start_va = 0x717a0000 end_va = 0x7191dfff monitored = 0 entry_point = 0x7181c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 475 start_va = 0x73b80000 end_va = 0x73e4afff monitored = 0 entry_point = 0x73dbc4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 476 start_va = 0x620000 end_va = 0x620fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 477 start_va = 0x9a40000 end_va = 0x9e3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009a40000" filename = "" Region: id = 478 start_va = 0x9e40000 end_va = 0x9ebffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "new order ( my 01-22-dthi .doc.rtfdcf6877001f416aa459a9bb0a22daartfdcf6877001f416aa459a9bb0a22daartf" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\New Order ( MY 01-22-DTHI .doc.rtfdcf6877001f416aa459a9bb0a22daartfdcf6877001f416aa459a9bb0a22daartf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\new order ( my 01-22-dthi .doc.rtfdcf6877001f416aa459a9bb0a22daartfdcf6877001f416aa459a9bb0a22daartf") Region: id = 479 start_va = 0x8e0000 end_va = 0x8e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 480 start_va = 0xc70000 end_va = 0xcaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 481 start_va = 0xcf0000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 482 start_va = 0x1290000 end_va = 0x12cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001290000" filename = "" Region: id = 483 start_va = 0x9a40000 end_va = 0x9b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009a40000" filename = "" Region: id = 484 start_va = 0x9b40000 end_va = 0x9c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009b40000" filename = "" Region: id = 485 start_va = 0x9c40000 end_va = 0x9d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c40000" filename = "" Region: id = 486 start_va = 0x697b0000 end_va = 0x69816fff monitored = 0 entry_point = 0x697cb610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 487 start_va = 0x69820000 end_va = 0x6982cfff monitored = 0 entry_point = 0x69823520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 488 start_va = 0x69790000 end_va = 0x697a0fff monitored = 0 entry_point = 0x69798fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 489 start_va = 0x696d0000 end_va = 0x6978efff monitored = 0 entry_point = 0x69701e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 490 start_va = 0x69640000 end_va = 0x696c0fff monitored = 0 entry_point = 0x6965b260 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 491 start_va = 0xf370000 end_va = 0xf76ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f370000" filename = "" Region: id = 492 start_va = 0x9d40000 end_va = 0x9dbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~wrf{c93f2bb4-d254-4cdc-ac13-dc54b5374f78}.tmp" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.Word\\~WRF{C93F2BB4-D254-4CDC-AC13-DC54B5374F78}.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\content.word\\~wrf{c93f2bb4-d254-4cdc-ac13-dc54b5374f78}.tmp") Region: id = 493 start_va = 0xce80000 end_va = 0xd28cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ce80000" filename = "" Region: id = 494 start_va = 0xd290000 end_va = 0xd692fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d290000" filename = "" Region: id = 495 start_va = 0xd6a0000 end_va = 0xdaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d6a0000" filename = "" Region: id = 496 start_va = 0x8f0000 end_va = 0x8f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 497 start_va = 0x9dc0000 end_va = 0x9e04fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db") Region: id = 498 start_va = 0xcb0000 end_va = 0xcb3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 499 start_va = 0x9e10000 end_va = 0x9e9dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 500 start_va = 0xd30000 end_va = 0xd40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 501 start_va = 0xcc0000 end_va = 0xcc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 502 start_va = 0x12d0000 end_va = 0x12d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012d0000" filename = "" Region: id = 503 start_va = 0x12e0000 end_va = 0x12e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 504 start_va = 0xf770000 end_va = 0xfc61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f770000" filename = "" Region: id = 505 start_va = 0xb1f0000 end_va = 0xb2e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 506 start_va = 0x70a00000 end_va = 0x70a40fff monitored = 0 entry_point = 0x70a07fe0 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\SysWOW64\\DataExchange.dll" (normalized: "c:\\windows\\syswow64\\dataexchange.dll") Region: id = 507 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012e0000" filename = "" Region: id = 508 start_va = 0xfc70000 end_va = 0x1002cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000fc70000" filename = "" Region: id = 509 start_va = 0x10030000 end_va = 0x103ecfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000010030000" filename = "" Region: id = 510 start_va = 0x7fe90000 end_va = 0x7fe9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe90000" filename = "" Region: id = 511 start_va = 0xdab0000 end_va = 0xdbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dab0000" filename = "" Region: id = 512 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 513 start_va = 0x12f0000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 514 start_va = 0x9ea0000 end_va = 0x9eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ea0000" filename = "" Region: id = 515 start_va = 0x9ea0000 end_va = 0x9eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ea0000" filename = "" Region: id = 516 start_va = 0xdbb0000 end_va = 0xdc57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dbb0000" filename = "" Region: id = 517 start_va = 0x9ea0000 end_va = 0x9eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ea0000" filename = "" Region: id = 518 start_va = 0x9eb0000 end_va = 0x9ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009eb0000" filename = "" Region: id = 519 start_va = 0x9eb0000 end_va = 0x9ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009eb0000" filename = "" Region: id = 520 start_va = 0x9ec0000 end_va = 0x9ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ec0000" filename = "" Region: id = 521 start_va = 0x9ed0000 end_va = 0x9edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ed0000" filename = "" Region: id = 522 start_va = 0x9ee0000 end_va = 0x9eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ee0000" filename = "" Region: id = 523 start_va = 0x76b50000 end_va = 0x76b54fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll") Region: id = 524 start_va = 0x9ec0000 end_va = 0x9ed1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normidna.nls" filename = "\\Windows\\System32\\normidna.nls" (normalized: "c:\\windows\\system32\\normidna.nls") Region: id = 525 start_va = 0x9ee0000 end_va = 0x9ee1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009ee0000" filename = "" Region: id = 526 start_va = 0x69630000 end_va = 0x6963afff monitored = 0 entry_point = 0x69632150 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 527 start_va = 0x69560000 end_va = 0x69628fff monitored = 0 entry_point = 0x69573180 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll") Region: id = 528 start_va = 0x69540000 end_va = 0x6955bfff monitored = 0 entry_point = 0x69544720 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 529 start_va = 0x9ef0000 end_va = 0x9ef0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009ef0000" filename = "" Region: id = 530 start_va = 0x103f0000 end_va = 0x10beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000103f0000" filename = "" Region: id = 531 start_va = 0x9f00000 end_va = 0x9f0cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009f00000" filename = "" Region: id = 532 start_va = 0x9f10000 end_va = 0x9f1cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009f10000" filename = "" Region: id = 533 start_va = 0x694f0000 end_va = 0x69538fff monitored = 0 entry_point = 0x694f6450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 534 start_va = 0x9f20000 end_va = 0x9f21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f20000" filename = "" Region: id = 535 start_va = 0x9f30000 end_va = 0x9f30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f30000" filename = "" Region: id = 536 start_va = 0xb2f0000 end_va = 0xb2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2f0000" filename = "" Region: id = 537 start_va = 0x7fe80000 end_va = 0x7fe8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe80000" filename = "" Region: id = 538 start_va = 0xb2f0000 end_va = 0xb2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2f0000" filename = "" Region: id = 539 start_va = 0x10bf0000 end_va = 0x10deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010bf0000" filename = "" Region: id = 540 start_va = 0xdc60000 end_va = 0xdd46fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 541 start_va = 0xb2f0000 end_va = 0xb2f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2f0000" filename = "" Region: id = 542 start_va = 0xb300000 end_va = 0xb301fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b300000" filename = "" Region: id = 543 start_va = 0xb310000 end_va = 0xb311fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b310000" filename = "" Region: id = 544 start_va = 0xb320000 end_va = 0xb321fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b320000" filename = "" Region: id = 545 start_va = 0xdd50000 end_va = 0xdd50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dd50000" filename = "" Region: id = 546 start_va = 0x10df0000 end_va = 0x10ee2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 547 start_va = 0x10ef0000 end_va = 0x10fb5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\calibril.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 548 start_va = 0x694e0000 end_va = 0x694eefff monitored = 0 entry_point = 0x694e3f00 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 549 start_va = 0xdd60000 end_va = 0xdd61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dd60000" filename = "" Region: id = 550 start_va = 0xdd70000 end_va = 0xdd71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dd70000" filename = "" Region: id = 551 start_va = 0x10fc0000 end_va = 0x110a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\calibrili.