# Flog Txt Version 1 # Analyzer Version: 2024.3.1 # Analyzer Build Date: Jun 10 2024 06:30:57 # Log Creation Date: 30.06.2024 05:56:23.992 Process: id = "1" image_name = "implosions.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\implosions.exe" page_root = "0x20476000" os_pid = "0x11cc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x438" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\Implosions.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2c9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 121 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 122 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 123 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 124 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 125 start_va = 0x340000 end_va = 0x35dfff monitored = 1 entry_point = 0x74d47cef region_type = mapped_file name = "implosions.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Implosions.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\implosions.exe") Region: id = 126 start_va = 0x360000 end_va = 0x361fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 127 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 128 start_va = 0x773b0000 end_va = 0x7752afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 129 start_va = 0x7f0d0000 end_va = 0x7f0f2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f0d0000" filename = "" Region: id = 130 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 131 start_va = 0x7fff0000 end_va = 0x7ff8e269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 132 start_va = 0x7ff8e26a0000 end_va = 0x7ff8e2860fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 133 start_va = 0x7ff8e2861000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff8e2861000" filename = "" Region: id = 272 start_va = 0x1c0000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 273 start_va = 0x66530000 end_va = 0x6657ffff monitored = 0 entry_point = 0x66548180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 274 start_va = 0x66580000 end_va = 0x665f9fff monitored = 0 entry_point = 0x66593290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 275 start_va = 0x74ed0000 end_va = 0x74faffff monitored = 0 entry_point = 0x74ee3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 276 start_va = 0x66520000 end_va = 0x66527fff monitored = 0 entry_point = 0x665217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 277 start_va = 0x600000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 278 start_va = 0x705c0000 end_va = 0x70618fff monitored = 1 entry_point = 0x705d0780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 279 start_va = 0x74ed0000 end_va = 0x74faffff monitored = 0 entry_point = 0x74ee3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 280 start_va = 0x745c0000 end_va = 0x7473dfff monitored = 0 entry_point = 0x74671b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 281 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 282 start_va = 0x7efd0000 end_va = 0x7f0cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efd0000" filename = "" Region: id = 366 start_va = 0x1c0000 end_va = 0x27dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 367 start_va = 0x330000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 368 start_va = 0x360000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 369 start_va = 0x74030000 end_va = 0x740c1fff monitored = 0 entry_point = 0x74070380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 370 start_va = 0x7ec20000 end_va = 0x7efc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 371 start_va = 0x360000 end_va = 0x363fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 372 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 373 start_va = 0x749e0000 end_va = 0x74a5afff monitored = 0 entry_point = 0x749fe970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 374 start_va = 0x74150000 end_va = 0x7420dfff monitored = 0 entry_point = 0x74185630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 375 start_va = 0x280000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 376 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 377 start_va = 0x760000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 378 start_va = 0x75610000 end_va = 0x75653fff monitored = 0 entry_point = 0x75629d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 379 start_va = 0x747a0000 end_va = 0x7484cfff monitored = 0 entry_point = 0x747b4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 380 start_va = 0x740e0000 end_va = 0x740fdfff monitored = 0 entry_point = 0x740eb640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 381 start_va = 0x740d0000 end_va = 0x740d9fff monitored = 0 entry_point = 0x740d2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 382 start_va = 0x75b60000 end_va = 0x75bb7fff monitored = 0 entry_point = 0x75ba25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 383 start_va = 0x860000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 384 start_va = 0x6f9a0000 end_va = 0x6fa1cfff monitored = 1 entry_point = 0x6f9b0db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 385 start_va = 0x75e60000 end_va = 0x75ea4fff monitored = 0 entry_point = 0x75e7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 386 start_va = 0x74ab0000 end_va = 0x74c6cfff monitored = 0 entry_point = 0x74b92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 387 start_va = 0x74460000 end_va = 0x745aefff monitored = 0 entry_point = 0x74516820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 388 start_va = 0x75c60000 end_va = 0x75da6fff monitored = 0 entry_point = 0x75c71cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 389 start_va = 0x370000 end_va = 0x399fff monitored = 0 entry_point = 0x375680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 390 start_va = 0x900000 end_va = 0xa87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 391 start_va = 0x74c70000 end_va = 0x74c9afff monitored = 0 entry_point = 0x74c75680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 392 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 393 start_va = 0x2c0000 end_va = 0x2c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 394 start_va = 0xa90000 end_va = 0xc10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 395 start_va = 0xc20000 end_va = 0x201ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 396 start_va = 0x370000 end_va = 0x387fff monitored = 1 entry_point = 0x74d77cef region_type = mapped_file name = "implosions.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Implosions.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\implosions.exe") Region: id = 397 start_va = 0x75eb0000 end_va = 0x75ebbfff monitored = 0 entry_point = 0x75eb3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 398 start_va = 0x370000 end_va = 0x387fff monitored = 1 entry_point = 0x74d77cef region_type = mapped_file name = "implosions.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Implosions.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\implosions.exe") Region: id = 399 start_va = 0x370000 end_va = 0x375fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscoreeis.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreeis.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreeis.dll") Region: id = 400 start_va = 0x6f900000 end_va = 0x6f991fff monitored = 0 entry_point = 0x6f90dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 401 start_va = 0x2020000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 402 start_va = 0x2110000 end_va = 0x2601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002110000" filename = "" Region: id = 403 start_va = 0x2610000 end_va = 0x364ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 404 start_va = 0x73fb0000 end_va = 0x74024fff monitored = 0 entry_point = 0x73fe9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 405 start_va = 0x3650000 end_va = 0x373ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003650000" filename = "" Region: id = 406 start_va = 0x742f0000 end_va = 0x7440efff monitored = 0 entry_point = 0x74335980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 407 start_va = 0x380000 end_va = 0x380fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 408 start_va = 0x2020000 end_va = 0x20dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 409 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 410 start_va = 0x380000 end_va = 0x383fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 411 start_va = 0x73f90000 end_va = 0x73facfff monitored = 0 entry_point = 0x73f93b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 412 start_va = 0x390000 end_va = 0x394fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 413 start_va = 0x3a0000 end_va = 0x3a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 414 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 415 start_va = 0x74ca0000 end_va = 0x74d2cfff monitored = 0 entry_point = 0x74ce9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 416 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 417 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 418 start_va = 0x860000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 419 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 420 start_va = 0x3740000 end_va = 0x3a76fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 421 start_va = 0x772c0000 end_va = 0x773aafff monitored = 0 entry_point = 0x772fd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 422 start_va = 0x3650000 end_va = 0x36e0fff monitored = 0 entry_point = 0x3688cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 423 start_va = 0x3730000 end_va = 0x373ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003730000" filename = "" Region: id = 424 start_va = 0x75ec0000 end_va = 0x772befff monitored = 0 entry_point = 0x7607b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 425 start_va = 0x74410000 end_va = 0x74446fff monitored = 0 entry_point = 0x74413b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 426 start_va = 0x75660000 end_va = 0x75b58fff monitored = 0 entry_point = 0x75867610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 427 start_va = 0x74a60000 end_va = 0x74aa3fff monitored = 0 