# Flog Txt Version 1 # Analyzer Version: 2024.2.1 # Analyzer Build Date: Mar 23 2024 12:02:19 # Log Creation Date: 26.05.2024 15:46:55.504 Process: id = "1" image_name = "coalition.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\coalition.exe" page_root = "0x2e5d5000" os_pid = "0xe20" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x560" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\Coalition.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fc8c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 121 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 122 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 123 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 124 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 125 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 126 start_va = 0xc40000 end_va = 0xc6ffff monitored = 1 entry_point = 0x74b47cef region_type = mapped_file name = "coalition.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Coalition.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\coalition.exe") Region: id = 127 start_va = 0xc70000 end_va = 0xc71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 128 start_va = 0x77840000 end_va = 0x779bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 129 start_va = 0x7eb40000 end_va = 0x7eb62fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eb40000" filename = "" Region: id = 130 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 131 start_va = 0x7fff0000 end_va = 0x7ffb56e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 132 start_va = 0x7ffb56e50000 end_va = 0x7ffb57010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 133 start_va = 0x7ffb57011000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb57011000" filename = "" Region: id = 272 start_va = 0x400000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 273 start_va = 0x52570000 end_va = 0x525bffff monitored = 0 entry_point = 0x52588180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 274 start_va = 0x524f0000 end_va = 0x52569fff monitored = 0 entry_point = 0x52503290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 275 start_va = 0x76b60000 end_va = 0x76c3ffff monitored = 0 entry_point = 0x76b73980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 276 start_va = 0x525c0000 end_va = 0x525c7fff monitored = 0 entry_point = 0x525c17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 277 start_va = 0xc80000 end_va = 0xe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 278 start_va = 0x6fec0000 end_va = 0x6ff18fff monitored = 1 entry_point = 0x6fed0780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 279 start_va = 0x76b60000 end_va = 0x76c3ffff monitored = 0 entry_point = 0x76b73980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 280 start_va = 0x771a0000 end_va = 0x7731dfff monitored = 0 entry_point = 0x77251b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 281 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 282 start_va = 0x7ea40000 end_va = 0x7eb3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ea40000" filename = "" Region: id = 283 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 284 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 285 start_va = 0xe30000 end_va = 0x101ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 286 start_va = 0x744c0000 end_va = 0x74551fff monitored = 0 entry_point = 0x74500380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 287 start_va = 0x7e690000 end_va = 0x7ea30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 288 start_va = 0xc70000 end_va = 0xc73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 289 start_va = 0x762c0000 end_va = 0x7633afff monitored = 0 entry_point = 0x762de970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 290 start_va = 0x74ad0000 end_va = 0x74b8dfff monitored = 0 entry_point = 0x74b05630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 291 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 292 start_va = 0x4d0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 293 start_va = 0x76ec0000 end_va = 0x76f03fff monitored = 0 entry_point = 0x76ed9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 294 start_va = 0x76dc0000 end_va = 0x76e6cfff monitored = 0 entry_point = 0x76dd4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 295 start_va = 0x74570000 end_va = 0x7458dfff monitored = 0 entry_point = 0x7457b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 296 start_va = 0x74560000 end_va = 0x74569fff monitored = 0 entry_point = 0x74562a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 297 start_va = 0x745b0000 end_va = 0x74607fff monitored = 0 entry_point = 0x745f25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 298 start_va = 0xc80000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 299 start_va = 0xd30000 end_va = 0xe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 300 start_va = 0x6fe40000 end_va = 0x6febcfff monitored = 1 entry_point = 0x6fe50db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 301 start_va = 0x77320000 end_va = 0x77364fff monitored = 0 entry_point = 0x7733de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 302 start_va = 0x77370000 end_va = 0x7752cfff monitored = 0 entry_point = 0x77452a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 303 start_va = 0x76f10000 end_va = 0x7705efff monitored = 0 entry_point = 0x76fc6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 304 start_va = 0x77580000 end_va = 0x776c6fff monitored = 0 entry_point = 0x77591cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 305 start_va = 0x5d0000 end_va = 0x757fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 306 start_va = 0xc80000 end_va = 0xca9fff monitored = 0 entry_point = 0xc85680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 307 start_va = 0xd20000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 308 start_va = 0x76930000 end_va = 0x7695afff monitored = 0 entry_point = 0x76935680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 309 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 310 start_va = 0x760000 end_va = 0x8e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 311 start_va = 0x8f0000 end_va = 0x8f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 312 start_va = 0x1020000 end_va = 0x241ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001020000" filename = "" Region: id = 313 start_va = 0xc80000 end_va = 0xcaafff monitored = 1 entry_point = 0x74b87cef region_type = mapped_file name = "coalition.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Coalition.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\coalition.exe") Region: id = 314 start_va = 0x74ac0000 end_va = 0x74acbfff monitored = 0 entry_point = 0x74ac3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 315 start_va = 0xc80000 end_va = 0xcaafff monitored = 1 entry_point = 0x74b87cef region_type = mapped_file name = "coalition.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Coalition.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\coalition.exe") Region: id = 316 start_va = 0xc80000 end_va = 0xc85fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscoreeis.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreeis.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreeis.dll") Region: id = 317 start_va = 0x6fda0000 end_va = 0x6fe31fff monitored = 0 entry_point = 0x6fdadd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 318 start_va = 0xc90000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 319 start_va = 0x2420000 end_va = 0x2911fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002420000" filename = "" Region: id = 320 start_va = 0x2920000 end_va = 0x395ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 321 start_va = 0x74440000 end_va = 0x744b4fff monitored = 0 entry_point = 0x74479a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 322 start_va = 0xe30000 end_va = 0xf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 323 start_va = 0x1010000 end_va = 0x101ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 324 start_va = 0x76c50000 end_va = 0x76d6efff monitored = 0 entry_point = 0x76c95980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 325 start_va = 0xc90000 end_va = 0xc90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 326 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 327 start_va = 0xe30000 end_va = 0xeebfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e30000" filename = "" Region: id = 328 start_va = 0xf10000 end_va = 0xf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 329 start_va = 0xc90000 end_va = 0xc93fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 330 start_va = 0x74420000 end_va = 0x7443cfff monitored = 0 entry_point = 0x74423b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 331 start_va = 0xca0000 end_va = 0xca4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 332 start_va = 0xcb0000 end_va = 0xcb3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 333 start_va = 0xcc0000 end_va = 0xcc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 334 start_va = 0x76230000 end_va = 0x762bcfff monitored = 0 entry_point = 0x76279b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 335 start_va = 0xce0000 end_va = 0xce0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ce0000" filename = "" Region: id = 336 start_va = 0xcf0000 end_va = 0xcf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cf0000" filename = "" Region: id = 337 start_va = 0xf20000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 338 start_va = 0x3960000 end_va = 0x3c96fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 339 start_va = 0x76340000 end_va = 0x7642afff monitored = 0 entry_point = 0x7637d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 340 start_va = 0x3ca0000 end_va = 0x3d30fff monitored = 0 entry_point = 0x3cd8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 341 start_va = 0x74bf0000 end_va = 0x75feefff monitored = 0 entry_point = 0x74dab990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 342 start_va = 0x76d70000 end_va = 0x76da6fff monitored = 0 entry_point = 0x76d73b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 343 