[{"date":"2026-04-24-01-24-34","do_etw":false,"do_etwti":true,"do_hook":false,"do_hook_callstack":true,"do_kernel":true,"func":"init","targets":["redtest"],"trace_id":41,"type":"meta","version":"1.0"},{"func":"process_create","id":1,"krn_pid":4732,"name":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","parent_name":"\\Device\\HarddiskVolume3\\Windows\\System32\\cmd.exe","pid":9228,"ppid":4732,"time":134214927009848304,"trace_id":41,"type":"kernel"},{"create":1,"func":"thread_create","id":2,"krn_pid":4732,"pid":9228,"threadid":11736,"time":134214927009848304,"trace_id":41,"type":"kernel"},{"func":"image_load","id":3,"image":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","krn_pid":9228,"pid":9228,"time":134214927009848304,"trace_id":41,"type":"kernel"},{"func":"image_load","id":4,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","krn_pid":9228,"pid":9228,"time":134214927009848304,"trace_id":41,"type":"kernel"},{"func":"image_load","id":5,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\kernel32.dll","krn_pid":9228,"pid":9228,"time":134214927009848304,"trace_id":41,"type":"kernel"},{"func":"image_load","id":6,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\KernelBase.dll","krn_pid":9228,"pid":9228,"time":134214927009848304,"trace_id":41,"type":"kernel"},{"func":"image_load","id":7,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\sechost.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":8,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\bcrypt.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"create":1,"func":"thread_create","id":9,"krn_pid":9228,"pid":9228,"threadid":9208,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":10,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\ApiSetHost.AppExecutionAlias.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":11,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\ucrtbase.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"create":1,"func":"thread_create","id":12,"krn_pid":9228,"pid":9228,"threadid":7712,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":13,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\combase.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":14,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\rpcrt4.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":15,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\msvcp_win.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":16,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\profapi.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":17,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\windows.storage.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":18,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\WinTypes.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":19,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\SHCore.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":20,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\shlwapi.dll","krn_pid":9228,"pid":9228,"time":134214927010024842,"trace_id":41,"type":"kernel"},{"func":"image_load","id":21,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\msvcrt.dll","krn_pid":9228,"pid":9228,"time":134214927010164942,"trace_id":41,"type":"kernel"},{"create":1,"func":"thread_create","id":22,"krn_pid":9228,"pid":9228,"threadid":5772,"time":134214927010164942,"trace_id":41,"type":"kernel"},{"create":1,"func":"thread_create","id":23,"krn_pid":9228,"pid":9228,"threadid":9220,"time":134214927010164942,"trace_id":41,"type":"kernel"},{"func":"image_load","id":24,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\kernel.appcore.dll","krn_pid":9228,"pid":9228,"time":134214927010164942,"trace_id":41,"type":"kernel"},{"func":"image_load","id":25,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\daxexec.dll","krn_pid":9228,"pid":9228,"time":134214927010164942,"trace_id":41,"type":"kernel"},{"func":"image_load","id":26,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\oleaut32.dll","krn_pid":9228,"pid":9228,"time":134214927010164942,"trace_id":41,"type":"kernel"},{"func":"image_load","id":27,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\userenv.dll","krn_pid":9228,"pid":9228,"time":134214927010164942,"trace_id":41,"type":"kernel"},{"func":"image_load","id":28,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\container.dll","krn_pid":9228,"pid":9228,"time":134214927010164942,"trace_id":41,"type":"kernel"},{"func":"image_load","id":29,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\bcryptprimitives.dll","krn_pid":9228,"pid":9228,"time":134214927010164942,"trace_id":41,"type":"kernel"},{"func":"image_load","id":30,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\clbcatq.dll","krn_pid":9228,"pid":9228,"time":134214927010164942,"trace_id":41,"type":"kernel"},{"create":1,"func":"thread_create","id":31,"krn_pid":9228,"pid":9228,"threadid":3836,"time":134214927010336515,"trace_id":41,"type":"kernel"},{"func":"image_load","id":32,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\Windows.StateRepositoryPS.dll","krn_pid":9228,"pid":9228,"time":134214927010336515,"trace_id":41,"type":"kernel"},{"func":"image_load","id":33,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\AppxAllUserStore.dll","krn_pid":9228,"pid":9228,"time":134214927010336515,"trace_id":41,"type":"kernel"},{"func":"image_load","id":34,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\Windows.StateRepositoryClient.dll","krn_pid":9228,"pid":9228,"time":134214927010336515,"trace_id":41,"type":"kernel"},{"func":"image_load","id":35,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\Windows.StateRepositoryCore.dll","krn_pid":9228,"pid":9228,"time":134214927010336515,"trace_id":41,"type":"kernel"},{"func":"image_load","id":36,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\capauthz.dll","krn_pid":9228,"pid":9228,"time":134214927010336515,"trace_id":41,"type":"kernel"},{"func":"image_load","id":37,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\advapi32.dll","krn_pid":9228,"pid":9228,"time":134214927010336515,"trace_id":41,"type":"kernel"},{"func":"image_load","id":38,"image":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntmarta.dll","krn_pid":9228,"pid":9228,"time":134214927010336515,"trace_id":41,"type":"kernel"},{"baseaddress":644522078224,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134211321329327759,"callingthreadid":2780,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":2780,"etw_time":134215250967629974,"event":"KERNEL_THREATINT_TASK_READVM","id":39,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175993,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724228798335,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724228794062,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724228792856,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724231408856,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724231406725,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724227599937,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724229141966,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724229140387,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":17},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":18},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":19},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":20},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":21}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":12288,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134211321329327759,"callingthreadid":2780,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":2780,"etw_time":134215250967630587,"event":"KERNEL_THREATINT_TASK_READVM","id":40,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724228798335,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724228794062,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724228792856,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724231408856,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724231406725,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227599937,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229141966,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724229140387,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":16},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":17},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":18},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":19},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":20}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":12288,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134211321329327759,"callingthreadid":2780,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":2780,"etw_time":134215250967630793,"event":"KERNEL_THREATINT_TASK_READVM","id":41,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724228798335,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724228794062,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724228792856,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724231408856,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724231406725,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227599937,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229141966,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724229140387,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":16},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":17},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":18},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":19},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":20}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":65536,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134211321329327759,"callingthreadid":2780,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":2780,"etw_time":134215250967630913,"event":"KERNEL_THREATINT_TASK_READVM","id":42,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724228798335,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724228794062,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724228792856,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724231408856,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724231406725,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227599937,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229141966,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724229140387,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":16},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":17},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":18},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":19},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":20}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":32768,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"allocationtype":12288,"baseaddress":2962240045056,"callingprocesscreatetime":134214927009837747,"callingprocessid":9228,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836979257,"callingthreadcreatetime":134214927009837781,"callingthreadid":11736,"etw_event_id":1,"etw_pid":9228,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":11736,"etw_time":134215250968593355,"event":"KERNEL_THREATINT_TASK_ALLOCVM","id":43,"originalprocesscreatetime":134214927009837747,"originalprocessid":9228,"originalprocessprotection":"unsupported","originalprocesssectionsignaturelevel":"unsupported","originalprocesssignaturelevel":"unsupported","originalprocessstartkey":1970324836979257,"process_name":".\\redtest.exe  2","protectionmask":"RWX","regionsize":5,"stack_trace":[{"addr":140725997211908,"addr_info":"ntdll.dll:.text","idx":0},{"addr":140725951311276,"addr_info":"KERNELBASE.dll:.text","idx":1},{"addr":140725951311158,"addr_info":"KERNELBASE.dll:.text","idx":2},{"addr":140696170732398,"addr_info":"redtest.exe:.text","idx":3},{"addr":140696170735828,"addr_info":"redtest.exe:.text","idx":4},{"addr":140696170736640,"addr_info":"redtest.exe:.text","idx":5},{"addr":140725979784605,"addr_info":"KERNEL32.DLL:.text","idx":6},{"addr":140725996924792,"addr_info":"ntdll.dll:.text","idx":7}],"targetprocesscreatetime":134214927010598360,"targetprocessid":7292,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979258,"trace_id":41,"type":"etw"},{"baseaddress":2962240045056,"callingprocesscreatetime":134214927009837747,"callingprocessid":9228,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836979257,"callingthreadcreatetime":134214927009837781,"callingthreadid":11736,"etw_event_id":2,"etw_pid":9228,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":11736,"etw_time":134215250968594575,"event":"KERNEL_THREATINT_TASK_PROTECTVM","id":44,"lastprotectionmask":"RWX","originalprocesscreatetime":134214927009837747,"originalprocessid":9228,"originalprocessprotection":"unsupported","originalprocesssectionsignaturelevel":"unsupported","originalprocesssignaturelevel":"unsupported","originalprocessstartkey":1970324836979257,"process_name":".\\redtest.exe  2","protectionmask":"R-X","regionsize":5,"stack_trace":[{"addr":140725997213700,"addr_info":"ntdll.dll:.text","idx":0},{"addr":140725951321732,"addr_info":"KERNELBASE.dll:.text","idx":1},{"addr":140696170732562,"addr_info":"redtest.exe:.text","idx":2},{"addr":140696170735828,"addr_info":"redtest.exe:.text","idx":3},{"addr":140696170736640,"addr_info":"redtest.exe:.text","idx":4},{"addr":140725979784605,"addr_info":"KERNEL32.DLL:.text","idx":5},{"addr":140725996924792,"addr_info":"ntdll.dll:.text","idx":6}],"targetprocesscreatetime":134214927010598360,"targetprocessid":7292,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979258,"trace_id":41,"type":"etw","vavadallocationbase":2962240045056,"vavadallocationprotect":64,"vavadcommitsize":4096,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":4096,"vavadregiontype":131072},{"commandline":".