entry_point = 0x74a67410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 428 start_va = 0x74fb0000 end_va = 0x74fbefff monitored = 0 entry_point = 0x74fb2e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 429 start_va = 0x2d0000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 430 start_va = 0x3a80000 end_va = 0x3b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a80000" filename = "" Region: id = 431 start_va = 0x6fa20000 end_va = 0x6fb6afff monitored = 0 entry_point = 0x6fa81660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 432 start_va = 0x75bc0000 end_va = 0x75c51fff monitored = 0 entry_point = 0x75bf8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 433 start_va = 0x700000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 434 start_va = 0x3650000 end_va = 0x368ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003650000" filename = "" Region: id = 435 start_va = 0x3b80000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b80000" filename = "" Region: id = 436 start_va = 0x3c80000 end_va = 0x3d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c80000" filename = "" Region: id = 437 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 438 start_va = 0x3690000 end_va = 0x36cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003690000" filename = "" Region: id = 439 start_va = 0x3d80000 end_va = 0x3e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 440 start_va = 0x74d30000 end_va = 0x74db3fff monitored = 0 entry_point = 0x74d56220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 441 start_va = 0x6ffd0000 end_va = 0x701ebfff monitored = 0 entry_point = 0x7019bc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 442 start_va = 0x73d90000 end_va = 0x73f0dfff monitored = 0 entry_point = 0x73e0c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 443 start_va = 0x73830000 end_va = 0x73afafff monitored = 0 entry_point = 0x73a6c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 444 start_va = 0x3f0000 end_va = 0x3f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 445 start_va = 0x72c90000 end_va = 0x73828fff monitored = 0 entry_point = 0x72e66970 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 446 start_va = 0x310000 end_va = 0x311fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 447 start_va = 0x72a80000 end_va = 0x72c8efff monitored = 0 entry_point = 0x72b2b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 448 start_va = 0x740000 end_va = 0x740fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 449 start_va = 0x320000 end_va = 0x321fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 450 start_va = 0x70c30000 end_va = 0x70c39fff monitored = 0 entry_point = 0x70c33200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 451 start_va = 0x6fb70000 end_va = 0x6fba2fff monitored = 0 entry_point = 0x6fb80e70 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 452 start_va = 0x73b80000 end_va = 0x73d8cfff monitored = 0 entry_point = 0x73c6acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 453 start_va = 0x740000 end_va = 0x743fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 454 start_va = 0x750000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 455 start_va = 0x8e0000 end_va = 0x8effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 456 start_va = 0x6ef80000 end_va = 0x6f8fcfff monitored = 0 entry_point = 0x6f14c930 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\SysWOW64\\twinui.dll" (normalized: "c:\\windows\\syswow64\\twinui.dll") Region: id = 457 start_va = 0x707a0000 end_va = 0x7086cfff monitored = 0 entry_point = 0x707f29c0 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll") Region: id = 458 start_va = 0x6fbb0000 end_va = 0x6fc77fff monitored = 0 entry_point = 0x6fc1ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 459 start_va = 0x73b50000 end_va = 0x73b6afff monitored = 0 entry_point = 0x73b59050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 460 start_va = 0x6edf0000 end_va = 0x6ef76fff monitored = 0 entry_point = 0x6ee32a50 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\SysWOW64\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\syswow64\\windows.ui.immersive.dll") Region: id = 461 start_va = 0x20e0000 end_va = 0x20e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020e0000" filename = "" Region: id = 462 start_va = 0x6ec00000 end_va = 0x6edeefff monitored = 0 entry_point = 0x6eca26d0 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\SysWOW64\\twinui.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinui.appcore.dll") Region: id = 463 start_va = 0x36d0000 end_va = 0x370ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036d0000" filename = "" Region: id = 464 start_va = 0x3e80000 end_va = 0x3f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Region: id = 465 start_va = 0x6e9b0000 end_va = 0x6ea25fff monitored = 0 entry_point = 0x6e9f70d0 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\SysWOW64\\CoreMessaging.dll" (normalized: "c:\\windows\\syswow64\\coremessaging.dll") Region: id = 466 start_va = 0x6ea30000 end_va = 0x6ebf5fff monitored = 0 entry_point = 0x6ea76120 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\SysWOW64\\CoreUIComponents.dll" (normalized: "c:\\windows\\syswow64\\coreuicomponents.dll") Region: id = 567 start_va = 0x705b0000 end_va = 0x705bbfff monitored = 0 entry_point = 0x705b72b0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\SysWOW64\\execmodelproxy.dll" (normalized: "c:\\windows\\syswow64\\execmodelproxy.dll") Region: id = 749 start_va = 0x2110000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 750 start_va = 0x2150000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 758 start_va = 0x6e8e0000 end_va = 0x6e9affff monitored = 0 entry_point = 0x6e945b20 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\SysWOW64\\MrmCoreR.dll" (normalized: "c:\\windows\\syswow64\\mrmcorer.dll") Region: id = 759 start_va = 0x6e860000 end_va = 0x6e8dafff monitored = 0 entry_point = 0x6e89a540 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\SysWOW64\\Windows.UI.dll" (normalized: "c:\\windows\\syswow64\\windows.ui.dll") Region: id = 760 start_va = 0x2250000 end_va = 0x227dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002250000" filename = "" Region: id = 761 start_va = 0x6e800000 end_va = 0x6e851fff monitored = 0 entry_point = 0x6e828290 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\SysWOW64\\BCP47Langs.dll" (normalized: "c:\\windows\\syswow64\\bcp47langs.dll") Region: id = 762 start_va = 0x2280000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 763 start_va = 0x22c0000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 764 start_va = 0x3f80000 end_va = 0x4471fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f80000" filename = "" Region: id = 765 start_va = 0x20e0000 end_va = 0x20e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020e0000" filename = "" Region: id = 766 start_va = 0x23c0000 end_va = 0x2400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023c0000" filename = "" Region: id = 767 start_va = 0x2d0000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 768 start_va = 0x23c0000 end_va = 0x24bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 769 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 771 start_va = 0x6ffd0000 end_va = 0x701ebfff monitored = 0 entry_point = 0x7019bc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 772 start_va = 0x72c90000 end_va = 0x73828fff monitored = 0 entry_point = 0x72e66970 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 773 start_va = 0x20e0000 end_va = 0x20e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020e0000" filename = "" Region: id = 774 start_va = 0x6ef80000 end_va = 0x6f8fcfff monitored = 0 entry_point = 0x6f14c930 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\SysWOW64\\twinui.dll" (normalized: "c:\\windows\\syswow64\\twinui.dll") Region: id = 775 start_va = 0x707a0000 end_va = 0x7086cfff monitored = 0 entry_point = 0x707f29c0 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll") Region: id = 776 start_va = 0x6edf0000 end_va = 0x6ef76fff monitored = 0 entry_point = 0x6ee32a50 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\SysWOW64\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\syswow64\\windows.ui.immersive.dll") Region: id = 777 start_va = 0x6fbb0000 end_va = 0x6fc77fff monitored = 0 entry_point = 0x6fc1ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 778 start_va = 0x20f0000 end_va = 0x20f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020f0000" filename = "" Region: id = 779 start_va = 0x6ec00000 end_va = 0x6edeefff monitored = 0 entry_point = 0x6eca26d0 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\SysWOW64\\twinui.