start_va = 0x76430000 end_va = 0x76928fff monitored = 0 entry_point = 0x76637610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 344 start_va = 0x76e70000 end_va = 0x76eb3fff monitored = 0 entry_point = 0x76e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 345 start_va = 0x769c0000 end_va = 0x769cefff monitored = 0 entry_point = 0x769c2e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 346 start_va = 0x900000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 347 start_va = 0x940000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 348 start_va = 0x702d0000 end_va = 0x7041afff monitored = 0 entry_point = 0x70331660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 349 start_va = 0x77070000 end_va = 0x77101fff monitored = 0 entry_point = 0x770a8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 350 start_va = 0xa40000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 351 start_va = 0xa80000 end_va = 0xb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 352 start_va = 0xb80000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 353 start_va = 0xbc0000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 354 start_va = 0x3ca0000 end_va = 0x3d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ca0000" filename = "" Region: id = 355 start_va = 0x3da0000 end_va = 0x3e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003da0000" filename = "" Region: id = 356 start_va = 0xcf0000 end_va = 0xcf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cf0000" filename = "" Region: id = 357 start_va = 0x77110000 end_va = 0x77193fff monitored = 0 entry_point = 0x77136220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 358 start_va = 0x700b0000 end_va = 0x702cbfff monitored = 0 entry_point = 0x7027bc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 359 start_va = 0x71df0000 end_va = 0x71f6dfff monitored = 0 entry_point = 0x71e6c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 360 start_va = 0x74150000 end_va = 0x7441afff monitored = 0 entry_point = 0x7438c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 361 start_va = 0xd00000 end_va = 0xd00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d00000" filename = "" Region: id = 362 start_va = 0x735b0000 end_va = 0x74148fff monitored = 0 entry_point = 0x73786970 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 363 start_va = 0xc00000 end_va = 0xc01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Region: id = 364 start_va = 0x733a0000 end_va = 0x735aefff monitored = 0 entry_point = 0x7344b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 365 start_va = 0xd10000 end_va = 0xd10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 366 start_va = 0xc10000 end_va = 0xc11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c10000" filename = "" Region: id = 367 start_va = 0x70460000 end_va = 0x70469fff monitored = 0 entry_point = 0x70463200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 368 start_va = 0x70420000 end_va = 0x70452fff monitored = 0 entry_point = 0x70430e70 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 369 start_va = 0x71be0000 end_va = 0x71decfff monitored = 0 entry_point = 0x71ccacb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 370 start_va = 0xd10000 end_va = 0xd13fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 371 start_va = 0xef0000 end_va = 0xef0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 372 start_va = 0xf00000 end_va = 0xf0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f00000" filename = "" Region: id = 373 start_va = 0x6f420000 end_va = 0x6fd9cfff monitored = 0 entry_point = 0x6f5ec930 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\SysWOW64\\twinui.dll" (normalized: "c:\\windows\\syswow64\\twinui.dll") Region: id = 374 start_va = 0x70cd0000 end_va = 0x70d9cfff monitored = 0 entry_point = 0x70d229c0 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll") Region: id = 375 start_va = 0x70470000 end_va = 0x70537fff monitored = 0 entry_point = 0x704dae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 376 start_va = 0x71bb0000 end_va = 0x71bcafff monitored = 0 entry_point = 0x71bb9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 377 start_va = 0x6f290000 end_va = 0x6f416fff monitored = 0 entry_point = 0x6f2d2a50 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\SysWOW64\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\syswow64\\windows.ui.immersive.dll") Region: id = 378 start_va = 0xc20000 end_va = 0xc21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 379 start_va = 0x6f0a0000 end_va = 0x6f28efff monitored = 0 entry_point = 0x6f1426d0 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\SysWOW64\\twinui.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinui.appcore.dll") Region: id = 380 start_va = 0x6f020000 end_va = 0x6f095fff monitored = 0 entry_point = 0x6f0670d0 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\SysWOW64\\CoreMessaging.dll" (normalized: "c:\\windows\\syswow64\\coremessaging.dll") Region: id = 381 start_va = 0xfa0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 382 start_va = 0x3ea0000 end_va = 0x3f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 383 start_va = 0x6ee50000 end_va = 0x6f015fff monitored = 0 entry_point = 0x6ee96120 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\SysWOW64\\CoreUIComponents.dll" (normalized: "c:\\windows\\syswow64\\coreuicomponents.dll") Region: id = 483 start_va = 0x6ee40000 end_va = 0x6ee4bfff monitored = 0 entry_point = 0x6ee472b0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\SysWOW64\\execmodelproxy.dll" (normalized: "c:\\windows\\syswow64\\execmodelproxy.dll") Region: id = 654 start_va = 0x2420000 end_va = 0x245ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 655 start_va = 0x2460000 end_va = 0x255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 668 start_va = 0x6ed70000 end_va = 0x6ee3ffff monitored = 0 entry_point = 0x6edd5b20 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\SysWOW64\\MrmCoreR.dll" (normalized: "c:\\windows\\syswow64\\mrmcorer.dll") Region: id = 669 start_va = 0x6ecf0000 end_va = 0x6ed6afff monitored = 0 entry_point = 0x6ed2a540 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\SysWOW64\\Windows.UI.dll" (normalized: "c:\\windows\\syswow64\\windows.ui.dll") Region: id = 670 start_va = 0xfe0000 end_va = 0x100dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fe0000" filename = "" Region: id = 671 start_va = 0x2560000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 672 start_va = 0x25a0000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 673 start_va = 0x6ec90000 end_va = 0x6ece1fff monitored = 0 entry_point = 0x6ecb8290 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\SysWOW64\\BCP47Langs.dll" (normalized: "c:\\windows\\syswow64\\bcp47langs.dll") Region: id = 674 start_va = 0x3fa0000 end_va = 0x4491fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003fa0000" filename = "" Region: id = 675 start_va = 0x26a0000 end_va = 0x26a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026a0000" filename = "" Region: id = 676 start_va = 0x26a0000 end_va = 0x26e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026a0000" filename = "" Region: id = 678 start_va = 0x900000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 679 start_va = 0x940000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 682 start_va = 0xcf0000 end_va = 0xcf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cf0000" filename = "" Region: id = 683 start_va = 0x700b0000 end_va = 0x702cbfff monitored = 0 entry_point = 0x7027bc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 684 start_va = 0x735b0000 end_va = 0x74148fff monitored = 0 entry_point = 0x73786970 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 685 start_va = 0xc20000 end_va = 0xc21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 686 start_va = 0x6f420000 end_va = 0x6fd9cfff monitored = 0 entry_point = 0x6f5ec930 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\SysWOW64\\twinui.dll" (normalized: "c:\\windows\\syswow64\\twinui.dll") Region: id = 687 start_va = 0x70cd0000 end_va = 0x70d9cfff monitored = 0 entry_point = 0x70d229c0 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll") Region: id = 688 start_va = 0x6f290000 end_va = 0x6f416fff monitored = 0 entry_point = 0x6f2d2a50 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\SysWOW64\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\syswow64\\windows.ui.immersive.dll") Region: id = 689 start_va = 0x70470000 end_va = 0x70537fff monitored = 0 entry_point = 0x704dae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 690 start_va = 0xc30000 end_va = 0xc31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 691 start_va = 0x6f0a0000 end_va = 0x6f28efff monitored = 0 entry_point = 0x6f1426d0 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\SysWOW64\\twinui.