\\redtest.exe  2","func":"peb","id":45,"image_base":140696170725376,"image_path":"C:\\RedEdr\\redtest.exe","is_debugged":0,"is_protected_process":0,"is_protected_process_light":0,"parent_pid":4732,"pid":9228,"time":134214927020490680,"trace_id":41,"type":"process_query","working_dir":"C:\\RedEdr\\"},{"dlls":[{"addr":140696170725376,"name":"C:\\RedEdr\\redtest.exe","size":176128},{"addr":140725996552192,"name":"ntdll.dll","size":2195456},{"addr":140725979709440,"name":"KERNEL32.DLL","size":802816},{"addr":140725950808064,"name":"KERNELBASE.dll","size":4009984},{"addr":140725965422592,"name":"sechost.dll","size":688128},{"addr":140725958082560,"name":"bcrypt.dll","size":163840},{"addr":140725605695488,"name":"apisethost.appexecutionalias.dll","size":200704},{"addr":140725949628416,"name":"ucrtbase.dll","size":1118208},{"addr":140725972172800,"name":"combase.dll","size":3739648},{"addr":140725980561408,"name":"RPCRT4.dll","size":1146880},{"addr":140725958803456,"name":"msvcp_win.dll","size":630784},{"addr":140725946482688,"name":"profapi.dll","size":151552},{"addr":140725912731648,"name":"windows.storage.dll","size":9543680},{"addr":140725947334656,"name":"wintypes.dll","size":1306624},{"addr":140725994127360,"name":"SHCORE.dll","size":1064960},{"addr":140725969092608,"name":"shlwapi.dll","size":430080},{"addr":140725969616896,"name":"msvcrt.dll","size":684032},{"addr":140725930426368,"name":"kernel.appcore.dll","size":98304},{"addr":140725525479424,"name":"daxexec.dll","size":1122304},{"addr":140725964505088,"name":"OLEAUT32.dll","size":884736},{"addr":140725936521216,"name":"USERENV.dll","size":163840},{"addr":140725525151744,"name":"container.dll","size":278528},{"addr":140725958279168,"name":"bcryptPrimitives.dll","size":503808},{"addr":140725971451904,"name":"clbcatq.dll","size":720896},{"addr":140725657141248,"name":"Windows.StateRepositoryPS.dll","size":962560},{"addr":140725569388544,"name":"AppXAllUserStore.dll","size":462848},{"addr":140725797453824,"name":"windows.staterepositoryclient.dll","size":249856},{"addr":140725797715968,"name":"windows.staterepositorycore.dll","size":106496},{"addr":140725505753088,"name":"capauthz.dll","size":393216},{"addr":140725966209024,"name":"advapi32.dll","size":724992},{"addr":140725931540480,"name":"ntmarta.dll","size":212992}],"func":"loaded_dll","id":46,"pid":9228,"time":134214927020490680,"trace_id":41,"type":"process_query"},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972735712,"event":"KERNEL_THREATINT_TASK_READVM","id":47,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174524,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972736175,"event":"KERNEL_THREATINT_TASK_READVM","id":48,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174565,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":65536,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972736468,"event":"KERNEL_THREATINT_TASK_READVM","id":49,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972736601,"event":"KERNEL_THREATINT_TASK_READVM","id":50,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775920,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972736726,"event":"KERNEL_THREATINT_TASK_READVM","id":51,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197777440,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972736826,"event":"KERNEL_THREATINT_TASK_READVM","id":52,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197806816,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972736925,"event":"KERNEL_THREATINT_TASK_READVM","id":53,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809696,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972737023,"event":"KERNEL_THREATINT_TASK_READVM","id":54,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197816752,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972737135,"event":"KERNEL_THREATINT_TASK_READVM","id":55,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817792,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972737232,"event":"KERNEL_THREATINT_TASK_READVM","id":56,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197818432,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972737732,"event":"KERNEL_THREATINT_TASK_READVM","id":57,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197819504,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972737830,"event":"KERNEL_THREATINT_TASK_READVM","id":58,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197821056,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972737939,"event":"KERNEL_THREATINT_TASK_READVM","id":59,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197820400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972738034,"event":"KERNEL_THREATINT_TASK_READVM","id":60,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197853136,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972738127,"event":"KERNEL_THREATINT_TASK_READVM","id":61,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972738225,"event":"KERNEL_THREATINT_TASK_READVM","id":62,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197856976,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972738331,"event":"KERNEL_THREATINT_TASK_READVM","id":63,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972738427,"event":"KERNEL_THREATINT_TASK_READVM","id":64,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866992,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972738525,"event":"KERNEL_THREATINT_TASK_READVM","id":65,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865392,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972738626,"event":"KERNEL_THREATINT_TASK_READVM","id":66,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865712,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972738759,"event":"KERNEL_THREATINT_TASK_READVM","id":67,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868272,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972738860,"event":"KERNEL_THREATINT_TASK_READVM","id":68,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867312,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972738958,"event":"KERNEL_THREATINT_TASK_READVM","id":69,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866352,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972739055,"event":"KERNEL_THREATINT_TASK_READVM","id":70,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867632,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972739153,"event":"KERNEL_THREATINT_TASK_READVM","id":71,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868912,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972739249,"event":"KERNEL_THREATINT_TASK_READVM","id":72,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868592,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972739341,"event":"KERNEL_THREATINT_TASK_READVM","id":73,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866672,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972739432,"event":"KERNEL_THREATINT_TASK_READVM","id":74,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198054400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972739550,"event":"KERNEL_THREATINT_TASK_READVM","id":75,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972739644,"event":"KERNEL_THREATINT_TASK_READVM","id":76,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051840,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972739749,"event":"KERNEL_THREATINT_TASK_READVM","id":77,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198050560,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972739844,"event":"KERNEL_THREATINT_TASK_READVM","id":78,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198048000,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972739947,"event":"KERNEL_THREATINT_TASK_READVM","id":79,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890225,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972740078,"event":"KERNEL_THREATINT_TASK_READVM","id":80,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890267,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972740227,"event":"KERNEL_THREATINT_TASK_READVM","id":81,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890267,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":65536,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972740331,"event":"KERNEL_THREATINT_TASK_READVM","id":82,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225890267,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":140696170725376,"bytescopied":264,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972740903,"event":"KERNEL_THREATINT_TASK_READVM","id":83,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225890531,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":21},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":32}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170725624,"bytescopied":264,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972741069,"event":"KERNEL_THREATINT_TASK_READVM","id":84,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225890636,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":21},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":32}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170725888,"bytescopied":280,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972741236,"event":"KERNEL_THREATINT_TASK_READVM","id":85,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225891119,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226270207,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227566815,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":21},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":22},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":23},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":32}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170725376,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972742114,"event":"KERNEL_THREATINT_TASK_READVM","id":86,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226851698,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724227566988,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724227565745,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724227577809,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":24},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":34},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":35}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170897408,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972751152,"event":"KERNEL_THREATINT_TASK_READVM","id":87,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226849522,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724226853924,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226851158,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226679111,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":34},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":35},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":36}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170868736,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972775669,"event":"KERNEL_THREATINT_TASK_READVM","id":88,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724229620414,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724229610227,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":34},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":35},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":36},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":37},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":38}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170733568,"bytescopied":8192,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972776580,"event":"KERNEL_THREATINT_TASK_READVM","id":89,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226196649,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724229610709,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":34},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":35},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":36},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":37},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":38}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170893312,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972779129,"event":"KERNEL_THREATINT_TASK_READVM","id":90,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226196649,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724226195012,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226192680,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724227591717,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724228200540,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724227233620,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724227223106,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724229610871,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":30},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":31},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":32},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":34},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":35},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":36},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":37},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":38},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":39},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":40},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":41},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":42},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":43},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":44}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170823680,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972779758,"event":"KERNEL_THREATINT_TASK_READVM","id":91,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226196649,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724228421112,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226541065,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226823197,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724227077828,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229610896,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":30},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":34},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":35},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":36},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":37},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":38},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":39},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":40},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":41},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":42}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170729472,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972784042,"event":"KERNEL_THREATINT_TASK_READVM","id":92,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226879334,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724226879081,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226057046,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226056701,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226053543,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724232657409,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724232657151,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724232657019,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724229617427,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":30},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":31},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":32},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":33},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":34},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":35},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":36},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":37},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":38},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":39},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":40},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":41},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":42},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":43},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":44},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":45}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170872832,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972784422,"event":"KERNEL_THREATINT_TASK_READVM","id":93,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226196649,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724229679418,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226061609,