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinui.appcore.dll") Region: id = 780 start_va = 0x6eb80000 end_va = 0x6ebf5fff monitored = 0 entry_point = 0x6ebc70d0 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\SysWOW64\\CoreMessaging.dll" (normalized: "c:\\windows\\syswow64\\coremessaging.dll") Region: id = 781 start_va = 0x6e9b0000 end_va = 0x6eb75fff monitored = 0 entry_point = 0x6e9f6120 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\SysWOW64\\CoreUIComponents.dll" (normalized: "c:\\windows\\syswow64\\coreuicomponents.dll") Region: id = 782 start_va = 0x705b0000 end_va = 0x705bbfff monitored = 0 entry_point = 0x705b72b0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\SysWOW64\\execmodelproxy.dll" (normalized: "c:\\windows\\syswow64\\execmodelproxy.dll") Region: id = 801 start_va = 0x6e860000 end_va = 0x6e8dafff monitored = 0 entry_point = 0x6e89a540 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\SysWOW64\\Windows.UI.dll" (normalized: "c:\\windows\\syswow64\\windows.ui.dll") Thread: id = 1 os_tid = 0x11c4 Thread: id = 6 os_tid = 0x1280 Thread: id = 7 os_tid = 0x131c Thread: id = 8 os_tid = 0x12f8 Thread: id = 9 os_tid = 0x12f4 Thread: id = 10 os_tid = 0x12f0 Thread: id = 11 os_tid = 0xd44 Thread: id = 36 os_tid = 0xe44 Thread: id = 38 os_tid = 0xd24 Thread: id = 39 os_tid = 0x1014 Process: id = "2" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x23e54000" os_pid = "0x12c0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x11cc" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2c9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 283 start_va = 0x3c00000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 284 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 285 start_va = 0x5b03b80000 end_va = 0x5b03bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b03b80000" filename = "" Region: id = 286 start_va = 0x5b03c00000 end_va = 0x5b03dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b03c00000" filename = "" Region: id = 287 start_va = 0x1c61e8a0000 end_va = 0x1c61e8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61e8a0000" filename = "" Region: id = 288 start_va = 0x1c61e8c0000 end_va = 0x1c61e8d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61e8c0000" filename = "" Region: id = 289 start_va = 0x7df5ff370000 end_va = 0x7ff5ff36ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff370000" filename = "" Region: id = 290 start_va = 0x7ff75d490000 end_va = 0x7ff75d4b2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff75d490000" filename = "" Region: id = 291 start_va = 0x7ff75dec0000 end_va = 0x7ff75ded0fff monitored = 0 entry_point = 0x7ff75dec16b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 292 start_va = 0x7ff8e26a0000 end_va = 0x7ff8e2860fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 293 start_va = 0x1c61e8e0000 end_va = 0x1c61ea0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61e8e0000" filename = "" Region: id = 294 start_va = 0x7ff8e1c80000 end_va = 0x7ff8e1d2cfff monitored = 0 entry_point = 0x7ff8e1c981a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 295 start_va = 0x7ff8dee00000 end_va = 0x7ff8defe7fff monitored = 0 entry_point = 0x7ff8dee2ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 296 start_va = 0x1c61e8a0000 end_va = 0x1c61e8affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61e8a0000" filename = "" Region: id = 297 start_va = 0x7ff75d390000 end_va = 0x7ff75d48ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff75d390000" filename = "" Region: id = 298 start_va = 0x1c61ea10000 end_va = 0x1c61eacdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 299 start_va = 0x7ff8e20d0000 end_va = 0x7ff8e216cfff monitored = 0 entry_point = 0x7ff8e20d78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 300 start_va = 0x5b03bc0000 end_va = 0x5b03bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b03bc0000" filename = "" Region: id = 301 start_va = 0x1c61ead0000 end_va = 0x1c61ebaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61ead0000" filename = "" Region: id = 302 start_va = 0x1c61e8b0000 end_va = 0x1c61e8b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61e8b0000" filename = "" Region: id = 303 start_va = 0x7ff8d6110000 end_va = 0x7ff8d6168fff monitored = 0 entry_point = 0x7ff8d611fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 304 start_va = 0x1c61e8e0000 end_va = 0x1c61e8e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61e8e0000" filename = "" Region: id = 305 start_va = 0x1c61e910000 end_va = 0x1c61ea0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61e910000" filename = "" Region: id = 306 start_va = 0x7ff8e2420000 end_va = 0x7ff8e269cfff monitored = 0 entry_point = 0x7ff8e24f4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 307 start_va = 0x7ff8e14a0000 end_va = 0x7ff8e15bbfff monitored = 0 entry_point = 0x7ff8e14e02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 308 start_va = 0x7ff8df3e0000 end_va = 0x7ff8df449fff monitored = 0 entry_point = 0x7ff8df416d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 309 start_va = 0x7ff8e1150000 end_va = 0x7ff8e12a5fff monitored = 0 entry_point = 0x7ff8e115a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 310 start_va = 0x7ff8e2290000 end_va = 0x7ff8e2415fff monitored = 0 entry_point = 0x7ff8e22dffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 311 start_va = 0x1c61e8f0000 end_va = 0x1c61e8f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61e8f0000" filename = "" Region: id = 312 start_va = 0x7ff8e1000000 end_va = 0x7ff8e1142fff monitored = 0 entry_point = 0x7ff8e1028210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 313 start_va = 0x7ff8e1440000 end_va = 0x7ff8e149afff monitored = 0 entry_point = 0x7ff8e14538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 314 start_va = 0x7ff8e2090000 end_va = 0x7ff8e20cafff monitored = 0 entry_point = 0x7ff8e20912f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 315 start_va = 0x7ff8e15c0000 end_va = 0x7ff8e1680fff monitored = 0 entry_point = 0x7ff8e15e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 316 start_va = 0x7ff8dd150000 end_va = 0x7ff8dd2d5fff monitored = 0 entry_point = 0x7ff8dd19d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 317 start_va = 0x1c61e900000 end_va = 0x1c61e900fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61e900000" filename = "" Region: id = 318 start_va = 0x1c61ead0000 end_va = 0x1c61ead0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61ead0000" filename = "" Region: id = 319 start_va = 0x1c61eba0000 end_va = 0x1c61ebaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61eba0000" filename = "" Region: id = 320 start_va = 0x1c61ebb0000 end_va = 0x1c61ed37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61ebb0000" filename = "" Region: id = 321 start_va = 0x1c61ed40000 end_va = 0x1c61eec0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61ed40000" filename = "" Region: id = 322 start_va = 0x1c61eed0000 end_va = 0x1c6202cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61eed0000" filename = "" Region: id = 323 start_va = 0x1c61eae0000 end_va = 0x1c61eb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61eae0000" filename = "" Region: id = 324 start_va = 0x5b03e00000 end_va = 0x5b03e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b03e00000" filename = "" Region: id = 325 start_va = 0x7ff8dfaa0000 end_va = 0x7ff8e0ffefff monitored = 0 entry_point = 0x7ff8dfc011f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 326 start_va = 0x7ff8df140000 end_va = 0x7ff8df182fff monitored = 0 entry_point = 0x7ff8df154b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 327 start_va = 0x7ff8df450000 end_va = 0x7ff8dfa93fff monitored = 0 entry_point = 0x7ff8df6164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 328 start_va = 0x7ff8e2170000 end_va = 0x7ff8e2216fff monitored = 0 entry_point = 0x7ff8e21858d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 329 start_va = 0x7ff8e1d30000 end_va = 0x7ff8e1d81fff monitored = 0 entry_point = 0x7ff8e1d3f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 330 start_va = 0x7ff8decf0000 end_va = 0x7ff8decfefff monitored = 0 entry_point = 0x7ff8decf3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 331 start_va = 0x7ff8deff0000 end_va = 0x7ff8df0a4fff monitored = 0 entry_point = 0x7ff8df0322e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 332 start_va = 0x7ff8ded00000 end_va = 0x7ff8ded4afff monitored = 0 entry_point = 0x7ff8ded035f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 333 start_va = 0x7ff8decd0000 end_va = 0x7ff8dece3fff monitored = 0 entry_point = 0x7ff8decd52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 334 start_va = 0x7ff8dd640000 end_va = 0x7ff8dd6d5fff monitored = 0 entry_point = 0x7ff8dd665570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 335 start_va = 0x1c6202d0000 end_va = 0x1c62041ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c6202d0000" filename = "" Region: id = 336 start_va = 0x1c620420000 end_va = 0x1c620756fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 337 start_va = 0x1c620760000 end_va = 0x1c620975fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c620760000" filename = "" Region: id = 338 start_va = 0x1c620980000 end_va = 0x1c620b9efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c620980000" filename = "" Region: id = 339 start_va = 0x1c6202d0000 end_va = 0x1c6203e5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c6202d0000" filename = "" Region: id = 340 start_va = 0x1c620410000 end_va = 0x1c62041ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c620410000" filename = "" Region: id = 341 start_va = 0x1c620ba0000 end_va = 0x1c620db1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c620ba0000" filename = "" Region: id = 342 start_va = 0x1c620dc0000 end_va = 0x1c620ed7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c620dc0000" filename = "" Region: id = 343 start_va = 0x5b03e40000 end_va = 0x5b03e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b03e40000" filename = "" Region: id = 344 start_va = 0x7ff8e1e40000 end_va = 0x7ff8e1f99fff monitored = 0 entry_point = 0x7ff8e1e838e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 345 start_va = 0x1c61eae0000 end_va = 0x1c61eae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61eae0000" filename = "" Region: id = 346 start_va = 0x1c61eb10000 end_va = 0x1c61eb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61eb10000" filename = "" Region: id = 347 start_va = 0x1c620ee0000 end_va = 0x1c620f9bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c620ee0000" filename = "" Region: id = 348 start_va = 0x1c61eae0000 end_va = 0x1c61eae3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61eae0000" filename = "" Region: id = 349 start_va = 0x7ff8dc540000 end_va = 0x7ff8dc561fff monitored = 0 entry_point = 0x7ff8dc541a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 350 start_va = 0x7ff8dd340000 end_va = 0x7ff8dd352fff monitored = 0 entry_point = 0x7ff8dd342760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 351 start_va = 0x7ff8dead0000 end_va = 0x7ff8deb25fff monitored = 0 entry_point = 0x7ff8deae0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 352 start_va = 0x1c61eaf0000 end_va = 0x1c61eaf6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c61eaf0000" filename = "" Region: id = 353 start_va = 0x1c61eb00000 end_va = 0x1c61eb00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61eb00000" filename = "" Region: id = 354 start_va = 0x1c61eb20000 end_va = 0x1c61eb20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61eb20000" filename = "" Region: id = 355 start_va = 0x1c61eb30000 