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 552 start_va = 0xdd80000 end_va = 0xdd80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000dd80000" filename = "" Region: id = 553 start_va = 0x110b0000 end_va = 0x111b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000110b0000" filename = "" Region: id = 554 start_va = 0x110b0000 end_va = 0x111b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000110b0000" filename = "" Region: id = 555 start_va = 0x110b0000 end_va = 0x111b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000110b0000" filename = "" Region: id = 556 start_va = 0xdd80000 end_va = 0xdd80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000dd80000" filename = "" Region: id = 557 start_va = 0x110b0000 end_va = 0x111b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000110b0000" filename = "" Region: id = 558 start_va = 0x110b0000 end_va = 0x111b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000110b0000" filename = "" Region: id = 559 start_va = 0x110b0000 end_va = 0x11157fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000110b0000" filename = "" Region: id = 560 start_va = 0x11160000 end_va = 0x11251fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011160000" filename = "" Region: id = 561 start_va = 0x11260000 end_va = 0x113c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011260000" filename = "" Region: id = 562 start_va = 0x113d0000 end_va = 0x115f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000113d0000" filename = "" Region: id = 563 start_va = 0xdd80000 end_va = 0xdd81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dd80000" filename = "" Region: id = 564 start_va = 0xdd90000 end_va = 0xdd91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dd90000" filename = "" Region: id = 565 start_va = 0xdda0000 end_va = 0xdda1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dda0000" filename = "" Region: id = 566 start_va = 0x110b0000 end_va = 0x110b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000110b0000" filename = "" Region: id = 567 start_va = 0x110c0000 end_va = 0x110c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000110c0000" filename = "" Region: id = 568 start_va = 0x110d0000 end_va = 0x110d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000110d0000" filename = "" Region: id = 569 start_va = 0x110e0000 end_va = 0x111d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 570 start_va = 0x111e0000 end_va = 0x111e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000111e0000" filename = "" Region: id = 571 start_va = 0x111f0000 end_va = 0x111f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000111f0000" filename = "" Region: id = 572 start_va = 0x11200000 end_va = 0x11201fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011200000" filename = "" Region: id = 573 start_va = 0x11210000 end_va = 0x11211fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011210000" filename = "" Region: id = 574 start_va = 0x11220000 end_va = 0x11221fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011220000" filename = "" Region: id = 575 start_va = 0x11230000 end_va = 0x11231fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011230000" filename = "" Region: id = 576 start_va = 0x9f20000 end_va = 0x9f2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009f20000" filename = "" Region: id = 577 start_va = 0x9f20000 end_va = 0x9f20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009f20000" filename = "" Region: id = 578 start_va = 0x9f00000 end_va = 0x9f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f00000" filename = "" Region: id = 579 start_va = 0x9f10000 end_va = 0x9f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f10000" filename = "" Region: id = 580 start_va = 0x9f20000 end_va = 0x9f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f20000" filename = "" Region: id = 581 start_va = 0x9f20000 end_va = 0x9f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f20000" filename = "" Region: id = 582 start_va = 0x9f20000 end_va = 0x9f20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009f20000" filename = "" Region: id = 583 start_va = 0xfc70000 end_va = 0xfd43fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 584 start_va = 0x9f20000 end_va = 0x9f2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009f20000" filename = "" Region: id = 585 start_va = 0x71200000 end_va = 0x71212fff monitored = 0 entry_point = 0x71209950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 586 start_va = 0x70230000 end_va = 0x7025efff monitored = 0 entry_point = 0x702495e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 587 start_va = 0x6a620000 end_va = 0x6a629fff monitored = 0 entry_point = 0x6a6228d0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Thread: id = 1 os_tid = 0x1248 Thread: id = 2 os_tid = 0x1228 Thread: id = 3 os_tid = 0x1224 Thread: id = 4 os_tid = 0x1220 Thread: id = 5 os_tid = 0x121c Thread: id = 6 os_tid = 0x1214 Thread: id = 7 os_tid = 0x120c Thread: id = 8 os_tid = 0x1208 Thread: id = 9 os_tid = 0x11f4 Thread: id = 10 os_tid = 0x11f0 Thread: id = 11 os_tid = 0x11ec Thread: id = 12 os_tid = 0x11e8 Thread: id = 13 os_tid = 0x11e4 Thread: id = 14 os_tid = 0x11dc Thread: id = 15 os_tid = 0x11d8 Thread: id = 16 os_tid = 0x12d0 Thread: id = 17 os_tid = 0x12d4 Thread: id = 18 os_tid = 0x12d8 Thread: id = 19 os_tid = 0x12e0