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724227103420,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724227103023,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724227102605,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724229617427,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":30},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":31},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":34},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":35},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":36},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":37},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":38},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":39},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":40},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":41},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":42},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":43}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170881024,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972784651,"event":"KERNEL_THREATINT_TASK_READVM","id":94,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226196649,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724229679418,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226061609,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724227103420,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724227103023,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724227102605,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724229617427,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":30},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":31},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":34},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":35},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":36},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":37},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":38},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":39},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":40},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":41},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":42},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":43}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170860544,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972788099,"event":"KERNEL_THREATINT_TASK_READVM","id":95,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226196649,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724228421112,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226541065,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226823197,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724232755089,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724229617427,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":30},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":34},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":35},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":36},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":37},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":38},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":39},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":40},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":41},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":42}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170827776,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972801303,"event":"KERNEL_THREATINT_TASK_READVM","id":96,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226196649,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724228421112,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226536532,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226540206,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226823197,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724226006026,"addr_info":"NOT_IMAGE","idx":12},{"addr":2368880985288,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226468353,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724225739593,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724225742731,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724225746235,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226675536,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226674335,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229621659,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724229617427,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":30},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":31},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":32},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":33},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":34},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":35},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":36},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":37},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":38},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":39},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":40},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":41},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":42},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":43},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":44},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":45},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":46},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":47},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":48},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":49},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":50},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":51}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170876928,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972801790,"event":"KERNEL_THREATINT_TASK_READVM","id":97,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226196649,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724228421112,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226536532,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226540206,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226823197,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724226006026,"addr_info":"NOT_IMAGE","idx":12},{"addr":2368880985288,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226468353,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724225739593,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724225742731,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724225746235,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226675536,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226674335,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229621659,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724229617427,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":30},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":31},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":32},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":33},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":34},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":35},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":36},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":37},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":38},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":39},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":40},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":41},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":42},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":43},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":44},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":45},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":46},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":47},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":48},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":49},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":50},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":51}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170889216,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972802097,"event":"KERNEL_THREATINT_TASK_READVM","id":98,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226196649,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724228421112,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226541065,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226823197,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226006026,"addr_info":"NOT_IMAGE","idx":11},{"addr":2368880985288,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226468353,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724225739593,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724225742731,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724225746235,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724226675536,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226674335,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724229621659,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229617427,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":30},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":31},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":32},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":33},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":34},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":35},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":36},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":37},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":38},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":39},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":40},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":41},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":42},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":43},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":44},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":45},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":46},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":47},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":48},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":49},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":50}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":140696170856448,"bytescopied":4096,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214927014965059,"callingthreadid":5072,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":5072,"etw_time":134215250972803228,"event":"KERNEL_THREATINT_TASK_READVM","id":99,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724228801160,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724226201940,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724226198608,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724226197649,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724226197142,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724226196649,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724228421112,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226541065,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226823197,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724231073432,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724226829068,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226445981,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226436483,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724225745658,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226675536,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724226674335,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724229621659,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724229617427,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724229604448,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226693380,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724226686938,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724226679365,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227577973,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227571094,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724226237742,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724228918165,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229697689,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724230369825,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724230374022,"addr_info":"NOT_IMAGE","idx":30},{"addr":140724230370332,"addr_info":"NOT_IMAGE","idx":31},{"addr":140724228649839,"addr_info":"NOT_IMAGE","idx":32},{"addr":140724236702686,"addr_info":"NOT_IMAGE","idx":33},{"addr":140724236694406,"addr_info":"NOT_IMAGE","idx":34},{"addr":140724230707877,"addr_info":"NOT_IMAGE","idx":35},{"addr":140724229699681,"addr_info":"NOT_IMAGE","idx":36},{"addr":140724230656044,"addr_info":"NOT_IMAGE","idx":37},{"addr":140724230652164,"addr_info":"NOT_IMAGE","idx":38},{"addr":140725757993877,"addr_info":"NOT_IMAGE","idx":39},{"addr":140725758290750,"addr_info":"NOT_IMAGE","idx":40},{"addr":140725759004826,"addr_info":"NOT_IMAGE","idx":41},{"addr":140725759004467,"addr_info":"NOT_IMAGE","idx":42},{"addr":140725759220381,"addr_info":"NOT_IMAGE","idx":43},{"addr":140725756083864,"addr_info":"NOT_IMAGE","idx":44},{"addr":140725756083587,"addr_info":"NOT_IMAGE","idx":45},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":46},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":47},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":48},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":49}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140696170725376,"vavadallocationprotect":128,"vavadcommitsize":16384,"vavadmmfname":"\\Device\\HarddiskVolume3\\RedEdr\\redtest.exe","vavadqueryresult":0,"vavadregionsize":176128,"vavadregiontype":16777216},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896739274,"event":"KERNEL_THREATINT_TASK_READVM","id":100,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174524,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896739514,"event":"KERNEL_THREATINT_TASK_READVM","id":101,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174565,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896739632,"event":"KERNEL_THREATINT_TASK_READVM","id":102,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896739727,"event":"KERNEL_THREATINT_TASK_READVM","id":103,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775920,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896739813,"event":"KERNEL_THREATINT_TASK_READVM","id":104,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197777440,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896739899,"event":"KERNEL_THREATINT_TASK_READVM","id":105,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197806816,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896739984,"event":"KERNEL_THREATINT_TASK_READVM","id":106,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809696,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740067,"event":"KERNEL_THREATINT_TASK_READVM","id