end_va = 0x1c61eb34fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 356 start_va = 0x1c61eb40000 end_va = 0x1c61eb40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 357 start_va = 0x1c61eb50000 end_va = 0x1c61eb51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61eb50000" filename = "" Region: id = 358 start_va = 0x1c620fa0000 end_va = 0x1c621195fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c620fa0000" filename = "" Region: id = 359 start_va = 0x7ff8d4310000 end_va = 0x7ff8d4583fff monitored = 0 entry_point = 0x7ff8d4380400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 360 start_va = 0x1c61eb60000 end_va = 0x1c61eb60fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 361 start_va = 0x1c61eb70000 end_va = 0x1c61eb71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61eb70000" filename = "" Region: id = 362 start_va = 0x1c6211a0000 end_va = 0x1c62127cfff monitored = 0 entry_point = 0x1c6211fe0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 363 start_va = 0x1c61eb60000 end_va = 0x1c61eb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c61eb60000" filename = "" Region: id = 364 start_va = 0x1c6211a0000 end_va = 0x1c62129ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001c6211a0000" filename = "" Region: id = 365 start_va = 0x1c6212a0000 end_va = 0x1c62149efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001c6212a0000" filename = "" Thread: id = 2 os_tid = 0x127c Thread: id = 3 os_tid = 0x12b8 Thread: id = 4 os_tid = 0x12bc Thread: id = 5 os_tid = 0x12cc Process: id = "3" image_name = "sihost.exe" filename = "c:\\windows\\system32\\sihost.exe" page_root = "0x34ddc000" os_pid = "0x55c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x358" cmd_line = "sihost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2c9" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 467 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 468 start_va = 0x2b86ad0000 end_va = 0x2b86b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b86ad0000" filename = "" Region: id = 469 start_va = 0x2b86c00000 end_va = 0x2b86dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b86c00000" filename = "" Region: id = 470 start_va = 0x2b86e00000 end_va = 0x2b86e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b86e00000" filename = "" Region: id = 471 start_va = 0x2b86e80000 end_va = 0x2b86efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b86e80000" filename = "" Region: id = 472 start_va = 0x2b86f80000 end_va = 0x2b86ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b86f80000" filename = "" Region: id = 473 start_va = 0x2b87000000 end_va = 0x2b8707ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87000000" filename = "" Region: id = 474 start_va = 0x2b87080000 end_va = 0x2b870fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87080000" filename = "" Region: id = 475 start_va = 0x2b87180000 end_va = 0x2b871fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87180000" filename = "" Region: id = 476 start_va = 0x2b87200000 end_va = 0x2b8727ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87200000" filename = "" Region: id = 477 start_va = 0x2b87280000 end_va = 0x2b872fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87280000" filename = "" Region: id = 478 start_va = 0x2b87300000 end_va = 0x2b8737ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87300000" filename = "" Region: id = 479 start_va = 0x2b87480000 end_va = 0x2b874fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87480000" filename = "" Region: id = 480 start_va = 0x2b87500000 end_va = 0x2b8757ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87500000" filename = "" Region: id = 481 start_va = 0x2b87580000 end_va = 0x2b875fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87580000" filename = "" Region: id = 482 start_va = 0x2b87600000 end_va = 0x2b8767ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87600000" filename = "" Region: id = 483 start_va = 0x2b87680000 end_va = 0x2b876fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87680000" filename = "" Region: id = 484 start_va = 0x16a381e0000 end_va = 0x16a381effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016a381e0000" filename = "" Region: id = 485 start_va = 0x16a381f0000 end_va = 0x16a381f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a381f0000" filename = "" Region: id = 486 start_va = 0x16a38200000 end_va = 0x16a38214fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016a38200000" filename = "" Region: id = 487 start_va = 0x16a38220000 end_va = 0x16a38223fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016a38220000" filename = "" Region: id = 488 start_va = 0x16a38230000 end_va = 0x16a38231fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a38230000" filename = "" Region: id = 489 start_va = 0x16a38240000 end_va = 0x16a382fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 490 start_va = 0x16a38300000 end_va = 0x16a38306fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a38300000" filename = "" Region: id = 491 start_va = 0x16a38310000 end_va = 0x16a38310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a38310000" filename = "" Region: id = 492 start_va = 0x16a38320000 end_va = 0x16a38320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a38320000" filename = "" Region: id = 493 start_va = 0x16a38330000 end_va = 0x16a38330fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016a38330000" filename = "" Region: id = 494 start_va = 0x16a38340000 end_va = 0x16a38340fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016a38340000" filename = "" Region: id = 495 start_va = 0x16a38350000 end_va = 0x16a3837dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016a38350000" filename = "" Region: id = 496 start_va = 0x16a383c0000 end_va = 0x16a384bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a383c0000" filename = "" Region: id = 497 start_va = 0x16a384c0000 end_va = 0x16a385bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a384c0000" filename = "" Region: id = 498 start_va = 0x16a385e0000 end_va = 0x16a385effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a385e0000" filename = "" Region: id = 499 start_va = 0x16a385f0000 end_va = 0x16a38777fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016a385f0000" filename = "" Region: id = 500 start_va = 0x16a38780000 end_va = 0x16a38900fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016a38780000" filename = "" Region: id = 501 start_va = 0x16a38910000 end_va = 0x16a39d0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016a38910000" filename = "" Region: id = 502 start_va = 0x16a39d10000 end_va = 0x16a39deffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 503 start_va = 0x16a39df0000 end_va = 0x16a39eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a39df0000" filename = "" Region: id = 504 start_va = 0x16a39fa0000 end_va = 0x16a39faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a39fa0000" filename = "" Region: id = 505 start_va = 0x16a39fb0000 end_va = 0x16a3a7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a39fb0000" filename = "" Region: id = 506 start_va = 0x16a3a7b0000 end_va = 0x16a3aae6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 507 start_va = 0x16a3aaf0000 end_va = 0x16a3abeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016a3aaf0000" filename = "" Region: id = 508 start_va = 0x7df5fff50000 end_va = 0x7ff5fff4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fff50000" filename = "" Region: id = 509 start_va = 0x7ff6d2540000 end_va = 0x7ff6d263ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6d2540000" filename = "" Region: id = 510 start_va = 0x7ff6d2640000 end_va = 0x7ff6d2662fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6d2640000" filename = "" Region: id = 511 start_va = 0x7ff6d2f30000 end_va = 0x7ff6d2f45fff monitored = 0 entry_point = 0x7ff6d2f35190 region_type = mapped_file name = "sihost.exe" filename = "\\Windows\\System32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe") Region: id = 512 start_va = 0x7ff8d19a0000 end_va = 0x7ff8d19b0fff monitored = 0 entry_point = 0x7ff8d19a5e90 region_type = mapped_file name = "licensemanagerapi.dll" filename = "\\Windows\\System32\\LicenseManagerApi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll") Region: id = 513 start_va = 0x7ff8d5c80000 end_va = 0x7ff8d5d13fff monitored = 0 entry_point = 0x7ff8d5cb9210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 514 start_va = 0x7ff8d5d20000 end_va = 0x7ff8d5fc2fff monitored = 0 entry_point = 0x7ff8d5d46190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 515 start_va = 0x7ff8d66b0000 end_va = 0x7ff8d66c4fff monitored = 0 entry_point = 0x7ff8d66b1ab0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 516 start_va = 0x7ff8d66d0000 end_va = 0x7ff8d692cfff monitored = 0 entry_point = 0x7ff8d6758610 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 517 start_va = 0x7ff8d6930000 end_va = 0x7ff8d6938fff monitored = 0 entry_point = 0x7ff8d6931480 region_type = mapped_file name = "wpportinglibrary.dll" filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll") Region: id = 518 start_va = 0x7ff8d6940000 end_va = 0x7ff8d69e1fff monitored = 0 entry_point = 0x7ff8d6942b20 region_type = mapped_file name = "sharehost.dll" filename = "\\Windows\\System32\\ShareHost.dll" (normalized: "c:\\windows\\system32\\sharehost.dll") Region: id = 519 start_va = 0x7ff8d69f0000 end_va = 0x7ff8d6a86fff monitored = 0 entry_point = 0x7ff8d6a04fd0 region_type = mapped_file name = "appcontracts.dll" filename = "\\Windows\\System32\\AppContracts.dll" (normalized: "c:\\windows\\system32\\appcontracts.dll") Region: id = 520 start_va = 0x7ff8d6a90000 end_va = 0x7ff8d6a9dfff monitored = 0 entry_point = 0x7ff8d6a92690 region_type = mapped_file name = "notificationplatformcomponent.dll" filename = "\\Windows\\System32\\notificationplatformcomponent.dll" (normalized: "c:\\windows\\system32\\notificationplatformcomponent.dll") Region: id = 521 start_va = 0x7ff8d6aa0000 end_va = 0x7ff8d6ae3fff monitored = 0 entry_point = 0x7ff8d6aac010 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 522 start_va = 0x7ff8d6b70000 end_va = 0x7ff8d6b92fff monitored = 0 entry_point = 0x7ff8d6b73020 region_type = mapped_file name = "appointmentactivation.dll" filename = "\\Windows\\System32\\AppointmentActivation.dll" (normalized: "c:\\windows\\system32\\appointmentactivation.dll") Region: id = 523 start_va = 0x7ff8d6ba0000 end_va = 0x7ff8d6bfcfff monitored = 0 entry_point = 0x7ff8d6bb0080 region_type = mapped_file name = "activationmanager.dll" filename = "\\Windows\\System32\\ActivationManager.dll" (normalized: "c:\\windows\\system32\\activationmanager.dll") Region: id = 524 start_va = 0x7ff8d6c00000 end_va = 0x7ff8d6c30fff monitored = 0 entry_point = 0x7ff8d6c03400 region_type = mapped_file name = "clipboardserver.dll" filename = "\\Windows\\System32\\ClipboardServer.dll" (normalized: "c:\\windows\\system32\\clipboardserver.dll") Region: id = 525 start_va = 0x7ff8d6cb0000 end_va = 0x7ff8d6cfafff monitored = 0 entry_point = 0x7ff8d6cc7b70 region_type = mapped_file name = "veeventdispatcher.dll" filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll") Region: id = 526 start_va = 0x7ff8d6d00000 end_va = 0x7ff8d6dd9fff monitored = 0 entry_point = 0x7ff8d6d503b0 region_type = mapped_file name = "modernexecserver.dll" filename = "\\Windows\\System32\\modernexecserver.dll" (normalized: "c:\\windows\\system32\\modernexecserver.dll") Region: id = 527 start_va = 0x7ff8d6de0000 end_va = 0x7ff8d6df1fff monitored = 0 entry_point = 0x7ff8d6de5110 region_type = mapped_file name = "windows.shell.servicehostbuilder.dll" filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll") Region: id = 528 start_va = 0x7ff8d6e00000 end_va = 0x7ff8d6e1dfff monitored = 0 entry_point = 0x7ff8d6e05340 region_type = mapped_file name = "desktopshellext.dll" filename = "\\Windows\\System32\\DesktopShellExt.dll" (normalized: "c:\\windows\\system32\\desktopshellext.dll") Region: id = 529 start_va = 0x7ff8d6f50000 end_va = 0x7ff8d71d7fff monitored = 0 entry_point = 0x7ff8d6faf670 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 530 start_va = 0x7ff8d88d0000 end_va = 0x7ff8d8910fff monitored = 0 entry_point = 0x7ff8d88d4840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 531 start_va = 0x7ff8da9a0000 end_va = 0x7ff8daa31fff monitored = 0 entry_point = 0x7ff8da9ea780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 532 start_va = 0x7ff8daac0000 end_va = 0x7ff8dabf5fff monitored = 0 entry_point = 0x7ff8daaef350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 533 start_va = 0x7ff8daf20000 end_va = 0x7ff8daf2ffff monitored = 0 entry_point = 0x7ff8daf22c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 534 start_va = 0x7ff8dc540000 end_va = 0x7ff8dc561fff monitored = 0 entry_point = 0x7ff8dc541a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 535 start_va = 0x7ff8dc590000 end_va = 0x7ff8dc64dfff monitored = 0 entry_point = 0x7ff8dc5d2d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 536 start_va = 0x7ff8dcbf0000 end_va = 0x7ff8dd082fff monitored = 0 entry_point = 0x7ff8dcbff760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 537 start_va = 0x7ff8dd640000 end_va = 0x7ff8dd6d5fff monitored = 0 entry_point = 0x7ff8dd665570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 538 start_va = 0x7ff8dd8b0000 end_va = 0x7ff8dd9affff monitored = 0 entry_point = 0x7ff8dd8f0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 539 start_va = 0x7ff8dda40000 end_va = 0x7ff8dda69fff monitored = 0 entry_point = 0x7ff8dda48b90 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 540 start_va = 0x7ff8de1b0000 end_va = 0x7ff8de1e0fff monitored = 0 entry_point = 0x7ff8de1b7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 541 start_va = 0x7ff8de2d0000 end_va = 0x7ff8de303fff monitored = 0 entry_point = 0x7ff8de2eae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 542 start_va = 0x7ff8de640000 end_va = 0x7ff8de656fff monitored = 0 entry_point = 0x7ff8de6479d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 543 start_va = 0x7ff8de760000 end_va = 0x7ff8de76afff monitored = 0 entry_point = 0x7ff8de7619a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 544 start_va = 0x7ff8deb50000 end_va = 0x7ff8deb78fff monitored = 0 entry_point = 0x7ff8deb64530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 545 start_va = 0x7ff8decd0000 end_va = 0x7ff8dece3fff monitored = 0 entry_point = 0x7ff8decd52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 546 start_va = 0x7ff8decf0000 end_va = 0x7ff8decfefff monitored = 0 entry_point = 0x7ff8decf3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 547 start_va = 0x7ff8ded00000 end_va = 0x7ff8ded4afff monitored = 0 entry_point = 0x7ff8ded035f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 548 start_va = 0x7ff8dee00000 end_va = 0x7ff8defe7fff monitored = 0 entry_point = 0x7ff8dee2ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 549 start_va = 0x7ff8deff0000 end_va = 0x7ff8df0a4fff monitored = 0 entry_point = 0x7ff8df0322e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 550 start_va = 0x7ff8df140000 end_va = 0x7ff8df182fff monitored = 0 entry_point = 0x7ff8df154b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 551 start_va = 0x7ff8df3e0000 end_va = 0x7ff8df449fff monitored = 0 entry_point = 0x7ff8df416d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 552 start_va = 0x7ff8df450000 end_va = 0x7ff8dfa93fff monitored = 0 entry_point = 0x7ff8df6164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 553 start_va = 0x7ff8e1000000 end_va = 0x7ff8e1142fff monitored = 0 entry_point = 0x7ff8e1028210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 554 start_va = 0x7ff8e1150000 end_va = 0x7ff8e12a5fff monitored = 0 entry_point = 0x7ff8e115a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 555 start_va = 0x7ff8e1440000 end_va = 0x7ff8e149afff monitored = 0 entry_point = 0x7ff8e14538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 556 start_va = 0x7ff8e14a0000 end_va = 0x7ff8e15bbfff monitored = 0 entry_point = 0x7ff8e14e02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 557 start_va = 0x7ff8e15c0000 end_va = 0x7ff8e1680fff monitored = 0 entry_point = 0x7ff8e15e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 558 start_va = 0x7ff8e1c80000 end_va = 0x7ff8e1d2cfff monitored = 0 entry_point = 0x7ff8e1c981a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 559 start_va = 0x7ff8e1d30000 end_va = 0x7ff8e1d81fff monitored = 0 entry_point = 0x7ff8e1d3f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 560 start_va = 0x7ff8e1d90000 end_va = 0x7ff8e1e36fff monitored = 0 entry_point = 0x7ff8e1d9b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 561 start_va = 0x7ff8e2090000 end_va = 0x7ff8e20cafff monitored = 0 entry_point = 0x7ff8e20912f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 562 start_va = 0x7ff8e20d0000 end_va = 0x7ff8e216cfff monitored = 0 entry_point = 0x7ff8e20d78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 563 start_va = 0x7ff8e2170000 end_va = 0x7ff8e2216fff monitored = 0 entry_point = 0x7ff8e21858d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 564 start_va = 0x7ff8e2290000 end_va = 0x7ff8e2415fff monitored = 0 entry_point = 0x7ff8e22dffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 565 start_va = 0x7ff8e2420000 end_va = 0x7ff8e269cfff monitored = 0 entry_point = 0x7ff8e24f4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 566 start_va = 0x7ff8e26a0000 end_va = 0x7ff8e2860fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 568 start_va = 0x16a38380000 end_va = 0x16a38380fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016a38380000" filename = "" Region: id = 569 start_va = 0x7ff8d5340000 end_va = 0x7ff8d54f7fff monitored = 0 entry_point = 0x7ff8d53ae630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 570 start_va = 0x2b87700000 end_va = 0x2b8777ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87700000" filename = "" Region: id = 571 start_va = 0x7ff8d90d0000 end_va = 0x7ff8d9451fff monitored = 0 entry_point = 0x7ff8d9121220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 572 start_va = 0x16a38390000 end_va = 0x16a38390fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 573 start_va = 0x7ff6d24c0000 end_va = 0x7ff6d253dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 737 start_va = 0x16a38390000 end_va = 0x16a38390fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 738 start_va = 0x7ff6d24c0000 end_va = 0x7ff6d253dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 747 start_va = 0x16a38390000 end_va = 0x16a38390fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 748 start_va = 0x7ff6d24c0000 end_va = 0x7ff6d253dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 752 start_va = 0x2b87780000 end_va = 0x2b877fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002b87780000" filename = "" Region: id = 755 start_va = 0x7ff8c8550000 end_va = 0x7ff8c85fbfff monitored = 0 entry_point = 0x7ff8c85559c0 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 784 start_va = 0x16a38390000 end_va = 0x16a38390fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 785 start_va = 0x7ff6d24c0000 end_va = 0x7ff6d253dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 786 start_va = 0x16a38390000 end_va = 0x16a38390fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 787 start_va = 0x7ff6d24c0000 end_va = 0x7ff6d253dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 791 start_va = 0x16a38390000 end_va = 0x16a38390fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 792 start_va = 0x7ff6d24c0000 end_va = 0x7ff6d253dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 847 start_va = 0x16a38390000 end_va = 0x16a38390fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 848 start_va = 0x7ff6d24c0000 end_va = 0x7ff6d253dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 866 start_va = 0x16a38390000 end_va = 0x16a38390fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 867 start_va = 0x7ff6d24c0000 end_va = 0x7ff6d253dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Thread: id = 12 os_tid = 0x3ac Thread: id = 13 os_tid = 0xb30 Thread: id = 14 os_tid = 0x76c Thread: id = 15 os_tid = 0xb40 Thread: id = 16 os_tid = 0xaf0 Thread: id = 17 os_tid = 0x5ec Thread: id = 18 os_tid = 0x5e8 Thread: id = 19 os_tid = 0x5dc Thread: id = 20 os_tid = 0x5bc Thread: id = 21 os_tid = 0x5b4 Thread: id = 22 os_tid = 0x5a8 Thread: id = 23 os_tid = 0x5a4 Thread: id = 24 os_tid = 0x580 Thread: id = 25 os_tid = 0x57c Thread: id = 26 os_tid = 0x560 Thread: id = 27 os_tid = 0xd5c Thread: id = 37 os_tid = 0xe90 Process: id = "4" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x32811000" os_pid = "0x660" os_integrity_level = "0x4000" os_privileges = "0x260814080" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k appmodel" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\tiledatamodelsvc" [0xa], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:00013ef3" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 574 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 575 start_va = 0x4f74ea0000 end_va = 0x4f74f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000004f74ea0000" filename = "" Region: id = 576 start_va = 0x4f75000000 end_va = 0x4f751fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000004f75000000" filename = "" Region: id = 577 start_va = 0x4f75800000 end_va = 0x4f7587ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000004f75800000" filename = "" Region: id = 578 start_va = 0x4f75a80000 end_va = 0x4f75b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000004f75a80000" filename = "" Region: id = 579 start_va = 0x4f75b80000 end_va = 0x4f75c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000004f75b80000" filename = "" Region: id = 580 start_va = 0x4f75c80000 end_va = 0x4f75d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000004f75c80000" filename = "" Region: id = 581 start_va = 0x4f75d80000 end_va = 0x4f75e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000004f75d80000" filename = "" Region: id = 582 start_va = 0x4f75e80000 end_va = 0x4f75f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000004f75e80000" filename = "" Region: id = 583 start_va = 0x4f75f80000 end_va = 0x4f7607ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000004f75f80000" filename = "" Region: id = 584 start_va = 0x1678b2b0000 end_va = 0x1678b2bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678b2b0000" filename = "" Region: id = 585 start_va = 0x1678b2c0000 end_va = 0x1678b2c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678b2c0000" filename = "" Region: id = 586 start_va = 0x1678b2d0000 end_va = 0x1678b2e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678b2d0000" filename = "" Region: id = 587 start_va = 0x1678b2f0000 end_va = 0x1678b2f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678b2f0000" filename = "" Region: id = 588 start_va = 0x1678b300000 end_va = 0x1678b300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678b300000" filename = "" Region: id = 589 start_va = 0x1678b310000 end_va = 0x1678b311fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678b310000" filename = "" Region: id = 590 start_va = 0x1678b320000 end_va = 0x1678b3ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 591 start_va = 0x1678b3e0000 end_va = 0x1678b3e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 592 start_va = 0x1678b3f0000 end_va = 0x1678b3f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678b3f0000" filename = "" Region: id = 593 start_va = 0x1678b400000 end_va = 0x1678b4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678b400000" filename = "" Region: id = 594 start_va = 0x1678b500000 end_va = 0x1678b5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678b500000" filename = "" Region: id = 595 start_va = 0x1678b600000 end_va = 0x1678b787fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678b600000" filename = "" Region: id = 596 start_va = 0x1678b790000 end_va = 0x1678b910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678b790000" filename = "" Region: id = 597 start_va = 0x1678b920000 end_va = 0x1678b9dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678b920000" filename = "" Region: id = 598 start_va = 0x1678b9e0000 end_va = 0x1678b9e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678b9e0000" filename = "" Region: id = 599 start_va = 0x1678b9f0000 end_va = 0x1678b9f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678b9f0000" filename = "" Region: id = 600 start_va = 0x1678ba00000 end_va = 0x1678ba0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 601 start_va = 0x1678ba10000 end_va = 0x1678ba17fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "staterepository-machine.srd-shm" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\StateRepository-Machine.srd-shm" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\staterepository-machine.srd-shm") Region: id = 602 start_va = 0x1678ba20000 end_va = 0x1678ba20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678ba20000" filename = "" Region: id = 603 start_va = 0x1678ba30000 end_va = 0x1678ba3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 604 start_va = 0x1678ba40000 end_va = 0x1678ba40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678ba40000" filename = "" Region: id = 605 start_va = 0x1678ba50000 end_va = 0x1678bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678ba50000" filename = "" Region: id = 606 start_va = 0x1678bb50000 end_va = 0x1678bb56fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678bb50000" filename = "" Region: id = 607 start_va = 0x1678bb60000 end_va = 0x1678bb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678bb60000" filename = "" Region: id = 608 start_va = 0x1678bb70000 end_va = 0x1678bb70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678bb70000" filename = "" Region: id = 609 start_va = 0x1678bb80000 end_va = 0x1678bb80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678bb80000" filename = "" Region: id = 610 start_va = 0x1678bb90000 end_va = 0x1678bb9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678bb90000" filename = "" Region: id = 611 start_va = 0x1678bba0000 end_va = 0x1678bbaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678bba0000" filename = "" Region: id = 612 start_va = 0x1678bbb0000 end_va = 0x1678bbbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678bbb0000" filename = "" Region: id = 613 start_va = 0x1678bbc0000 end_va = 0x1678bbcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678bbc0000" filename = "" Region: id = 614 start_va = 0x1678bbd0000 end_va = 0x1678bbd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678bbd0000" filename = "" Region: id = 615 start_va = 0x1678bbe0000 end_va = 0x1678bbe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678bbe0000" filename = "" Region: id = 616 start_va = 0x1678bbf0000 end_va = 0x1678bbf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678bbf0000" filename = "" Region: id = 617 start_va = 0x1678bc00000 end_va = 0x1678bcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678bc00000" filename = "" Region: id = 618 start_va = 0x1678bd00000 end_va = 0x1678c036fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 619 start_va = 0x1678c040000 end_va = 0x1678c04ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678c040000" filename = "" Region: id = 620 start_va = 0x1678c050000 end_va = 0x1678c05ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678c050000" filename = "" Region: id = 621 start_va = 0x1678c060000 end_va = 0x1678c06ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678c060000" filename = "" Region: id = 622 start_va = 0x1678c070000 end_va = 0x1678c07ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678c070000" filename = "" Region: id = 623 start_va = 0x1678c080000 end_va = 0x1678d07ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678c080000" filename = "" Region: id = 624 start_va = 0x1678d080000 end_va = 0x1678d083fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d080000" filename = "" Region: id = 625 start_va = 0x1678d090000 end_va = 0x1678d091fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d090000" filename = "" Region: id = 626 start_va = 0x1678d0a0000 end_va = 0x1678d0a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d0a0000" filename = "" Region: id = 627 start_va = 0x1678d0b0000 end_va = 0x1678d0cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d0b0000" filename = "" Region: id = 628 start_va = 0x1678d0d0000 end_va = 0x1678d0d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d0d0000" filename = "" Region: id = 629 start_va = 0x1678d0e0000 end_va = 0x1678d0e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d0e0000" filename = "" Region: id = 630 start_va = 0x1678d0f0000 end_va = 0x1678d0fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 631 start_va = 0x1678d100000 end_va = 0x1678d10ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 632 start_va = 0x1678d110000 end_va = 0x1678d11ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 633 start_va = 0x1678d120000 end_va = 0x1678d12ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 634 start_va = 0x1678d130000 end_va = 0x1678d13ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 635 start_va = 0x1678d140000 end_va = 0x1678d14ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 636 start_va = 0x1678d150000 end_va = 0x1678d15ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 637 start_va = 0x1678d160000 end_va = 0x1678d16ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 638 start_va = 0x1678d170000 end_va = 0x1678d17ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 639 start_va = 0x1678d180000 end_va = 0x1678d18ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 640 start_va = 0x1678d190000 end_va = 0x1678d19ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 641 start_va = 0x1678d1a0000 end_va = 0x1678d1affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 642 start_va = 0x1678d1b0000 end_va = 0x1678d1bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 643 start_va = 0x1678d1c0000 end_va = 0x1678d1cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 644 start_va = 0x1678d1d0000 end_va = 0x1678d1dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 645 start_va = 0x1678d1e0000 end_va = 0x1678d1effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 646 start_va = 0x1678d1f0000 end_va = 0x1678d1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d1f0000" filename = "" Region: id = 647 