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinui.appcore.dll") Region: id = 692 start_va = 0x6f020000 end_va = 0x6f095fff monitored = 0 entry_point = 0x6f0670d0 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\SysWOW64\\CoreMessaging.dll" (normalized: "c:\\windows\\syswow64\\coremessaging.dll") Region: id = 693 start_va = 0x6ee50000 end_va = 0x6f015fff monitored = 0 entry_point = 0x6ee96120 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\SysWOW64\\CoreUIComponents.dll" (normalized: "c:\\windows\\syswow64\\coreuicomponents.dll") Region: id = 697 start_va = 0x6ee40000 end_va = 0x6ee4bfff monitored = 0 entry_point = 0x6ee472b0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\SysWOW64\\execmodelproxy.dll" (normalized: "c:\\windows\\syswow64\\execmodelproxy.dll") Region: id = 717 start_va = 0x6ecf0000 end_va = 0x6ed6afff monitored = 0 entry_point = 0x6ed2a540 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\SysWOW64\\Windows.UI.dll" (normalized: "c:\\windows\\syswow64\\windows.ui.dll") Thread: id = 1 os_tid = 0xe24 Thread: id = 2 os_tid = 0xe40 Thread: id = 3 os_tid = 0xe68 Thread: id = 4 os_tid = 0x1140 Thread: id = 5 os_tid = 0xea4 Thread: id = 6 os_tid = 0xea8 Thread: id = 7 os_tid = 0xeec Thread: id = 31 os_tid = 0xffc Thread: id = 34 os_tid = 0x660 Thread: id = 35 os_tid = 0x1144 Process: id = "2" image_name = "sihost.exe" filename = "c:\\windows\\system32\\sihost.exe" page_root = "0x6eb30000" os_pid = "0x59c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x3f4" cmd_line = "sihost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fc8c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 384 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 385 start_va = 0x5b6e070000 end_va = 0x5b6e0effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6e070000" filename = "" Region: id = 386 start_va = 0x5b6e200000 end_va = 0x5b6e3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6e200000" filename = "" Region: id = 387 start_va = 0x5b6e480000 end_va = 0x5b6e4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6e480000" filename = "" Region: id = 388 start_va = 0x5b6e500000 end_va = 0x5b6e57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6e500000" filename = "" Region: id = 389 start_va = 0x5b6e580000 end_va = 0x5b6e5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6e580000" filename = "" Region: id = 390 start_va = 0x5b6e600000 end_va = 0x5b6e67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6e600000" filename = "" Region: id = 391 start_va = 0x5b6e700000 end_va = 0x5b6e77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6e700000" filename = "" Region: id = 392 start_va = 0x5b6e780000 end_va = 0x5b6e7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6e780000" filename = "" Region: id = 393 start_va = 0x5b6e800000 end_va = 0x5b6e87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6e800000" filename = "" Region: id = 394 start_va = 0x5b6e900000 end_va = 0x5b6e97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6e900000" filename = "" Region: id = 395 start_va = 0x5b6eb00000 end_va = 0x5b6eb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6eb00000" filename = "" Region: id = 396 start_va = 0x5b6eb80000 end_va = 0x5b6ebfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6eb80000" filename = "" Region: id = 397 start_va = 0x5b6ec00000 end_va = 0x5b6ec7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6ec00000" filename = "" Region: id = 398 start_va = 0x5b6ec80000 end_va = 0x5b6ecfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6ec80000" filename = "" Region: id = 399 start_va = 0x5b6ed00000 end_va = 0x5b6ed7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6ed00000" filename = "" Region: id = 400 start_va = 0x1dbf4aa0000 end_va = 0x1dbf4aaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001dbf4aa0000" filename = "" Region: id = 401 start_va = 0x1dbf4ab0000 end_va = 0x1dbf4ab6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf4ab0000" filename = "" Region: id = 402 start_va = 0x1dbf4ac0000 end_va = 0x1dbf4ad4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001dbf4ac0000" filename = "" Region: id = 403 start_va = 0x1dbf4ae0000 end_va = 0x1dbf4ae3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001dbf4ae0000" filename = "" Region: id = 404 start_va = 0x1dbf4af0000 end_va = 0x1dbf4af1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf4af0000" filename = "" Region: id = 405 start_va = 0x1dbf4b00000 end_va = 0x1dbf4b06fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf4b00000" filename = "" Region: id = 406 start_va = 0x1dbf4b10000 end_va = 0x1dbf4b10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf4b10000" filename = "" Region: id = 407 start_va = 0x1dbf4b20000 end_va = 0x1dbf4b20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf4b20000" filename = "" Region: id = 408 start_va = 0x1dbf4b30000 end_va = 0x1dbf4b30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001dbf4b30000" filename = "" Region: id = 409 start_va = 0x1dbf4b40000 end_va = 0x1dbf4c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf4b40000" filename = "" Region: id = 410 start_va = 0x1dbf4c40000 end_va = 0x1dbf4cfdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 411 start_va = 0x1dbf4d00000 end_va = 0x1dbf4d00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001dbf4d00000" filename = "" Region: id = 412 start_va = 0x1dbf4d10000 end_va = 0x1dbf4d3dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001dbf4d10000" filename = "" Region: id = 413 start_va = 0x1dbf4db0000 end_va = 0x1dbf4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf4db0000" filename = "" Region: id = 414 start_va = 0x1dbf4dc0000 end_va = 0x1dbf4f47fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001dbf4dc0000" filename = "" Region: id = 415 start_va = 0x1dbf4f50000 end_va = 0x1dbf50d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001dbf4f50000" filename = "" Region: id = 416 start_va = 0x1dbf50e0000 end_va = 0x1dbf64dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001dbf50e0000" filename = "" Region: id = 417 start_va = 0x1dbf64e0000 end_va = 0x1dbf65dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf64e0000" filename = "" Region: id = 418 start_va = 0x1dbf65e0000 end_va = 0x1dbf66bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 419 start_va = 0x1dbf6760000 end_va = 0x1dbf676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf6760000" filename = "" Region: id = 420 start_va = 0x1dbf6770000 end_va = 0x1dbf686ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf6770000" filename = "" Region: id = 421 start_va = 0x1dbf6870000 end_va = 0x1dbf706ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf6870000" filename = "" Region: id = 422 start_va = 0x1dbf7070000 end_va = 0x1dbf73a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 423 start_va = 0x1dbf73b0000 end_va = 0x1dbf74affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001dbf73b0000" filename = "" Region: id = 424 start_va = 0x7df5ff580000 end_va = 0x7ff5ff57ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff580000" filename = "" Region: id = 425 start_va = 0x7ff784d20000 end_va = 0x7ff784e1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff784d20000" filename = "" Region: id = 426 start_va = 0x7ff784e20000 end_va = 0x7ff784e42fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff784e20000" filename = "" Region: id = 427 start_va = 0x7ff785130000 end_va = 0x7ff785145fff monitored = 0 entry_point = 0x7ff785135190 region_type = mapped_file name = "sihost.exe" filename = "\\Windows\\System32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe") Region: id = 428 start_va = 0x7ffb4a490000 end_va = 0x7ffb4a4a0fff monitored = 0 entry_point = 0x7ffb4a495e90 region_type = mapped_file name = "licensemanagerapi.dll" filename = "\\Windows\\System32\\LicenseManagerApi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll") Region: id = 429 start_va = 0x7ffb4a4b0000 end_va = 0x7ffb4a543fff monitored = 0 entry_point = 0x7ffb4a4e9210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 430 start_va = 0x7ffb4a550000 end_va = 0x7ffb4a7f2fff monitored = 0 entry_point = 0x7ffb4a576190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 431 start_va = 0x7ffb4a800000 end_va = 0x7ffb4a814fff monitored = 0 entry_point = 0x7ffb4a801ab0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 432 start_va = 0x7ffb4a8a0000 end_va = 0x7ffb4aafcfff monitored = 0 entry_point = 0x7ffb4a928610 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 433 start_va = 0x7ffb4ab00000 end_va = 0x7ffb4ab08fff monitored = 0 entry_point = 0x7ffb4ab01480 region_type = mapped_file name = "wpportinglibrary.dll" filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll") Region: id = 434 start_va = 0x7ffb4ab10000 end_va = 0x7ffb4abb1fff monitored = 0 entry_point = 0x7ffb4ab12b20 region_type = mapped_file name = "sharehost.dll" filename = "\\Windows\\System32\\ShareHost.dll" (normalized: "c:\\windows\\system32\\sharehost.dll") Region: id = 435 start_va = 0x7ffb4abc0000 end_va = 0x7ffb4ac56fff monitored = 0 entry_point = 0x7ffb4abd4fd0 region_type = mapped_file name = "appcontracts.dll" filename = "\\Windows\\System32\\AppContracts.dll" (normalized: "c:\\windows\\system32\\appcontracts.dll") Region: id = 436 start_va = 0x7ffb4ac60000 end_va = 0x7ffb4ac6dfff monitored = 0 entry_point = 0x7ffb4ac62690 region_type = mapped_file name = "notificationplatformcomponent.dll" filename = "\\Windows\\System32\\notificationplatformcomponent.dll" (normalized: "c:\\windows\\system32\\notificationplatformcomponent.dll") Region: id = 437 start_va = 0x7ffb4ac70000 end_va = 0x7ffb4acb3fff monitored = 0 entry_point = 0x7ffb4ac7c010 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 438 start_va = 0x7ffb4ae90000 end_va = 0x7ffb4aeb2fff monitored = 0 entry_point = 0x7ffb4ae93020 region_type = mapped_file name = "appointmentactivation.dll" filename = "\\Windows\\System32\\AppointmentActivation.dll" (normalized: "c:\\windows\\system32\\appointmentactivation.dll") Region: id = 439 start_va = 0x7ffb4aec0000 end_va = 0x7ffb4af1cfff monitored = 0 entry_point = 0x7ffb4aed0080 region_type = mapped_file name = "activationmanager.dll" filename = "\\Windows\\System32\\ActivationManager.dll" (normalized: "c:\\windows\\system32\\activationmanager.dll") Region: id = 440 start_va = 0x7ffb4af20000 end_va = 0x7ffb4af50fff monitored = 0 entry_point = 0x7ffb4af23400 region_type = mapped_file name = "clipboardserver.dll" filename = "\\Windows\\System32\\ClipboardServer.dll" (normalized: "c:\\windows\\system32\\clipboardserver.dll") Region: id = 441 start_va = 0x7ffb4af60000 end_va = 0x7ffb4afaafff monitored = 0 entry_point = 0x7ffb4af77b70 region_type = mapped_file name = "veeventdispatcher.dll" filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll") Region: id = 442 start_va = 0x7ffb4afb0000 end_va = 0x7ffb4b089fff monitored = 0 entry_point = 0x7ffb4b0003b0 region_type = mapped_file name = "modernexecserver.dll" filename = "\\Windows\\System32\\modernexecserver.dll" (normalized: "c:\\windows\\system32\\modernexecserver.dll") Region: id = 443 start_va = 0x7ffb4b090000 end_va = 0x7ffb4b0a1fff monitored = 0 entry_point = 0x7ffb4b095110 region_type = mapped_file name = "windows.shell.servicehostbuilder.dll" filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll") Region: id = 444 start_va = 0x7ffb4b0b0000 end_va = 0x7ffb4b0cdfff monitored = 0 entry_point = 0x7ffb4b0b5340 region_type = mapped_file