":107,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197816752,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740151,"event":"KERNEL_THREATINT_TASK_READVM","id":108,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817792,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740233,"event":"KERNEL_THREATINT_TASK_READVM","id":109,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197818432,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740314,"event":"KERNEL_THREATINT_TASK_READVM","id":110,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197819504,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740395,"event":"KERNEL_THREATINT_TASK_READVM","id":111,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197821056,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740477,"event":"KERNEL_THREATINT_TASK_READVM","id":112,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197820400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740559,"event":"KERNEL_THREATINT_TASK_READVM","id":113,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197853136,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740641,"event":"KERNEL_THREATINT_TASK_READVM","id":114,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740722,"event":"KERNEL_THREATINT_TASK_READVM","id":115,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197856976,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740805,"event":"KERNEL_THREATINT_TASK_READVM","id":116,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740886,"event":"KERNEL_THREATINT_TASK_READVM","id":117,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866992,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896740968,"event":"KERNEL_THREATINT_TASK_READVM","id":118,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865392,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741050,"event":"KERNEL_THREATINT_TASK_READVM","id":119,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865712,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741132,"event":"KERNEL_THREATINT_TASK_READVM","id":120,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868272,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741213,"event":"KERNEL_THREATINT_TASK_READVM","id":121,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867312,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741294,"event":"KERNEL_THREATINT_TASK_READVM","id":122,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866352,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741376,"event":"KERNEL_THREATINT_TASK_READVM","id":123,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867632,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741458,"event":"KERNEL_THREATINT_TASK_READVM","id":124,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868912,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741540,"event":"KERNEL_THREATINT_TASK_READVM","id":125,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868592,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741620,"event":"KERNEL_THREATINT_TASK_READVM","id":126,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866672,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741700,"event":"KERNEL_THREATINT_TASK_READVM","id":127,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198054400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741784,"event":"KERNEL_THREATINT_TASK_READVM","id":128,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741865,"event":"KERNEL_THREATINT_TASK_READVM","id":129,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051840,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896741946,"event":"KERNEL_THREATINT_TASK_READVM","id":130,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198050560,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896742031,"event":"KERNEL_THREATINT_TASK_READVM","id":131,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198048000,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896742112,"event":"KERNEL_THREATINT_TASK_READVM","id":132,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896742215,"event":"KERNEL_THREATINT_TASK_READVM","id":133,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174524,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896742344,"event":"KERNEL_THREATINT_TASK_READVM","id":134,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174565,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896742435,"event":"KERNEL_THREATINT_TASK_READVM","id":135,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896742519,"event":"KERNEL_THREATINT_TASK_READVM","id":136,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775920,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896742600,"event":"KERNEL_THREATINT_TASK_READVM","id":137,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197777440,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896742682,"event":"KERNEL_THREATINT_TASK_READVM","id":138,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197806816,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896742764,"event":"KERNEL_THREATINT_TASK_READVM","id":139,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809696,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896742844,"event":"KERNEL_THREATINT_TASK_READVM","id":140,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197816752,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896742925,"event":"KERNEL_THREATINT_TASK_READVM","id":141,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817792,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743009,"event":"KERNEL_THREATINT_TASK_READVM","id":142,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197818432,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743090,"event":"KERNEL_THREATINT_TASK_READVM","id":143,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197819504,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743171,"event":"KERNEL_THREATINT_TASK_READVM","id":144,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197821056,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743253,"event":"KERNEL_THREATINT_TASK_READVM","id":145,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197820400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743335,"event":"KERNEL_THREATINT_TASK_READVM","id":146,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197853136,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743416,"event":"KERNEL_THREATINT_TASK_READVM","id":147,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743496,"event":"KERNEL_THREATINT_TASK_READVM","id":148,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197856976,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743578,"event":"KERNEL_THREATINT_TASK_READVM","id":149,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743660,"event":"KERNEL_THREATINT_TASK_READVM","id":150,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866992,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743742,"event":"KERNEL_THREATINT_TASK_READVM","id":151,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865392,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743822,"event":"KERNEL_THREATINT_TASK_READVM","id":152,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865712,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743904,"event":"KERNEL_THREATINT_TASK_READVM","id":153,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868272,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896743986,"event":"KERNEL_THREATINT_TASK_READVM","id":154,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867312,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744066,"event":"KERNEL_THREATINT_TASK_READVM","id":155,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866352,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744148,"event":"KERNEL_THREATINT_TASK_READVM","id":156,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867632,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744230,"event":"KERNEL_THREATINT_TASK_READVM","id":157,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868912,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744311,"event":"KERNEL_THREATINT_TASK_READVM","id":158,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868592,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744392,"event":"KERNEL_THREATINT_TASK_READVM","id":159,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866672,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744472,"event":"KERNEL_THREATINT_TASK_READVM","id":160,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198054400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744554,"event":"KERNEL_THREATINT_TASK_READVM","id":161,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744636,"event":"KERNEL_THREATINT_TASK_READVM","id":162,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051840,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744717,"event":"KERNEL_THREATINT_TASK_READVM","id":163,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198050560,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744797,"event":"KERNEL_THREATINT_TASK_READVM","id":164,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198048000,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744878,"event":"KERNEL_THREATINT_TASK_READVM","id":165,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896744990,"event":"KERNEL_THREATINT_TASK_READVM","id":166,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896745111,"event":"KERNEL_THREATINT_TASK_READVM","id":167,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896745198,"event":"KERNEL_THREATINT_TASK_READVM","id":168,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775204,"bytescopied":24,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896745281,"event":"KERNEL_THREATINT_TASK_READVM","id":169,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174255,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896745372,"event":"KERNEL_THREATINT_TASK_READVM","id":170,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896745487,"event":"KERNEL_THREATINT_TASK_READVM","id":171,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896745574,"event":"KERNEL_THREATINT_TASK_READVM","id":172,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896745656,"event":"KERNEL_THREATINT_TASK_READVM","id":173,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":140725997860336,"bytescopied":20,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896745773,"event":"KERNEL_THREATINT_TASK_READVM","id":174,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174255,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896745869,"event":"KERNEL_THREATINT_TASK_READVM","id":175,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896745985,"event":"KERNEL_THREATINT_TASK_READVM","id":176,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896746072,"event":"KERNEL_THREATINT_TASK_READVM","id":177,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896746155,"event":"KERNEL_THREATINT_TASK_READVM","id":178,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197749584,"bytescopied":60,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896746237,"event":"KERNEL_THREATINT_TASK_READVM","id":179,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175102,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":32}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896746328,"event":"KERNEL_THREATINT_TASK_READVM","id":180,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896746446,"event":"KERNEL_THREATINT_TASK_READVM","id":181,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896746534,"event":"KERNEL_THREATINT_TASK_READVM","id":182,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896746615,"event":"KERNEL_THREATINT_TASK_READVM","id":183,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":140725996552192,"bytescopied":64,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896746785,"event":"KERNEL_THREATINT_TASK_READVM","id":184,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237527,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725996552432,"bytescopied":264,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896746912,"event":"KERNEL_THREATINT_TASK_READVM","id":185,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237610,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998046400,"bytescopied":40,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896747029,"event":"KERNEL_THREATINT_TASK_READVM","id":186,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237709,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998061380,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896747147,"event":"KERNEL_THREATINT_TASK_READVM","id":187,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998099742,"bytescopied":13,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896747263,"event":"KERNEL_THREATINT_TASK_READVM","id":188,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998058888,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896747380,"event":"KERNEL_THREATINT_TASK_READVM","id":189,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998084956,"bytescopied":13,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896747495,"event":"KERNEL_THREATINT_TASK_READVM","id":190,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998060132,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896747613,"event":"KERNEL_THREATINT_TASK_READVM","id":191,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998091979,"bytescopied":13,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896747728,"event":"KERNEL_THREATINT_TASK_READVM","id":192,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998059508,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896747844,"event":"KERNEL_THREATINT_TASK_READVM","id":193,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998088317,"bytescopied":13,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896747959,"event":"KERNEL_THREATINT_TASK_READVM","id":194,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998059196,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896748075,"event":"KERNEL_THREATINT_TASK_READVM","id":195,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998086435,"bytescopied":13,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896748188,"event":"KERNEL_THREATINT_TASK_READVM","id":196,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998059040,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896748304,"event":"KERNEL_THREATINT_TASK_READVM","id":197,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998085636,"bytescopied":13,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896748420,"event":"KERNEL_THREATINT_TASK_READVM","id":198,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998058964,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896748536,"event":"KERNEL_THREATINT_TASK_READVM","id":199,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998085322,"bytescopied":13,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896748651,"event":"KERNEL_THREATINT_TASK_READVM","id":200,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998059000,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896748767,"event":"KERNEL_THREATINT_TASK_READVM","id":201,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998085482,"bytescopied":13,