start_va = 0x1678d200000 end_va = 0x1678d20ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 648 start_va = 0x1678d210000 end_va = 0x1678d21ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 649 start_va = 0x1678d220000 end_va = 0x1678d22ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 650 start_va = 0x1678d230000 end_va = 0x1678d23ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 651 start_va = 0x1678d240000 end_va = 0x1678d24ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 652 start_va = 0x1678d250000 end_va = 0x1678d25ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 653 start_va = 0x1678d260000 end_va = 0x1678d26ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 654 start_va = 0x1678d270000 end_va = 0x1678d27ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 655 start_va = 0x1678d280000 end_va = 0x1678d28ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 656 start_va = 0x1678d290000 end_va = 0x1678d29ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 657 start_va = 0x1678d2a0000 end_va = 0x1678d2affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 658 start_va = 0x1678d2b0000 end_va = 0x1678d2bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 659 start_va = 0x1678d2c0000 end_va = 0x1678d2cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 660 start_va = 0x1678d2d0000 end_va = 0x1678d2dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 661 start_va = 0x1678d2e0000 end_va = 0x1678d2effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 662 start_va = 0x1678d2f0000 end_va = 0x1678d2fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 663 start_va = 0x1678d300000 end_va = 0x1678d3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d300000" filename = "" Region: id = 664 start_va = 0x1678d400000 end_va = 0x1678d42dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d400000" filename = "" Region: id = 665 start_va = 0x1678d430000 end_va = 0x1678d43ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 666 start_va = 0x1678d440000 end_va = 0x1678d44ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 667 start_va = 0x1678d450000 end_va = 0x1678d45ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 668 start_va = 0x1678d460000 end_va = 0x1678d46ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 669 start_va = 0x1678d470000 end_va = 0x1678d47ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 670 start_va = 0x1678d480000 end_va = 0x1678d48ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 671 start_va = 0x1678d490000 end_va = 0x1678d49ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 672 start_va = 0x1678d4a0000 end_va = 0x1678d4affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 673 start_va = 0x1678d4b0000 end_va = 0x1678d4bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 674 start_va = 0x1678d4c0000 end_va = 0x1678d4cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 675 start_va = 0x1678d4d0000 end_va = 0x1678d4dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 676 start_va = 0x1678d4e0000 end_va = 0x1678d4effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 677 start_va = 0x1678d4f0000 end_va = 0x1678d4fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 678 start_va = 0x1678d500000 end_va = 0x1678d50ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 679 start_va = 0x1678d510000 end_va = 0x1678d51ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 680 start_va = 0x1678d520000 end_va = 0x1678d52ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 681 start_va = 0x1678d530000 end_va = 0x1678d53ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 682 start_va = 0x1678d540000 end_va = 0x1678d54ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 683 start_va = 0x1678d550000 end_va = 0x1678d55ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 684 start_va = 0x1678d560000 end_va = 0x1678d56ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 685 start_va = 0x1678d570000 end_va = 0x1678d57ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 686 start_va = 0x1678d580000 end_va = 0x1678d58ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 687 start_va = 0x1678d590000 end_va = 0x1678d59ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 688 start_va = 0x1678d5a0000 end_va = 0x1678d5affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 689 start_va = 0x1678d5b0000 end_va = 0x1678d5bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 690 start_va = 0x1678d5c0000 end_va = 0x1678d5cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 691 start_va = 0x1678d5d0000 end_va = 0x1678d5dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 692 start_va = 0x1678d5f0000 end_va = 0x1678d5fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 693 start_va = 0x1678d600000 end_va = 0x1678d6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d600000" filename = "" Region: id = 694 start_va = 0x1678d710000 end_va = 0x1678d710fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d710000" filename = "" Region: id = 695 start_va = 0x7df5ffca0000 end_va = 0x7ff5ffc9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffca0000" filename = "" Region: id = 696 start_va = 0x7ff6ecff0000 end_va = 0x7ff6ed0effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6ecff0000" filename = "" Region: id = 697 start_va = 0x7ff6ed0f0000 end_va = 0x7ff6ed112fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6ed0f0000" filename = "" Region: id = 698 start_va = 0x7ff6ee100000 end_va = 0x7ff6ee10cfff monitored = 0 entry_point = 0x7ff6ee103980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 699 start_va = 0x7ff8d5340000 end_va = 0x7ff8d54f7fff monitored = 0 entry_point = 0x7ff8d53ae630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 700 start_va = 0x7ff8d5500000 end_va = 0x7ff8d57f8fff monitored = 0 entry_point = 0x7ff8d55c7280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 701 start_va = 0x7ff8d5800000 end_va = 0x7ff8d587bfff monitored = 0 entry_point = 0x7ff8d582a970 region_type = mapped_file name = "tileobjserver.dll" filename = "\\Windows\\System32\\tileobjserver.dll" (normalized: "c:\\windows\\system32\\tileobjserver.dll") Region: id = 702 start_va = 0x7ff8d5c80000 end_va = 0x7ff8d5d13fff monitored = 0 entry_point = 0x7ff8d5cb9210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 703 start_va = 0x7ff8d5d20000 end_va = 0x7ff8d5fc2fff monitored = 0 entry_point = 0x7ff8d5d46190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 704 start_va = 0x7ff8d90d0000 end_va = 0x7ff8d9451fff monitored = 0 entry_point = 0x7ff8d9121220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 705 start_va = 0x7ff8da9a0000 end_va = 0x7ff8daa31fff monitored = 0 entry_point = 0x7ff8da9ea780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 706 start_va = 0x7ff8daac0000 end_va = 0x7ff8dabf5fff monitored = 0 entry_point = 0x7ff8daaef350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 707 start_va = 0x7ff8dcbf0000 end_va = 0x7ff8dd082fff monitored = 0 entry_point = 0x7ff8dcbff760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 708 start_va = 0x7ff8dd340000 end_va = 0x7ff8dd352fff monitored = 0 entry_point = 0x7ff8dd342760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 709 start_va = 0x7ff8dde60000 end_va = 0x7ff8ddf53fff monitored = 0 entry_point = 0x7ff8dde6a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 710 start_va = 0x7ff8de2d0000 end_va = 0x7ff8de303fff monitored = 0 entry_point = 0x7ff8de2eae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 711 start_va = 0x7ff8de420000 end_va = 0x7ff8de43efff monitored = 0 entry_point = 0x7ff8de425d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 712 start_va = 0x7ff8de640000 end_va = 0x7ff8de656fff monitored = 0 entry_point = 0x7ff8de6479d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 713 start_va = 0x7ff8de760000 end_va = 0x7ff8de76afff monitored = 0 entry_point = 0x7ff8de7619a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 714 start_va = 0x7ff8de940000 end_va = 0x7ff8de96cfff monitored = 0 entry_point = 0x7ff8de959d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 715 start_va = 0x7ff8dead0000 end_va = 0x7ff8deb25fff monitored = 0 entry_point = 0x7ff8deae0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 716 start_va = 0x7ff8deb50000 end_va = 0x7ff8deb78fff monitored = 0 entry_point = 0x7ff8deb64530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 717 start_va = 0x7ff8decd0000 end_va = 0x7ff8dece3fff monitored = 0 entry_point = 0x7ff8decd52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 718 start_va = 0x7ff8decf0000 end_va = 0x7ff8decfefff monitored = 0 entry_point = 0x7ff8decf3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 719 start_va = 0x7ff8ded00000 end_va = 0x7ff8ded4afff monitored = 0 entry_point = 0x7ff8ded035f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 720 start_va = 0x7ff8dee00000 end_va = 0x7ff8defe7fff monitored = 0 entry_point = 0x7ff8dee2ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 721 start_va = 0x7ff8deff0000 end_va = 0x7ff8df0a4fff monitored = 0 entry_point = 0x7ff8df0322e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 722 start_va = 0x7ff8df140000 end_va = 0x7ff8df182fff monitored = 0 entry_point = 0x7ff8df154b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 723 start_va = 0x7ff8df3e0000 end_va = 0x7ff8df449fff monitored = 0 entry_point = 0x7ff8df416d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 724 start_va = 0x7ff8df450000 end_va = 0x7ff8dfa93fff monitored = 0 entry_point = 0x7ff8df6164b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 725 start_va = 0x7ff8e1150000 end_va = 0x7ff8e12a5fff monitored = 0 entry_point = 0x7ff8e115a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 726 start_va = 0x7ff8e1440000 end_va = 0x7ff8e149afff monitored = 0 entry_point = 0x7ff8e14538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 727 start_va = 0x7ff8e14a0000 end_va = 0x7ff8e15bbfff monitored = 0 entry_point = 0x7ff8e14e02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 728 start_va = 0x7ff8e1c80000 end_va = 0x7ff8e1d2cfff monitored = 0 entry_point = 0x7ff8e1c981a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 729 start_va = 