name = "desktopshellext.dll" filename = "\\Windows\\System32\\DesktopShellExt.dll" (normalized: "c:\\windows\\system32\\desktopshellext.dll") Region: id = 445 start_va = 0x7ffb4b180000 end_va = 0x7ffb4b407fff monitored = 0 entry_point = 0x7ffb4b1df670 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 446 start_va = 0x7ffb4bfd0000 end_va = 0x7ffb4c010fff monitored = 0 entry_point = 0x7ffb4bfd4840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 447 start_va = 0x7ffb4d130000 end_va = 0x7ffb4d13ffff monitored = 0 entry_point = 0x7ffb4d132c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 448 start_va = 0x7ffb4d690000 end_va = 0x7ffb4d7c5fff monitored = 0 entry_point = 0x7ffb4d6bf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 449 start_va = 0x7ffb4f790000 end_va = 0x7ffb4f821fff monitored = 0 entry_point = 0x7ffb4f7da780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 450 start_va = 0x7ffb50c30000 end_va = 0x7ffb510c2fff monitored = 0 entry_point = 0x7ffb50c3f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 451 start_va = 0x7ffb514f0000 end_va = 0x7ffb51511fff monitored = 0 entry_point = 0x7ffb514f1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 452 start_va = 0x7ffb51540000 end_va = 0x7ffb515fdfff monitored = 0 entry_point = 0x7ffb51582d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 453 start_va = 0x7ffb51df0000 end_va = 0x7ffb51e85fff monitored = 0 entry_point = 0x7ffb51e15570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 454 start_va = 0x7ffb51f90000 end_va = 0x7ffb5208ffff monitored = 0 entry_point = 0x7ffb51fd0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 455 start_va = 0x7ffb521f0000 end_va = 0x7ffb52219fff monitored = 0 entry_point = 0x7ffb521f8b90 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 456 start_va = 0x7ffb52960000 end_va = 0x7ffb52990fff monitored = 0 entry_point = 0x7ffb52967d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 457 start_va = 0x7ffb52a80000 end_va = 0x7ffb52ab3fff monitored = 0 entry_point = 0x7ffb52a9ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 458 start_va = 0x7ffb52df0000 end_va = 0x7ffb52e06fff monitored = 0 entry_point = 0x7ffb52df79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 459 start_va = 0x7ffb52f10000 end_va = 0x7ffb52f1afff monitored = 0 entry_point = 0x7ffb52f119a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 460 start_va = 0x7ffb53300000 end_va = 0x7ffb53328fff monitored = 0 entry_point = 0x7ffb53314530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 461 start_va = 0x7ffb53470000 end_va = 0x7ffb5347efff monitored = 0 entry_point = 0x7ffb53473210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 462 start_va = 0x7ffb53480000 end_va = 0x7ffb534cafff monitored = 0 entry_point = 0x7ffb534835f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 463 start_va = 0x7ffb534d0000 end_va = 0x7ffb534e3fff monitored = 0 entry_point = 0x7ffb534d52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 464 start_va = 0x7ffb53520000 end_va = 0x7ffb53b63fff monitored = 0 entry_point = 0x7ffb536e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 465 start_va = 0x7ffb53b70000 end_va = 0x7ffb53d57fff monitored = 0 entry_point = 0x7ffb53b9ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 466 start_va = 0x7ffb540d0000 end_va = 0x7ffb54139fff monitored = 0 entry_point = 0x7ffb54106d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 467 start_va = 0x7ffb54140000 end_va = 0x7ffb541f4fff monitored = 0 entry_point = 0x7ffb541822e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 468 start_va = 0x7ffb54200000 end_va = 0x7ffb54242fff monitored = 0 entry_point = 0x7ffb54214b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 469 start_va = 0x7ffb543d0000 end_va = 0x7ffb5464cfff monitored = 0 entry_point = 0x7ffb544a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 470 start_va = 0x7ffb54680000 end_va = 0x7ffb547d5fff monitored = 0 entry_point = 0x7ffb5468a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 471 start_va = 0x7ffb54840000 end_va = 0x7ffb548dcfff monitored = 0 entry_point = 0x7ffb548478a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 472 start_va = 0x7ffb548e0000 end_va = 0x7ffb54a65fff monitored = 0 entry_point = 0x7ffb5492ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 473 start_va = 0x7ffb54e50000 end_va = 0x7ffb54f92fff monitored = 0 entry_point = 0x7ffb54e78210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 474 start_va = 0x7ffb54fa0000 end_va = 0x7ffb55046fff monitored = 0 entry_point = 0x7ffb54fb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 475 start_va = 0x7ffb55050000 end_va = 0x7ffb550fcfff monitored = 0 entry_point = 0x7ffb550681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 476 start_va = 0x7ffb55100000 end_va = 0x7ffb5515afff monitored = 0 entry_point = 0x7ffb551138b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 477 start_va = 0x7ffb55160000 end_va = 0x7ffb5527bfff monitored = 0 entry_point = 0x7ffb551a02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 478 start_va = 0x7ffb55280000 end_va = 0x7ffb55326fff monitored = 0 entry_point = 0x7ffb5528b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 479 start_va = 0x7ffb56cd0000 end_va = 0x7ffb56d90fff monitored = 0 entry_point = 0x7ffb56cf0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 480 start_va = 0x7ffb56da0000 end_va = 0x7ffb56ddafff monitored = 0 entry_point = 0x7ffb56da12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 481 start_va = 0x7ffb56df0000 end_va = 0x7ffb56e41fff monitored = 0 entry_point = 0x7ffb56dff530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 482 start_va = 0x7ffb56e50000 end_va = 0x7ffb57010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 484 start_va = 0x1dbf4d40000 end_va = 0x1dbf4d40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001dbf4d40000" filename = "" Region: id = 485 start_va = 0x7ffb496a0000 end_va = 0x7ffb49857fff monitored = 0 entry_point = 0x7ffb4970e630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 486 start_va = 0x5b6ed80000 end_va = 0x5b6edfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6ed80000" filename = "" Region: id = 487 start_va = 0x7ffb4d300000 end_va = 0x7ffb4d681fff monitored = 0 entry_point = 0x7ffb4d351220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 488 start_va = 0x1dbf4d50000 end_va = 0x1dbf4d50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 489 start_va = 0x7ff784ca0000 end_va = 0x7ff784d1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 636 start_va = 0x1dbf4d50000 end_va = 0x1dbf4d50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 637 start_va = 0x7ff784ca0000 end_va = 0x7ff784d1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 652 start_va = 0x1dbf4d50000 end_va = 0x1dbf4d50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 653 start_va = 0x7ff784ca0000 end_va = 0x7ff784d1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 658 start_va = 0x5b6ee00000 end_va = 0x5b6ee7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6ee00000" filename = "" Region: id = 659 start_va = 0x5b6ee80000 end_va = 0x5b6eefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005b6ee80000" filename = "" Region: id = 660 start_va = 0x7ffb3dd50000 end_va = 0x7ffb3ddfbfff monitored = 0 entry_point = 0x7ffb3dd559c0 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 680 start_va = 0x1dbf4d50000 end_va = 0x1dbf4d50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 681 start_va = 0x7ff784ca0000 end_va = 0x7ff784d1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 698 start_va = 0x1dbf4d50000 end_va = 0x1dbf4d50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 699 start_va = 0x7ff784ca0000 end_va = 0x7ff784d1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 701 start_va = 0x1dbf4d50000 end_va = 0x1dbf4d50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 702 start_va = 0x7ff784ca0000 end_va = 0x7ff784d1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 723 start_va = 0x1dbf4d50000 end_va = 0x1dbf4d50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 724 start_va = 0x7ff784ca0000 end_va = 0x7ff784d1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 784 start_va = 0x1dbf4d50000 end_va = 0x1dbf4d50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 786 start_va = 0x7ff784ca0000 end_va = 0x7ff784d1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Thread: id = 8 os_tid = 0x11d8 Thread: id = 9 os_tid = 0x11c8 Thread: id = 10 os_tid = 0x11c4 Thread: id = 11 os_tid = 0x11bc Thread: id = 12 os_tid = 0x9e4 Thread: id = 13 os_tid = 0x640 Thread: id = 14 os_tid = 0x628 Thread: id = 15 os_tid = 0x60c Thread: id = 16 os_tid = 0x608 Thread: id = 17 os_tid = 0x5f0 Thread: id = 18 os_tid = 0x5e0 Thread: id = 19 os_tid = 0x5d4 Thread: id = 20 os_tid = 0x5bc Thread: id = 21 os_tid = 0x5a0 Thread: id = 22 os_tid = 0xf0c Thread: id = 32 os_tid = 0xc74 Thread: id = 33 os_tid = 0xc64 Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x6f185000" os_pid = "0x62c" os_integrity_level = "0x4000" os_privileges = "0x260814080" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k appmodel" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\tiledatamodelsvc" [0xa], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:00013b6e" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 490 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 491 start_va = 0x3eb0800000 end_va = 0x3eb09fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000003eb0800000" filename = "" Region: id = 492 start_va = 0x3eb0a00000 end_va = 0x3eb0a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000003eb0a00000" filename = "" Region: id = 493 start_va = 0x3eb1100000 end_va = 0x3eb117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000003eb1100000" filename = "" Region: id = 494 start_va = 0x3eb1580000 end_va = 0x3eb167ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000003eb1580000" filename = "" Region: id = 495 start_va = 0x3eb1680000 end_va = 0x3eb177ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000003eb1680000" filename = "" Region: id = 496 start_va = 0x3eb1780000 end_va = 0x3eb187ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000003eb1780000" filename = "" Region: id = 497 start_va = 0x3eb1880000 end_va = 0x3eb197ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000003eb1880000" filename = "" Region: id = 498 start_va = 0x3eb1980000 end_va = 0x3eb1a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000003eb1980000" filename = "" Region: id = 499 start_va = 0x3eb1a80000 end_va = 0x3eb1b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000003eb1a80000" filename = "" Region: id = 500 start_va = 0x16fb5b30000 end_va = 0x16fb5b3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5b30000" filename = "" Region: id = 501 start_va = 0x16fb5b40000 end_va = 0x16fb5b40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 502 start_va = 0x16fb5b50000 end_va = 0x16fb5b64fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5b50000" filename = "" Region: id = 503 start_va = 0x16fb5b70000 end_va = 0x16fb5b73fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5b70000" filename = "" Region: id = 504 start_va = 0x16fb5b80000 end_va = 0x16fb5b80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5b80000" filename = "" Region: id = 505 start_va = 0x16fb5b90000 end_va = 0x16fb5b91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb5b90000" filename = "" Region: id = 506 start_va = 0x16fb5ba0000 end_va = 0x16fb5c5dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 507 start_va = 0x16fb5c60000 end_va = 0x16fb5c66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb5c60000" filename = "" Region: id = 508 start_va = 0x16fb5c70000 end_va = 0x16fb5c70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb5c70000" filename = "" Region: id = 509 start_va = 0x16fb5c80000 end_va = 0x16fb5c80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb5c80000" filename = "" Region: id = 510 start_va = 0x16fb5c90000 end_va = 0x16fb5c9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 511 start_va = 0x16fb5ca0000 end_va = 0x16fb5ca7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "staterepository-machine.srd-shm" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\StateRepository-Machine.srd-shm" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\staterepository-machine.srd-shm") Region: id = 512 start_va = 0x16fb5cb0000 end_va = 0x16fb5cb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5cb0000" filename = "" Region: id = 513 start_va = 0x16fb5cc0000 end_va = 0x16fb5ccffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 514 start_va = 0x16fb5cd0000 end_va = 0x16fb5cd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5cd0000" filename = "" Region: id = 515 start_va = 0x16fb5ce0000 end_va = 0x16fb5ce0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5ce0000" filename = "" Region: id = 516 start_va = 0x16fb5cf0000 end_va = 0x16fb5cf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb5cf0000" filename = "" Region: id = 517 start_va = 0x16fb5d00000 end_va = 0x16fb5dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb5d00000" filename = "" Region: id = 518 start_va = 0x16fb5e00000 end_va = 0x16fb5f87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5e00000" filename = "" Region: id = 519 start_va = 0x16fb5f90000 end_va = 0x16fb5f96fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb5f90000" filename = "" Region: id = 520 start_va = 0x16fb5fa0000 end_va = 0x16fb5fa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb5fa0000" filename = "" Region: id = 521 start_va = 0x16fb5fb0000 end_va = 0x16fb5fbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5fb0000" filename = "" Region: id = 522 start_va = 0x16fb5fc0000 end_va = 0x16fb5fcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5fc0000" filename = "" Region: id = 523 start_va = 0x16fb5fd0000 end_va = 0x16fb5fdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5fd0000" filename = "" Region: id = 524 start_va = 0x16fb5fe0000 end_va = 0x16fb5feffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb5fe0000" filename = "" Region: id = 525 start_va = 0x16fb5ff0000 end_va = 0x16fb5ff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb5ff0000" filename = "" Region: id = 526 start_va = 0x16fb6000000 end_va = 0x16fb60fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb6000000" filename = "" Region: id = 527 start_va = 0x16fb6100000 end_va = 0x16fb6280fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb6100000" filename = "" Region: id = 528 start_va = 0x16fb6290000 end_va = 0x16fb634ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb6290000" filename = "" Region: id = 529 start_va = 0x16fb6350000 end_va = 0x16fb644ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb6350000" filename = "" Region: id = 530 start_va = 0x16fb6450000 end_va = 0x16fb645ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb6450000" filename = "" Region: id = 531 start_va = 0x16fb6460000 end_va = 0x16fb646ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb6460000" filename = "" Region: id = 532 start_va = 0x16fb6470000 end_va = 0x16fb647ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb6470000" filename = "" Region: id = 533 start_va = 0x16fb6480000 end_va = 0x16fb648ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb6480000" filename = "" Region: id = 534 start_va = 0x16fb6490000 end_va = 0x16fb6490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb6490000" filename = "" Region: id = 535 start_va = 0x16fb64a0000 end_va = 0x16fb64a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb64a0000" filename = "" Region: id = 536 start_va = 0x16fb64b0000 end_va = 0x16fb64b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb64b0000" filename = "" Region: id = 537 start_va = 0x16fb64c0000 end_va = 0x16fb64c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb64c0000" filename = "" Region: id = 538 start_va = 0x16fb64d0000 end_va = 0x16fb64d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb64d0000" filename = "" Region: id = 539 start_va = 0x16fb64e0000 end_va = 0x16fb64e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb64e0000" filename = "" Region: id = 540 start_va = 0x16fb64f0000 end_va = 0x16fb64f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb64f0000" filename = "" Region: id = 541 start_va = 0x16fb6500000 end_va = 0x16fb65fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb6500000" filename = "" Region: id = 542 start_va = 0x16fb6600000 end_va = 0x16fb6936fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 543 start_va = 0x16fb6940000 end_va = 0x16fb793ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb6940000" filename = "" Region: id = 544 start_va = 0x16fb7940000 end_va = 0x16fb795ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb7940000" filename = "" Region: id = 545 start_va = 0x16fb7960000 end_va = 0x16fb7961fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb7960000" filename = "" Region: id = 546 start_va = 0x16fb7970000 end_va = 0x16fb797ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 547 start_va = 0x16fb7980000 end_va = 0x16fb798ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 548 start_va = 0x16fb79b0000 end_va = 0x16fb79bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 549 start_va = 0x16fb79c0000 end_va = 0x16fb79cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 550 start_va = 0x16fb79d0000 end_va = 0x16fb79dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 551 start_va = 0x16fb79e0000 end_va = 0x16fb79effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 552 start_va = 0x16fb79f0000 end_va = 0x16fb79fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 553 start_va = 0x16fb7a00000 end_va = 0x16fb7a0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 554 start_va = 0x16fb7a10000 end_va = 0x16fb7a1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 555 start_va = 0x16fb7a20000 end_va = 0x16fb7a2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 556 start_va = 0x16fb7a30000 end_va = 0x16fb7a3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 557 start_va = 0x16fb7a40000 end_va = 0x16fb7a4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 558 start_va = 0x16fb7a50000 end_va = 0x16fb7a5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 559 start_va = 0x16fb7a60000 end_va = 0x16fb7a6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 560 start_va = 0x16fb7a70000 end_va = 0x16fb7a7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 561 start_va = 0x16fb7a80000 end_va = 0x16fb7a8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 562 start_va = 0x16fb7aa0000 end_va = 0x16fb7aaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 563 start_va = 0x16fb7ab0000 end_va = 0x16fb7abffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 564 start_va = 0x16fb7ac0000 end_va = 0x16fb7acffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 565 start_va = 0x16fb7ad0000 end_va = 0x16fb7adffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 566 start_va = 0x16fb7ae0000 end_va = 0x16fb7aeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 567 start_va = 0x16fb7af0000 end_va = 0x16fb7afffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 568 start_va = 0x16fb7b00000 end_va = 0x16fb7b0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 569 start_va = 0x16fb7b10000 end_va = 0x16fb7b1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 570 start_va = 0x16fb7b20000 end_va = 0x16fb7b2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 571 start_va = 0x16fb7b30000 end_va = 0x16fb7b3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 572 start_va = 0x16fb7b40000 end_va = 0x16fb7b4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 573 start_va = 0x16fb7b50000 end_va = 0x16fb7b5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 574 start_va = 0x16fb7b60000 end_va = 0x16fb7b6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 575 start_va = 0x16fb7b70000 end_va = 0x16fb7b7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 576 start_va = 0x16fb7b80000 end_va = 0x16fb7b8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 577 start_va = 0x16fb7b90000 end_va = 0x16fb7b9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 578 start_va = 0x16fb7ba0000 end_va = 0x16fb7baffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 579 start_va = 0x16fb7bb0000 