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896748881,"event":"KERNEL_THREATINT_TASK_READVM","id":202,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998059020,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896748997,"event":"KERNEL_THREATINT_TASK_READVM","id":203,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998085562,"bytescopied":13,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896749112,"event":"KERNEL_THREATINT_TASK_READVM","id":204,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998059008,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896749228,"event":"KERNEL_THREATINT_TASK_READVM","id":205,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998085510,"bytescopied":13,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896749345,"event":"KERNEL_THREATINT_TASK_READVM","id":206,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998059004,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896749460,"event":"KERNEL_THREATINT_TASK_READVM","id":207,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998085497,"bytescopied":13,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896749574,"event":"KERNEL_THREATINT_TASK_READVM","id":208,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998067664,"bytescopied":2,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896749691,"event":"KERNEL_THREATINT_TASK_READVM","id":209,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238297,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998049044,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896749805,"event":"KERNEL_THREATINT_TASK_READVM","id":210,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238365,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725997214112,"bytescopied":256,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896750156,"event":"KERNEL_THREATINT_TASK_READVM","id":211,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227241337,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724227246865,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896752192,"event":"KERNEL_THREATINT_TASK_READVM","id":212,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174524,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896752346,"event":"KERNEL_THREATINT_TASK_READVM","id":213,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174565,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896752444,"event":"KERNEL_THREATINT_TASK_READVM","id":214,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896752587,"event":"KERNEL_THREATINT_TASK_READVM","id":215,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775920,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896752680,"event":"KERNEL_THREATINT_TASK_READVM","id":216,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197777440,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896752764,"event":"KERNEL_THREATINT_TASK_READVM","id":217,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197806816,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896752846,"event":"KERNEL_THREATINT_TASK_READVM","id":218,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809696,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896752929,"event":"KERNEL_THREATINT_TASK_READVM","id":219,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197816752,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896753010,"event":"KERNEL_THREATINT_TASK_READVM","id":220,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817792,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896753092,"event":"KERNEL_THREATINT_TASK_READVM","id":221,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197818432,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896753174,"event":"KERNEL_THREATINT_TASK_READVM","id":222,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197819504,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896753257,"event":"KERNEL_THREATINT_TASK_READVM","id":223,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197821056,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896753338,"event":"KERNEL_THREATINT_TASK_READVM","id":224,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197820400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896753421,"event":"KERNEL_THREATINT_TASK_READVM","id":225,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197853136,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896753502,"event":"KERNEL_THREATINT_TASK_READVM","id":226,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896753583,"event":"KERNEL_THREATINT_TASK_READVM","id":227,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197856976,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896753664,"event":"KERNEL_THREATINT_TASK_READVM","id":228,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896753805,"event":"KERNEL_THREATINT_TASK_READVM","id":229,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866992,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896754179,"event":"KERNEL_THREATINT_TASK_READVM","id":230,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865392,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896754418,"event":"KERNEL_THREATINT_TASK_READVM","id":231,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865712,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896754691,"event":"KERNEL_THREATINT_TASK_READVM","id":232,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868272,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896754848,"event":"KERNEL_THREATINT_TASK_READVM","id":233,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867312,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896754995,"event":"KERNEL_THREATINT_TASK_READVM","id":234,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866352,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896755135,"event":"KERNEL_THREATINT_TASK_READVM","id":235,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867632,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896755271,"event":"KERNEL_THREATINT_TASK_READVM","id":236,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868912,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896755408,"event":"KERNEL_THREATINT_TASK_READVM","id":237,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868592,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896755545,"event":"KERNEL_THREATINT_TASK_READVM","id":238,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866672,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896755685,"event":"KERNEL_THREATINT_TASK_READVM","id":239,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198054400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896755824,"event":"KERNEL_THREATINT_TASK_READVM","id":240,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896755963,"event":"KERNEL_THREATINT_TASK_READVM","id":241,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051840,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896756098,"event":"KERNEL_THREATINT_TASK_READVM","id":242,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198050560,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896756235,"event":"KERNEL_THREATINT_TASK_READVM","id":243,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198048000,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896756371,"event":"KERNEL_THREATINT_TASK_READVM","id":244,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896756540,"event":"KERNEL_THREATINT_TASK_READVM","id":245,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174524,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896756782,"event":"KERNEL_THREATINT_TASK_READVM","id":246,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174565,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896756928,"event":"KERNEL_THREATINT_TASK_READVM","id":247,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896757071,"event":"KERNEL_THREATINT_TASK_READVM","id":248,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775920,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896757210,"event":"KERNEL_THREATINT_TASK_READVM","id":249,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197777440,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896757347,"event":"KERNEL_THREATINT_TASK_READVM","id":250,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197806816,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896757487,"event":"KERNEL_THREATINT_TASK_READVM","id":251,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809696,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896757624,"event":"KERNEL_THREATINT_TASK_READVM","id":252,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197816752,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896757763,"event":"KERNEL_THREATINT_TASK_READVM","id":253,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817792,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896757901,"event":"KERNEL_THREATINT_TASK_READVM","id":254,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197818432,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896758040,"event":"KERNEL_THREATINT_TASK_READVM","id":255,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197819504,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896758175,"event":"KERNEL_THREATINT_TASK_READVM","id":256,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197821056,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896758312,"event":"KERNEL_THREATINT_TASK_READVM","id":257,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197820400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896758451,"event":"KERNEL_THREATINT_TASK_READVM","id":258,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197853136,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896758587,"event":"KERNEL_THREATINT_TASK_READVM","id":259,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896758723,"event":"KERNEL_THREATINT_TASK_READVM","id":260,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197856976,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896758861,"event":"KERNEL_THREATINT_TASK_READVM","id":261,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896758998,"event":"KERNEL_THREATINT_TASK_READVM","id":262,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866992,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896759134,"event":"KERNEL_THREATINT_TASK_READVM","id":263,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865392,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896759269,"event":"KERNEL_THREATINT_TASK_READVM","id":264,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865712,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896759404,"event":"KERNEL_THREATINT_TASK_READVM","id":265,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868272,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896759542,"event":"KERNEL_THREATINT_TASK_READVM","id":266,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867312,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896759677,"event":"KERNEL_THREATINT_TASK_READVM","id":267,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866352,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896759813,"event":"KERNEL_THREATINT_TASK_READVM","id":268,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867632,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896759951,"event":"KERNEL_THREATINT_TASK_READVM","id":269,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868912,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896760088,"event":"KERNEL_THREATINT_TASK_READVM","id":270,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868592,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896760222,"event":"KERNEL_THREATINT_TASK_READVM","id":271,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866672,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896760363,"event":"KERNEL_THREATINT_TASK_READVM","id":272,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198054400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896760500,"event":"KERNEL_THREATINT_TASK_READVM","id":273,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896760636,"event":"KERNEL_THREATINT_TASK_READVM","id":274,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051840,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896760773,"event":"KERNEL_THREATINT_TASK_READVM","id":275,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198050560,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896760914,"event":"KERNEL_THREATINT_TASK_READVM","id":276,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198048000,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896761053,"event":"KERNEL_THREATINT_TASK_READVM","id":277,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896761227,"event":"KERNEL_THREATINT_TASK_READVM","id":278,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896761436,"event":"KERNEL_THREATINT_TASK_READVM","id":279,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896761582,"event":"KERNEL_THREATINT_TASK_READVM","id":280,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775204,"bytescopied":24,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896761719,"event":"KERNEL_THREATINT_TASK_READVM","id":281,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174255,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896761871,"event":"KERNEL_THREATINT_TASK_READVM","id":282,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896762065,"event":"KERNEL_THREATINT_TASK_READVM","id":283,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896762208,"event":"KERNEL_THREATINT_TASK_READVM","id":284,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896762346,"event":"KERNEL_THREATINT_TASK_READVM","id":285,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":140725997860336,"bytescopied":20,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896762542,"event":"KERNEL_THREATINT_TASK_READVM","id":286,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174255,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896762701,"event":"KERNEL_THREATINT_TASK_READVM","id":287,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896762893,"event":"KERNEL_THREATINT_TASK_READVM","id":288,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896763038,"event":"KERNEL_THREATINT_TASK_READVM","id":289,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896763174,"event":"KERNEL_THREATINT_TASK_READVM","id":290,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197749584,"bytescopied":60,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896763313,"event":"KERNEL_THREATINT_TASK_READVM","id":291,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175102,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":32}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896763465,"event":"KERNEL_THREATINT_TASK_READVM","id":292,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896763660,"event":"KERNEL_THREATINT_TASK_READVM","id":293,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896763803,"event":"KERNEL_THREATINT_TASK_READVM","id":294,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896763941,"event":"KERNEL_THREATINT_TASK_READVM","id":295,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":140725996552192,"bytescopied":64,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896764187,"event":"KERNEL_THREATINT_TASK_READVM","id":296,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