0x7ff8e1d30000 end_va = 0x7ff8e1d81fff monitored = 0 entry_point = 0x7ff8e1d3f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 730 start_va = 0x7ff8e1d90000 end_va = 0x7ff8e1e36fff monitored = 0 entry_point = 0x7ff8e1d9b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 731 start_va = 0x7ff8e20d0000 end_va = 0x7ff8e216cfff monitored = 0 entry_point = 0x7ff8e20d78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 732 start_va = 0x7ff8e2170000 end_va = 0x7ff8e2216fff monitored = 0 entry_point = 0x7ff8e21858d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 733 start_va = 0x7ff8e2290000 end_va = 0x7ff8e2415fff monitored = 0 entry_point = 0x7ff8e22dffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 734 start_va = 0x7ff8e2420000 end_va = 0x7ff8e269cfff monitored = 0 entry_point = 0x7ff8e24f4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 735 start_va = 0x7ff8e26a0000 end_va = 0x7ff8e2860fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 736 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 739 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 740 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 741 start_va = 0x1678d700000 end_va = 0x1678d70ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 742 start_va = 0x1678d720000 end_va = 0x1678d72ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 743 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 744 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 745 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 746 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 751 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 753 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 754 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 756 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 757 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 770 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 783 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 788 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 789 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 790 start_va = 0x1678d720000 end_va = 0x1678d720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d720000" filename = "" Region: id = 793 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 794 start_va = 0x1678d100000 end_va = 0x1678d10ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 795 start_va = 0x1678d110000 end_va = 0x1678d11ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 796 start_va = 0x1678d120000 end_va = 0x1678d120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d120000" filename = "" Region: id = 797 start_va = 0x1678d220000 end_va = 0x1678d220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d220000" filename = "" Region: id = 798 start_va = 0x1678d120000 end_va = 0x1678d120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d120000" filename = "" Region: id = 799 start_va = 0x1678d220000 end_va = 0x1678d220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d220000" filename = "" Region: id = 800 start_va = 0x1678d120000 end_va = 0x1678d12ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 802 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 803 start_va = 0x1678d220000 end_va = 0x1678d220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d220000" filename = "" Region: id = 804 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 805 start_va = 0x1678d220000 end_va = 0x1678d220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d220000" filename = "" Region: id = 806 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 807 start_va = 0x1678d220000 end_va = 0x1678d220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d220000" filename = "" Region: id = 808 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 809 start_va = 0x1678d220000 end_va = 0x1678d22ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 810 start_va = 0x1678d700000 end_va = 0x1678d700fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d700000" filename = "" Region: id = 811 start_va = 0x1678d5e0000 end_va = 0x1678d5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d5e0000" filename = "" Region: id = 812 start_va = 0x1678d700000 end_va = 0x1678d700fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d700000" filename = "" Region: id = 813 start_va = 0x1678d5e0000 end_va = 0x1678d5effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 814 start_va = 0x1678d700000 end_va = 0x1678d700fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d700000" filename = "" Region: id = 815 start_va = 0x1678d720000 end_va = 0x1678d720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d720000" filename = "" Region: id = 816 start_va = 0x1678d700000 end_va = 0x1678d700fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d700000" filename = "" Region: id = 817 start_va = 0x1678d720000 end_va = 0x1678d720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d720000" filename = "" Region: id = 818 start_va = 0x1678d720000 end_va = 0x1678d720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d720000" filename = "" Region: id = 819 start_va = 0x1678d700000 end_va = 0x1678d70ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 820 start_va = 0x1678d720000 end_va = 0x1678d72ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 821 start_va = 0x1678d730000 end_va = 0x1678d730fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d730000" filename = "" Region: id = 822 start_va = 0x1678d730000 end_va = 0x1678d730fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d730000" filename = "" Region: id = 823 start_va = 0x1678d730000 end_va = 0x1678d730fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d730000" filename = "" Region: id = 824 start_va = 0x1678d730000 end_va = 0x1678d73ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 825 start_va = 0x1678d740000 end_va = 0x1678d740fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d740000" filename = "" Region: id = 826 start_va = 0x1678d740000 end_va = 0x1678d740fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d740000" filename = "" Region: id = 827 start_va = 0x1678d740000 end_va = 0x1678d74ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 828 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 829 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 830 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 831 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 832 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 833 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 834 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 835 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 836 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 837 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 838 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 839 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 840 start_va = 0x1678d750000 end_va = 0x1678d750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d750000" filename = "" Region: id = 841 start_va = 0x1678d750000 end_va = 0x1678d75ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 842 start_va = 0x1678d760000 end_va = 0x1678d760fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d760000" filename = "" Region: id = 843 start_va = 0x1678d760000 end_va = 0x1678d76ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 844 start_va = 0x1678d770000 end_va = 0x1678d77ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 845 start_va = 0x1678d780000 end_va = 0x1678d78ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 846 start_va = 0x1678d790000 end_va = 0x1678d79ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 849 start_va = 0x1678d7a0000 end_va = 0x1678d7affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 850 start_va = 0x1678d7b0000 end_va = 0x1678d7bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 851 start_va = 0x1678d7c0000 end_va = 0x1678d7cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 852 start_va = 0x1678d7d0000 end_va = 0x1678d7dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 853 start_va = 0x1678d7e0000 end_va = 0x1678d7e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d7e0000" filename = "" Region: id = 854 start_va = 0x1678d7f0000 end_va = 0x1678d7f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d7f0000" filename = "" Region: id = 855 start_va = 0x1678d7f0000 end_va = 0x1678d7fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 856 start_va = 0x1678d800000 end_va = 0x1678d800fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d800000" filename = "" Region: id = 857 start_va = 0x1678d800000 end_va = 0x1678d800fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d800000" filename = "" Region: id = 858 start_va = 0x1678d800000 end_va = 0x1678d80ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 859 start_va = 0x1678d810000 end_va = 0x1678d810fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d810000" filename = "" Region: id = 860 start_va = 0x1678d810000 end_va = 0x1678d81ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 861 start_va = 0x1678d820000 end_va = 0x1678d82ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 862 start_va = 0x1678d830000 end_va = 0x1678d830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001678d830000" filename = "" Region: id = 863 start_va = 0x1678d840000 end_va = 0x1678d840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d840000" filename = "" Region: id = 864 start_va = 0x1678d840000 end_va = 0x1678d840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d840000" filename = "" Region: id = 865 start_va = 0x1678d840000 end_va = 0x1678d840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001678d840000" filename = "" Region: id = 868 start_va = 0x1678d140000 end_va = 0x1678d14ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 869 start_va = 0x1678d150000 end_va = 0x1678d15ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Thread: id = 28 os_tid = 0x13a4 Thread: id = 29 os_tid = 0x1334 Thread: id = 30 os_tid = 0x3dc Thread: id = 31 os_tid = 0x2a0 Thread: id = 32 os_tid = 0x9b4 Thread: id = 33 os_tid = 0x9dc Thread: id = 34 os_tid = 0x8dc Thread: id = 35 os_tid = 0x664