end_va = 0x16fb7bbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 580 start_va = 0x16fb7bc0000 end_va = 0x16fb7bcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 581 start_va = 0x16fb7bd0000 end_va = 0x16fb7bdffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 582 start_va = 0x16fb7be0000 end_va = 0x16fb7beffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 583 start_va = 0x16fb7bf0000 end_va = 0x16fb7ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb7bf0000" filename = "" Region: id = 584 start_va = 0x16fb7cf0000 end_va = 0x16fb7cfffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 585 start_va = 0x16fb7d00000 end_va = 0x16fb7dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb7d00000" filename = "" Region: id = 586 start_va = 0x16fb7e00000 end_va = 0x16fb7e0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 587 start_va = 0x16fb7e10000 end_va = 0x16fb7e1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 588 start_va = 0x16fb7e20000 end_va = 0x16fb7e20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb7e20000" filename = "" Region: id = 589 start_va = 0x16fb7e30000 end_va = 0x16fb7e30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb7e30000" filename = "" Region: id = 590 start_va = 0x16fb7e40000 end_va = 0x16fb7e4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 591 start_va = 0x16fb7e60000 end_va = 0x16fb7e6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 592 start_va = 0x16fb7e70000 end_va = 0x16fb7e9dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e70000" filename = "" Region: id = 593 start_va = 0x16fb7f00000 end_va = 0x16fb7ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb7f00000" filename = "" Region: id = 594 start_va = 0x7df5ff9d0000 end_va = 0x7ff5ff9cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff9d0000" filename = "" Region: id = 595 start_va = 0x7ff7017f0000 end_va = 0x7ff7018effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7017f0000" filename = "" Region: id = 596 start_va = 0x7ff7018f0000 end_va = 0x7ff701912fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7018f0000" filename = "" Region: id = 597 start_va = 0x7ff7019e0000 end_va = 0x7ff7019ecfff monitored = 0 entry_point = 0x7ff7019e3980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 598 start_va = 0x7ffb496a0000 end_va = 0x7ffb49857fff monitored = 0 entry_point = 0x7ffb4970e630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 599 start_va = 0x7ffb49860000 end_va = 0x7ffb49b58fff monitored = 0 entry_point = 0x7ffb49927280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 600 start_va = 0x7ffb49b60000 end_va = 0x7ffb49bdbfff monitored = 0 entry_point = 0x7ffb49b8a970 region_type = mapped_file name = "tileobjserver.dll" filename = "\\Windows\\System32\\tileobjserver.dll" (normalized: "c:\\windows\\system32\\tileobjserver.dll") Region: id = 601 start_va = 0x7ffb4a4b0000 end_va = 0x7ffb4a543fff monitored = 0 entry_point = 0x7ffb4a4e9210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 602 start_va = 0x7ffb4a550000 end_va = 0x7ffb4a7f2fff monitored = 0 entry_point = 0x7ffb4a576190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 603 start_va = 0x7ffb4d300000 end_va = 0x7ffb4d681fff monitored = 0 entry_point = 0x7ffb4d351220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 604 start_va = 0x7ffb4d690000 end_va = 0x7ffb4d7c5fff monitored = 0 entry_point = 0x7ffb4d6bf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 605 start_va = 0x7ffb4f790000 end_va = 0x7ffb4f821fff monitored = 0 entry_point = 0x7ffb4f7da780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 606 start_va = 0x7ffb50c30000 end_va = 0x7ffb510c2fff monitored = 0 entry_point = 0x7ffb50c3f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 607 start_va = 0x7ffb51be0000 end_va = 0x7ffb51bf2fff monitored = 0 entry_point = 0x7ffb51be2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 608 start_va = 0x7ffb52610000 end_va = 0x7ffb52703fff monitored = 0 entry_point = 0x7ffb5261a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 609 start_va = 0x7ffb52a80000 end_va = 0x7ffb52ab3fff monitored = 0 entry_point = 0x7ffb52a9ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 610 start_va = 0x7ffb52bd0000 end_va = 0x7ffb52beefff monitored = 0 entry_point = 0x7ffb52bd5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 611 start_va = 0x7ffb52df0000 end_va = 0x7ffb52e06fff monitored = 0 entry_point = 0x7ffb52df79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 612 start_va = 0x7ffb52f10000 end_va = 0x7ffb52f1afff monitored = 0 entry_point = 0x7ffb52f119a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 613 start_va = 0x7ffb530f0000 end_va = 0x7ffb5311cfff monitored = 0 entry_point = 0x7ffb53109d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 614 start_va = 0x7ffb53280000 end_va = 0x7ffb532d5fff monitored = 0 entry_point = 0x7ffb53290bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 615 start_va = 0x7ffb53300000 end_va = 0x7ffb53328fff monitored = 0 entry_point = 0x7ffb53314530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 616 start_va = 0x7ffb53470000 end_va = 0x7ffb5347efff monitored = 0 entry_point = 0x7ffb53473210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 617 start_va = 0x7ffb53480000 end_va = 0x7ffb534cafff monitored = 0 entry_point = 0x7ffb534835f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 618 start_va = 0x7ffb534d0000 end_va = 0x7ffb534e3fff monitored = 0 entry_point = 0x7ffb534d52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 619 start_va = 0x7ffb53520000 end_va = 0x7ffb53b63fff monitored = 0 entry_point = 0x7ffb536e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 620 start_va = 0x7ffb53b70000 end_va = 0x7ffb53d57fff monitored = 0 entry_point = 0x7ffb53b9ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 621 start_va = 0x7ffb540d0000 end_va = 0x7ffb54139fff monitored = 0 entry_point = 0x7ffb54106d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 622 start_va = 0x7ffb54140000 end_va = 0x7ffb541f4fff monitored = 0 entry_point = 0x7ffb541822e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 623 start_va = 0x7ffb54200000 end_va = 0x7ffb54242fff monitored = 0 entry_point = 0x7ffb54214b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 624 start_va = 0x7ffb543d0000 end_va = 0x7ffb5464cfff monitored = 0 entry_point = 0x7ffb544a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 625 start_va = 0x7ffb54680000 end_va = 0x7ffb547d5fff monitored = 0 entry_point = 0x7ffb5468a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 626 start_va = 0x7ffb54840000 end_va = 0x7ffb548dcfff monitored = 0 entry_point = 0x7ffb548478a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 627 start_va = 0x7ffb548e0000 end_va = 0x7ffb54a65fff monitored = 0 entry_point = 0x7ffb5492ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 628 start_va = 0x7ffb54fa0000 end_va = 0x7ffb55046fff monitored = 0 entry_point = 0x7ffb54fb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 629 start_va = 0x7ffb55050000 end_va = 0x7ffb550fcfff monitored = 0 entry_point = 0x7ffb550681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 630 start_va = 0x7ffb55100000 end_va = 0x7ffb5515afff monitored = 0 entry_point = 0x7ffb551138b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 631 start_va = 0x7ffb55160000 end_va = 0x7ffb5527bfff monitored = 0 entry_point = 0x7ffb551a02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 632 start_va = 0x7ffb55280000 end_va = 0x7ffb55326fff monitored = 0 entry_point = 0x7ffb5528b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 633 start_va = 0x7ffb56df0000 end_va = 0x7ffb56e41fff monitored = 0 entry_point = 0x7ffb56dff530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 634 start_va = 0x7ffb56e50000 end_va = 0x7ffb57010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 635 start_va = 0x16fb7990000 end_va = 0x16fb7990fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7990000" filename = "" Region: id = 638 start_va = 0x16fb7990000 end_va = 0x16fb7990fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7990000" filename = "" Region: id = 639 start_va = 0x16fb7990000 end_va = 0x16fb7990fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7990000" filename = "" Region: id = 640 start_va = 0x16fb7990000 end_va = 0x16fb799ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 641 start_va = 0x16fb79a0000 end_va = 0x16fb79affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 642 start_va = 0x16fb7a90000 end_va = 0x16fb7a9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 643 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 644 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 645 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 646 start_va = 0x16fb7e50000 end_va = 0x16fb7e5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 647 start_va = 0x16fb7ea0000 end_va = 0x16fb7ea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ea0000" filename = "" Region: id = 648 start_va = 0x16fb7ea0000 end_va = 0x16fb7ea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ea0000" filename = "" Region: id = 649 start_va = 0x16fb7ea0000 end_va = 0x16fb7eaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 650 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 651 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 656 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 657 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 661 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 662 start_va = 0x16fb7ec0000 end_va = 0x16fb7ecffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 663 start_va = 0x16fb7ed0000 end_va = 0x16fb7ed0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ed0000" filename = "" Region: id = 664 start_va = 0x16fb7ed0000 end_va = 0x16fb7ed0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ed0000" filename = "" Region: id = 665 start_va = 0x16fb7eb0000 end_va = 0x16fb7ebffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 666 start_va = 0x16fb7ed0000 end_va = 0x16fb7ed0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ed0000" filename = "" Region: id = 667 start_va = 0x16fb7ee0000 end_va = 