237527,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725996552432,"bytescopied":264,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896764385,"event":"KERNEL_THREATINT_TASK_READVM","id":297,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237610,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998046400,"bytescopied":40,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896764575,"event":"KERNEL_THREATINT_TASK_READVM","id":298,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237709,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998061380,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896764767,"event":"KERNEL_THREATINT_TASK_READVM","id":299,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998099742,"bytescopied":14,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896764957,"event":"KERNEL_THREATINT_TASK_READVM","id":300,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998058888,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896765154,"event":"KERNEL_THREATINT_TASK_READVM","id":301,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998084956,"bytescopied":14,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896765344,"event":"KERNEL_THREATINT_TASK_READVM","id":302,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998057644,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896765533,"event":"KERNEL_THREATINT_TASK_READVM","id":303,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998078415,"bytescopied":14,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896765722,"event":"KERNEL_THREATINT_TASK_READVM","id":304,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998057020,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896765913,"event":"KERNEL_THREATINT_TASK_READVM","id":305,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998075040,"bytescopied":14,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896766104,"event":"KERNEL_THREATINT_TASK_READVM","id":306,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056708,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896766297,"event":"KERNEL_THREATINT_TASK_READVM","id":307,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998073156,"bytescopied":14,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896766492,"event":"KERNEL_THREATINT_TASK_READVM","id":308,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056552,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896766685,"event":"KERNEL_THREATINT_TASK_READVM","id":309,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072299,"bytescopied":14,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896766876,"event":"KERNEL_THREATINT_TASK_READVM","id":310,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056628,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896767067,"event":"KERNEL_THREATINT_TASK_READVM","id":311,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072724,"bytescopied":14,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896767265,"event":"KERNEL_THREATINT_TASK_READVM","id":312,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056668,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896767461,"event":"KERNEL_THREATINT_TASK_READVM","id":313,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072922,"bytescopied":14,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896767649,"event":"KERNEL_THREATINT_TASK_READVM","id":314,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056648,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896767840,"event":"KERNEL_THREATINT_TASK_READVM","id":315,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072830,"bytescopied":14,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896768030,"event":"KERNEL_THREATINT_TASK_READVM","id":316,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056656,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896768226,"event":"KERNEL_THREATINT_TASK_READVM","id":317,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072863,"bytescopied":14,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896768418,"event":"KERNEL_THREATINT_TASK_READVM","id":318,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056652,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896768610,"event":"KERNEL_THREATINT_TASK_READVM","id":319,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072849,"bytescopied":14,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896768800,"event":"KERNEL_THREATINT_TASK_READVM","id":320,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998066488,"bytescopied":2,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896768993,"event":"KERNEL_THREATINT_TASK_READVM","id":321,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238297,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998046692,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896769184,"event":"KERNEL_THREATINT_TASK_READVM","id":322,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238365,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725996749056,"bytescopied":256,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896769760,"event":"KERNEL_THREATINT_TASK_READVM","id":323,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227241337,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724227246865,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896772984,"event":"KERNEL_THREATINT_TASK_READVM","id":324,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174524,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896773212,"event":"KERNEL_THREATINT_TASK_READVM","id":325,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174565,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896773364,"event":"KERNEL_THREATINT_TASK_READVM","id":326,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896773503,"event":"KERNEL_THREATINT_TASK_READVM","id":327,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775920,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896773643,"event":"KERNEL_THREATINT_TASK_READVM","id":328,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197777440,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896773780,"event":"KERNEL_THREATINT_TASK_READVM","id":329,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197806816,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896773920,"event":"KERNEL_THREATINT_TASK_READVM","id":330,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809696,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896774060,"event":"KERNEL_THREATINT_TASK_READVM","id":331,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197816752,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896774200,"event":"KERNEL_THREATINT_TASK_READVM","id":332,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817792,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896774339,"event":"KERNEL_THREATINT_TASK_READVM","id":333,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197818432,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896774538,"event":"KERNEL_THREATINT_TASK_READVM","id":334,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197819504,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896774686,"event":"KERNEL_THREATINT_TASK_READVM","id":335,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197821056,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896774824,"event":"KERNEL_THREATINT_TASK_READVM","id":336,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197820400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896774964,"event":"KERNEL_THREATINT_TASK_READVM","id":337,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197853136,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896775103,"event":"KERNEL_THREATINT_TASK_READVM","id":338,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896775241,"event":"KERNEL_THREATINT_TASK_READVM","id":339,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197856976,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896775379,"event":"KERNEL_THREATINT_TASK_READVM","id":340,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896775519,"event":"KERNEL_THREATINT_TASK_READVM","id":341,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866992,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896775656,"event":"KERNEL_THREATINT_TASK_READVM","id":342,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865392,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896775791,"event":"KERNEL_THREATINT_TASK_READVM","id":343,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865712,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896775929,"event":"KERNEL_THREATINT_TASK_READVM","id":344,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868272,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896776064,"event":"KERNEL_THREATINT_TASK_READVM","id":345,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867312,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896776203,"event":"KERNEL_THREATINT_TASK_READVM","id":346,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866352,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896776340,"event":"KERNEL_THREATINT_TASK_READVM","id":347,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867632,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896776477,"event":"KERNEL_THREATINT_TASK_READVM","id":348,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868912,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896776615,"event":"KERNEL_THREATINT_TASK_READVM","id":349,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868592,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896776752,"event":"KERNEL_THREATINT_TASK_READVM","id":350,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866672,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896776889,"event":"KERNEL_THREATINT_TASK_READVM","id":351,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198054400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896777026,"event":"KERNEL_THREATINT_TASK_READVM","id":352,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896777162,"event":"KERNEL_THREATINT_TASK_READVM","id":353,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051840,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896777300,"event":"KERNEL_THREATINT_TASK_READVM","id":354,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198050560,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896777436,"event":"KERNEL_THREATINT_TASK_READVM","id":355,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198048000,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896777570,"event":"KERNEL_THREATINT_TASK_READVM","id":356,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896777730,"event":"KERNEL_THREATINT_TASK_READVM","id":357,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174524,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896777932,"event":"KERNEL_THREATINT_TASK_READVM","id":358,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174565,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896778078,"event":"KERNEL_THREATINT_TASK_READVM","id":359,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896778217,"event":"KERNEL_THREATINT_TASK_READVM","id":360,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775920,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896778354,"event":"KERNEL_THREATINT_TASK_READVM","id":361,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197777440,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896778493,"event":"KERNEL_THREATINT_TASK_READVM","id":362,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197806816,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896778633,"event":"KERNEL_THREATINT_TASK_READVM","id":363,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809696,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896778769,"event":"KERNEL_THREATINT_TASK_READVM","id":364,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197816752,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896778909,"event":"KERNEL_THREATINT_TASK_READVM","id":365,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817792,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896779049,"event":"KERNEL_THREATINT_TASK_READVM","id":366,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197818432,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896779187,"event":"KERNEL_THREATINT_TASK_READVM","id":367,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197819504,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896779322,"event":"KERNEL_THREATINT_TASK_READVM","id":368,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197821056,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896779462,"event":"KERNEL_THREATINT_TASK_READVM","id":369,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197820400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896779600,"event":"KERNEL_THREATINT_TASK_READVM","id":370,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197853136,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896779738,"event":"KERNEL_THREATINT_TASK_READVM","id":371,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896779876,"event":"KERNEL_THREATINT_TASK_READVM","id":372,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197856976,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896780013,"event":"KERNEL_THREATINT_TASK_READVM","id":373,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896780154,"event":"KERNEL_THREATINT_TASK_READVM","id":374,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866992,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896780292,"event":"KERNEL_THREATINT_TASK_READVM","id":375,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865392,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896780429,"event":"KERNEL_THREATINT_TASK_READVM","id":376,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865712,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896780568,"event":"KERNEL_THREATINT_TASK_READVM","id":377,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868272,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896780705,"event":"KERNEL_THREATINT_TASK_READVM","id":378,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867312,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896780842,"event":"KERNEL_THREATINT_TASK_READVM","id":379,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866352,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896780982,"event":"KERNEL_THREATINT_TASK_READVM","id":380,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867632,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896781124,"event":"KERNEL_THREATINT_TASK_READVM","id":381,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868912,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896781260,"event":"KERNEL_THREATINT_TASK_READVM","id":382,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868592,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896781399,"event":"KERNEL_THREATINT_TASK_READVM","id":383,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866672,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896781534,"event":"KERNEL_THREATINT_TASK_READVM","id":384,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198054400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896781673,"event":"KERNEL_THREATINT_TASK_READVM","id":385,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896781810,"event":"KERNEL_THREATINT_TASK_READVM","id":386,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051840,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896781947,"event":"KERNEL_THREATINT_TASK_READVM","id":387,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198050560,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896782085,"event":"KERNEL_THREATINT_TASK_READVM","id":388,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198048000,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896782272,"event":"KERNEL_THREATINT_TASK_READVM","id":389,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896782453,"event":"KERNEL_THREATINT_TASK_READVM","id":390,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896782652,"event":"KERNEL_THREATINT_TASK_READVM","id":391,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896782796,"event":"KERNEL_THREATINT_TASK_READVM","id":392,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775204,"bytescopied":24,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896782938,"event":"KERNEL_THREATINT_TASK_READVM","id":393,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174255,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896783092,"event":"KERNEL_THREATINT_TASK_READVM","id":394,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896783287,"event":"KERNEL_THREATINT_TASK_READVM","id":395,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896783434,"event":"KERNEL_THREATINT_TASK_READVM","id":396,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896783571,"event":"KERNEL_THREATINT_TASK_READVM","id":397,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":140725997860336,"bytescopied":20,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896783763,"event":"KERNEL_THREATINT_TASK_READVM","id":398,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174255,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896783918,"event":"KERNEL_THREATINT_TASK_READVM","id":399,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896784112,"event":"KERNEL_THREATINT_TASK_READVM","id":400,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896784255,"event":"KERNEL_THREATINT_TASK_READVM","id":401,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896784390,"event":"KERNEL_THREATINT_TASK_READVM","id":402,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197749584,"bytescopied":60,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896784533,"event":"KERNEL_THREATINT_TASK_READVM","id":403,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175102,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":32}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896784679,"event":"KERNEL_THREATINT_TASK_READVM","id":404,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896784872,"event":"KERNEL_THREATINT_TASK_READVM","id":405,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896785015,"event":"KERNEL_THREATINT_TASK_READVM","id":406,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896785151,"event":"KERNEL_THREATINT_TASK_READVM","id":407,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":140725996552192,"bytescopied":64,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896786513,"event":"KERNEL_THREATINT_TASK_READVM","id":408,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237527,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725996552432,"bytescopied":264,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896786741,"event":"KERNEL_THREATINT_TASK_READVM","id":409,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237610,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998046400,"bytescopied":40,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896787165,"event":"KERNEL_THREATINT_TASK_READVM","id":410,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237709,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998061380,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896787377,"event":"KERNEL_THREATINT_TASK_READVM","id":411,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998099742,"bytescopied":16,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896787550,"event":"KERNEL_THREATINT_TASK_READVM","id":412,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998058888,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896787714,"event":"KERNEL_THREATINT_TASK_READVM","id":413,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998084956,"bytescopied":16,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896787869,"event":"KERNEL_THREATINT_TASK_READVM","id":414,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998057644,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896788025,"event":"KERNEL_THREATINT_TASK_READVM","id":415,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998078415,"bytescopied":16,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896788176,"event":"KERNEL_THREATINT_TASK_READVM","id":416,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998057020,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896788329,"event":"KERNEL_THREATINT_TASK_READVM","id":417,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998075040,"bytescopied":16,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896788486,"event":"KERNEL_THREATINT_TASK_READVM","id":418,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056708,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896788639,"event":"KERNEL_THREATINT_TASK_READVM","id":419,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998073156,"bytescopied":16,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896788791,"event":"KERNEL_THREATINT_TASK_READVM","id":420,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056552,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896788943,"event":"KERNEL_THREATINT_TASK_READVM","id":421,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072299,"bytescopied":16,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896789094,"event":"KERNEL_THREATINT_TASK_READVM","id":422,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056628,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896789246,"event":"KERNEL_THREATINT_TASK_READVM","id":423,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072724,"bytescopied":16,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896789399,"event":"KERNEL_THREATINT_TASK_READVM","id":424,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056668,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896789552,"event":"KERNEL_THREATINT_TASK_READVM","id":425,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072922,"bytescopied":16,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896789701,"event":"KERNEL_THREATINT_TASK_READVM","id":426,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056648,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896789854,"event":"KERNEL_THREATINT_TASK_READVM","id":427,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072830,"bytescopied":16,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896790003,"event":"KERNEL_THREATINT_TASK_READVM","id":428,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056656,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896790155,"event":"KERNEL_THREATINT_TASK_READVM","id":429,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072863,"bytescopied":16,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896790305,"event":"KERNEL_THREATINT_TASK_READVM","id":430,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056660,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896790459,"event":"KERNEL_THREATINT_TASK_READVM","id":431,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072888,"bytescopied":16,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896790609,"event":"KERNEL_THREATINT_TASK_READVM","id":432,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998066492,"bytescopied":2,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896790763,"event":"KERNEL_THREATINT_TASK_READVM","id":433,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238297,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998046700,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896790912,"event":"KERNEL_THREATINT_TASK_READVM","id":434,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238365,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725997064032,"bytescopied":256,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896791340,"event":"KERNEL_THREATINT_TASK_READVM","id":435,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227241337,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724227246865,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896793655,"event":"KERNEL_THREATINT_TASK_READVM","id":436,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174524,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896793837,"event":"KERNEL_THREATINT_TASK_READVM","id":437,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174565,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896793961,"event":"KERNEL_THREATINT_TASK_READVM","id":438,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896794075,"event":"KERNEL_THREATINT_TASK_READVM","id":439,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775920,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896794185,"event":"KERNEL_THREATINT_TASK_READVM","id":440,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197777440,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896794293,"event":"KERNEL_THREATINT_TASK_READVM","id":441,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197806816,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896794402,"event":"KERNEL_THREATINT_TASK_READVM","id":442,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809696,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896794593,"event":"KERNEL_THREATINT_TASK_READVM","id":443,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197816752,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896794690,"event":"KERNEL_THREATINT_TASK_READVM","id":444,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817792,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896794773,"event":"KERNEL_THREATINT_TASK_READVM","id":445,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197818432,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896794856,"event":"KERNEL_THREATINT_TASK_READVM","id":446,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197819504,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896794942,"event":"KERNEL_THREATINT_TASK_READVM","id":447,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197821056,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795024,"event":"KERNEL_THREATINT_TASK_READVM","id":448,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197820400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795106,"event":"KERNEL_THREATINT_TASK_READVM","id":449,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197853136,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795189,"event":"KERNEL_THREATINT_TASK_READVM","id":450,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795271,"event":"KERNEL_THREATINT_TASK_READVM","id":451,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197856976,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795353,"event":"KERNEL_THREATINT_TASK_READVM","id":452,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795472,"event":"KERNEL_THREATINT_TASK_READVM","id":453,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866992,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795562,"event":"KERNEL_THREATINT_TASK_READVM","id":454,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865392,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795646,"event":"KERNEL_THREATINT_TASK_READVM","id":455,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865712,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795728,"event":"KERNEL_THREATINT_TASK_READVM","id":456,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868272,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795809,"event":"KERNEL_THREATINT_TASK_READVM","id":457,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867312,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795890,"event":"KERNEL_THREATINT_TASK_READVM","id":458,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866352,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896795971,"event":"KERNEL_THREATINT_TASK_READVM","id":459,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867632,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896796052,"event":"KERNEL_THREATINT_TASK_READVM","id":460,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868912,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896796134,"event":"KERNEL_THREATINT_TASK_READVM","id":461,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868592,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896796214,"event":"KERNEL_THREATINT_TASK_READVM","id":462,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866672,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896796295,"event":"KERNEL_THREATINT_TASK_READVM","id":463,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198054400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896796376,"event":"KERNEL_THREATINT_TASK_READVM","id":464,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896796457,"event":"KERNEL_THREATINT_TASK_READVM","id":465,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051840,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896796537,"event":"KERNEL_THREATINT_TASK_READVM","id":466,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198050560,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896796619,"event":"KERNEL_THREATINT_TASK_READVM","id":467,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198048000,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896796700,"event":"KERNEL_THREATINT_TASK_READVM","id":468,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239541,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896796800,"event":"KERNEL_THREATINT_TASK_READVM","id":469,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174524,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896796930,"event":"KERNEL_THREATINT_TASK_READVM","id":470,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174565,"addr_info":"NOT_IMAGE","idx":2},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":29},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":33},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":34}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797018,"event":"KERNEL_THREATINT_TASK_READVM","id":471,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797102,"event":"KERNEL_THREATINT_TASK_READVM","id":472,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775920,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797185,"event":"KERNEL_THREATINT_TASK_READVM","id":473,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197777440,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797267,"event":"KERNEL_THREATINT_TASK_READVM","id":474,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197806816,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797349,"event":"KERNEL_THREATINT_TASK_READVM","id":475,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809696,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797