0x16fb7ee0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ee0000" filename = "" Region: id = 677 start_va = 0x16fb7ee0000 end_va = 0x16fb7ee0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ee0000" filename = "" Region: id = 694 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 695 start_va = 0x16fb7ed0000 end_va = 0x16fb7ed0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ed0000" filename = "" Region: id = 696 start_va = 0x16fb7ed0000 end_va = 0x16fb7ed0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ed0000" filename = "" Region: id = 700 start_va = 0x16fb7eb0000 end_va = 0x16fb7ebffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 703 start_va = 0x16fb7ed0000 end_va = 0x16fb7ed0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ed0000" filename = "" Region: id = 704 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 705 start_va = 0x16fb7ec0000 end_va = 0x16fb7ec0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ec0000" filename = "" Region: id = 706 start_va = 0x16fb7ec0000 end_va = 0x16fb7ecffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 707 start_va = 0x16fb7ed0000 end_va = 0x16fb7ed0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ed0000" filename = "" Region: id = 708 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 709 start_va = 0x16fb79b0000 end_va = 0x16fb79b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79b0000" filename = "" Region: id = 710 start_va = 0x16fb79b0000 end_va = 0x16fb79bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 711 start_va = 0x16fb79c0000 end_va = 0x16fb79c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79c0000" filename = "" Region: id = 712 start_va = 0x16fb79d0000 end_va = 0x16fb79d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79d0000" filename = "" Region: id = 713 start_va = 0x16fb79c0000 end_va = 0x16fb79c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79c0000" filename = "" Region: id = 714 start_va = 0x16fb79d0000 end_va = 0x16fb79d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79d0000" filename = "" Region: id = 715 start_va = 0x16fb79c0000 end_va = 0x16fb79c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79c0000" filename = "" Region: id = 716 start_va = 0x16fb79d0000 end_va = 0x16fb79d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79d0000" filename = "" Region: id = 718 start_va = 0x16fb79c0000 end_va = 0x16fb79cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 719 start_va = 0x16fb79d0000 end_va = 0x16fb79dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 720 start_va = 0x16fb7e50000 end_va = 0x16fb7e5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 721 start_va = 0x16fb7ea0000 end_va = 0x16fb7eaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 722 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 725 start_va = 0x16fb7ec0000 end_va = 0x16fb7ec0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ec0000" filename = "" Region: id = 726 start_va = 0x16fb7ec0000 end_va = 0x16fb7ec0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ec0000" filename = "" Region: id = 727 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 728 start_va = 0x16fb7ec0000 end_va = 0x16fb7ecffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 729 start_va = 0x16fb7ed0000 end_va = 0x16fb7edffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 730 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 731 start_va = 0x16fb7a60000 end_va = 0x16fb7a60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7a60000" filename = "" Region: id = 732 start_va = 0x16fb7a60000 end_va = 0x16fb7a60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7a60000" filename = "" Region: id = 733 start_va = 0x16fb7a60000 end_va = 0x16fb7a6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 734 start_va = 0x16fb7aa0000 end_va = 0x16fb7aaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 735 start_va = 0x16fb7ab0000 end_va = 0x16fb7abffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 736 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 737 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 738 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 739 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 740 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 741 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 742 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 743 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 744 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 745 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 746 start_va = 0x16fb7e50000 end_va = 0x16fb7e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7e50000" filename = "" Region: id = 747 start_va = 0x16fb7e50000 end_va = 0x16fb7e5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 748 start_va = 0x16fb7ea0000 end_va = 0x16fb7ea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ea0000" filename = "" Region: id = 749 start_va = 0x16fb7ea0000 end_va = 0x16fb7ea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ea0000" filename = "" Region: id = 750 start_va = 0x16fb7ea0000 end_va = 0x16fb7ea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ea0000" filename = "" Region: id = 751 start_va = 0x16fb7ea0000 end_va = 0x16fb7ea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ea0000" filename = "" Region: id = 752 start_va = 0x16fb7ea0000 end_va = 0x16fb7eaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 753 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 754 start_va = 0x16fb7eb0000 end_va = 0x16fb7eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7eb0000" filename = "" Region: id = 755 start_va = 0x16fb7eb0000 end_va = 0x16fb7ebffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 756 start_va = 0x16fb7ec0000 end_va = 0x16fb7ec0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ec0000" filename = "" Region: id = 757 start_va = 0x16fb7ec0000 end_va = 0x16fb7ec0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ec0000" filename = "" Region: id = 758 start_va = 0x16fb7ec0000 end_va = 0x16fb7ecffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 759 start_va = 0x16fb7ed0000 end_va = 0x16fb7ed0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ed0000" filename = "" Region: id = 760 start_va = 0x16fb7ed0000 end_va = 0x16fb7ed0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ed0000" filename = "" Region: id = 761 start_va = 0x16fb7ed0000 end_va = 0x16fb7edffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 762 start_va = 0x16fb7ee0000 end_va = 0x16fb7ee0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ee0000" filename = "" Region: id = 763 start_va = 0x16fb7ee0000 end_va = 0x16fb7ee0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ee0000" filename = "" Region: id = 764 start_va = 0x16fb7ee0000 end_va = 0x16fb7ee0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ee0000" filename = "" Region: id = 765 start_va = 0x16fb7ee0000 end_va = 0x16fb7ee0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ee0000" filename = "" Region: id = 766 start_va = 0x16fb7ee0000 end_va = 0x16fb7ee0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ee0000" filename = "" Region: id = 767 start_va = 0x16fb7ee0000 end_va = 0x16fb7ee0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ee0000" filename = "" Region: id = 768 start_va = 0x16fb7ee0000 end_va = 0x16fb7ee0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ee0000" filename = "" Region: id = 769 start_va = 0x16fb7ee0000 end_va = 0x16fb7eeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 770 start_va = 0x16fb7ef0000 end_va = 0x16fb7ef0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ef0000" filename = "" Region: id = 771 start_va = 0x16fb7ef0000 end_va = 0x16fb7ef0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ef0000" filename = "" Region: id = 772 start_va = 0x16fb7ef0000 end_va = 0x16fb7ef0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb7ef0000" filename = "" Region: id = 773 start_va = 0x16fb7ef0000 end_va = 0x16fb7efffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 774 start_va = 0x16fb8000000 end_va = 0x16fb8000fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8000000" filename = "" Region: id = 775 start_va = 0x16fb8000000 end_va = 0x16fb800ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 776 start_va = 0x16fb8010000 end_va = 0x16fb8010fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8010000" filename = "" Region: id = 777 start_va = 0x16fb8010000 end_va = 0x16fb801ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 778 start_va = 0x16fb8020000 end_va = 0x16fb802ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 779 start_va = 0x16fb8030000 end_va = 0x16fb803ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 780 start_va = 0x16fb8040000 end_va = 0x16fb804ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 781 start_va = 0x16fb8050000 end_va = 0x16fb805ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 782 start_va = 0x16fb8060000 end_va = 0x16fb806ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 783 start_va = 0x16fb8070000 end_va = 0x16fb807ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 785 start_va = 0x16fb8080000 end_va = 0x16fb808ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 787 start_va = 0x16fb8090000 end_va = 0x16fb809ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 788 start_va = 0x16fb80a0000 end_va = 0x16fb80affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 789 start_va = 0x16fb80b0000 end_va = 0x16fb80bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 790 start_va = 0x16fb80c0000 end_va = 0x16fb80cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 791 start_va = 0x16fb80d0000 end_va = 0x16fb80d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb80d0000" filename = "" Region: id = 792 start_va = 0x16fb80e0000 end_va = 0x16fb80e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb80e0000" filename = "" Region: id = 793 start_va = 0x16fb80e0000 end_va = 0x16fb80effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 794 start_va = 0x16fb80f0000 end_va = 0x16fb80f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb80f0000" filename = "" Region: id = 795 start_va = 0x16fb80f0000 end_va = 0x16fb80f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb80f0000" filename = "" Region: id = 796 start_va = 0x16fb80f0000 end_va = 0x16fb80fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 797 start_va = 0x16fb8100000 end_va = 0x16fb8100fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8100000" filename = "" Region: id = 798 start_va = 0x16fb8100000 end_va = 0x16fb810ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 799 start_va = 0x16fb8110000 end_va = 0x16fb811ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 800 start_va = 0x16fb8120000 end_va = 0x16fb8120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb8120000" filename = "" Region: id = 801 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 802 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 803 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 804 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 805 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 806 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 807 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 808 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 809 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 810 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 811 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 812 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 813 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 814 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 815 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 816 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 817 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 818 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 819 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 820 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 821 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 822 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 823 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 824 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 825 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 826 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 827 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 828 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 829 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 830 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 831 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 832 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 833 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 834 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 835 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 836 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 837 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 838 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 839 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 840 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 841 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 842 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 843 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 844 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 845 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 846 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 847 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 848 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 849 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 850 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 851 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 852 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 853 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 854 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 855 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 856 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 857 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 858 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 859 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 860 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 861 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 862 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 863 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 864 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 865 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 866 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 867 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 868 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 869 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 870 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 871 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 872 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 873 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 874 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 875 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 876 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 877 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 878 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 879 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 880 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 881 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 882 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 883 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 884 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 885 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 886 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 887 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 888 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 889 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 890 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 891 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 892 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 893 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 894 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 895 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 896 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 897 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 898 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 899 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 900 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 901 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 902 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 903 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 904 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 905 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 906 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 907 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 908 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 909 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 910 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 911 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 912 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 913 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 914 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 915 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 916 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 917 start_va = 0x16fb79e0000 end_va = 0x16fb79e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79e0000" filename = "" Region: id = 918 start_va = 0x16fb79e0000 end_va = 0x16fb79e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79e0000" filename = "" Region: id = 919 start_va = 0x16fb79e0000 end_va = 0x16fb79e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79e0000" filename = "" Region: id = 920 start_va = 0x16fb79e0000 end_va = 0x16fb79effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 921 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 922 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 923 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 924 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 925 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 926 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 927 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 928 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 929 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 930 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 931 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 932 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 933 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 934 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 935 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 936 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 937 start_va = 0x16fb79f0000 end_va = 0x16fb79f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb79f0000" filename = "" Region: id = 938 start_va = 0x16fb79f0000 end_va = 0x16fb79fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 939 start_va = 0x16fb7a10000 end_va = 0x16fb7a1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 940 start_va = 0x16fb7a20000 end_va = 0x16fb7a2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 941 start_va = 0x16fb7ac0000 end_va = 0x16fb7acffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 942 start_va = 0x16fb80e0000 end_va = 0x16fb80e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000016fb80e0000" filename = "" Region: id = 943 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 944 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 945 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 946 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Region: id = 947 start_va = 0x16fb8130000 end_va = 0x16fb8130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000016fb8130000" filename = "" Thread: id = 23 os_tid = 0xc58 Thread: id = 24 os_tid = 0x13bc Thread: id = 25 os_tid = 0x674 Thread: id = 26 os_tid = 0xa44 Thread: id = 27 os_tid = 0x278 Thread: id = 28 os_tid = 0xaec Thread: id = 29 os_tid = 0x8c4 Thread: id = 30 os_tid = 0x630