431,"event":"KERNEL_THREATINT_TASK_READVM","id":476,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197816752,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797513,"event":"KERNEL_THREATINT_TASK_READVM","id":477,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817792,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797594,"event":"KERNEL_THREATINT_TASK_READVM","id":478,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197818432,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797674,"event":"KERNEL_THREATINT_TASK_READVM","id":479,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197819504,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797755,"event":"KERNEL_THREATINT_TASK_READVM","id":480,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197821056,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797836,"event":"KERNEL_THREATINT_TASK_READVM","id":481,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197820400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797918,"event":"KERNEL_THREATINT_TASK_READVM","id":482,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197853136,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896797999,"event":"KERNEL_THREATINT_TASK_READVM","id":483,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197817200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798080,"event":"KERNEL_THREATINT_TASK_READVM","id":484,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197856976,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798161,"event":"KERNEL_THREATINT_TASK_READVM","id":485,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197809200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798243,"event":"KERNEL_THREATINT_TASK_READVM","id":486,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866992,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798325,"event":"KERNEL_THREATINT_TASK_READVM","id":487,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865392,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798407,"event":"KERNEL_THREATINT_TASK_READVM","id":488,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197865712,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798489,"event":"KERNEL_THREATINT_TASK_READVM","id":489,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868272,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798570,"event":"KERNEL_THREATINT_TASK_READVM","id":490,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867312,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798651,"event":"KERNEL_THREATINT_TASK_READVM","id":491,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866352,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798733,"event":"KERNEL_THREATINT_TASK_READVM","id":492,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197867632,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798816,"event":"KERNEL_THREATINT_TASK_READVM","id":493,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868912,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798898,"event":"KERNEL_THREATINT_TASK_READVM","id":494,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197868592,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896798980,"event":"KERNEL_THREATINT_TASK_READVM","id":495,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197866672,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896799062,"event":"KERNEL_THREATINT_TASK_READVM","id":496,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198054400,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896799143,"event":"KERNEL_THREATINT_TASK_READVM","id":497,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051200,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896799224,"event":"KERNEL_THREATINT_TASK_READVM","id":498,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198051840,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896799306,"event":"KERNEL_THREATINT_TASK_READVM","id":499,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198050560,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896799387,"event":"KERNEL_THREATINT_TASK_READVM","id":500,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846198048000,"bytescopied":312,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896799469,"event":"KERNEL_THREATINT_TASK_READVM","id":501,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174635,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174385,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191312,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239630,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896799575,"event":"KERNEL_THREATINT_TASK_READVM","id":502,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896799697,"event":"KERNEL_THREATINT_TASK_READVM","id":503,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896799786,"event":"KERNEL_THREATINT_TASK_READVM","id":504,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197775204,"bytescopied":24,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896799870,"event":"KERNEL_THREATINT_TASK_READVM","id":505,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174255,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896799962,"event":"KERNEL_THREATINT_TASK_READVM","id":506,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896800079,"event":"KERNEL_THREATINT_TASK_READVM","id":507,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896800166,"event":"KERNEL_THREATINT_TASK_READVM","id":508,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896800248,"event":"KERNEL_THREATINT_TASK_READVM","id":509,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174195,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":140725997860336,"bytescopied":20,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896800364,"event":"KERNEL_THREATINT_TASK_READVM","id":510,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951174901,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951174255,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191680,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239710,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896800460,"event":"KERNEL_THREATINT_TASK_READVM","id":511,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896800576,"event":"KERNEL_THREATINT_TASK_READVM","id":512,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896800662,"event":"KERNEL_THREATINT_TASK_READVM","id":513,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896800744,"event":"KERNEL_THREATINT_TASK_READVM","id":514,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175040,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197749584,"bytescopied":60,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896800826,"event":"KERNEL_THREATINT_TASK_READVM","id":515,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175102,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724235191808,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724227239775,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":32}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":644522078232,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896800916,"event":"KERNEL_THREATINT_TASK_READVM","id":516,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175712,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":644521918464,"vavadallocationprotect":4,"vavadcommitsize":53248,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":2097152,"vavadregiontype":131072},{"baseaddress":140725998154848,"bytescopied":8,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896801031,"event":"KERNEL_THREATINT_TASK_READVM","id":517,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175780,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":1846197756288,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896801118,"event":"KERNEL_THREATINT_TASK_READVM","id":518,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":1846197755872,"bytescopied":136,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896801200,"event":"KERNEL_THREATINT_TASK_READVM","id":519,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997213156,"addr_info":"NOT_IMAGE","idx":0},{"addr":140725951175857,"addr_info":"NOT_IMAGE","idx":1},{"addr":140725951175449,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724235191936,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724227239821,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724227239314,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724227237471,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":25},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":26},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":27},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":28},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":29},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":30},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":31},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":32},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":33}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":1846197747712,"vavadallocationprotect":4,"vavadcommitsize":335872,"vavadmmfname":"","vavadqueryresult":0,"vavadregionsize":1048576,"vavadregiontype":131072},{"baseaddress":140725996552192,"bytescopied":64,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896801357,"event":"KERNEL_THREATINT_TASK_READVM","id":520,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237527,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725996552432,"bytescopied":264,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896801479,"event":"KERNEL_THREATINT_TASK_READVM","id":521,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237610,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998046400,"bytescopied":40,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896801596,"event":"KERNEL_THREATINT_TASK_READVM","id":522,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237709,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998061380,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896801722,"event":"KERNEL_THREATINT_TASK_READVM","id":523,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998099742,"bytescopied":22,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896801841,"event":"KERNEL_THREATINT_TASK_READVM","id":524,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998058888,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896801964,"event":"KERNEL_THREATINT_TASK_READVM","id":525,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998084956,"bytescopied":22,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896802082,"event":"KERNEL_THREATINT_TASK_READVM","id":526,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998057644,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896802205,"event":"KERNEL_THREATINT_TASK_READVM","id":527,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998078415,"bytescopied":22,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896802324,"event":"KERNEL_THREATINT_TASK_READVM","id":528,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998057020,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896802446,"event":"KERNEL_THREATINT_TASK_READVM","id":529,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998075040,"bytescopied":22,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896802565,"event":"KERNEL_THREATINT_TASK_READVM","id":530,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056708,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896802684,"event":"KERNEL_THREATINT_TASK_READVM","id":531,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998073156,"bytescopied":22,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896802802,"event":"KERNEL_THREATINT_TASK_READVM","id":532,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056552,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896802923,"event":"KERNEL_THREATINT_TASK_READVM","id":533,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072299,"bytescopied":22,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896803042,"event":"KERNEL_THREATINT_TASK_READVM","id":534,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056628,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896803162,"event":"KERNEL_THREATINT_TASK_READVM","id":535,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072724,"bytescopied":22,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896803279,"event":"KERNEL_THREATINT_TASK_READVM","id":536,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056668,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896803398,"event":"KERNEL_THREATINT_TASK_READVM","id":537,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072922,"bytescopied":22,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896803515,"event":"KERNEL_THREATINT_TASK_READVM","id":538,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056688,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896803634,"event":"KERNEL_THREATINT_TASK_READVM","id":539,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998073042,"bytescopied":22,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896803753,"event":"KERNEL_THREATINT_TASK_READVM","id":540,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056676,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896803872,"event":"KERNEL_THREATINT_TASK_READVM","id":541,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072977,"bytescopied":22,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896803989,"event":"KERNEL_THREATINT_TASK_READVM","id":542,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998056680,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896804109,"event":"KERNEL_THREATINT_TASK_READVM","id":543,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227237973,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998072997,"bytescopied":22,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896804226,"event":"KERNEL_THREATINT_TASK_READVM","id":544,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238048,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998066502,"bytescopied":2,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896804347,"event":"KERNEL_THREATINT_TASK_READVM","id":545,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238297,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725998046720,"bytescopied":4,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896804462,"event":"KERNEL_THREATINT_TASK_READVM","id":546,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227238365,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724225788752,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"baseaddress":140725996749536,"bytescopied":256,"callingprocesscreatetime":134211321262917999,"callingprocessid":3112,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836974663,"callingthreadcreatetime":134214921327519860,"callingthreadid":3440,"etw_event_id":13,"etw_pid":3112,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3440,"etw_time":134215251896804831,"event":"KERNEL_THREATINT_TASK_READVM","id":547,"operationstatus":0,"process_name":"\"C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.26030.3011-0\\MsMpEng.exe\"","stack_trace":[{"addr":140725997223060,"addr_info":"NOT_IMAGE","idx":0},{"addr":140724235200309,"addr_info":"NOT_IMAGE","idx":1},{"addr":140724227241337,"addr_info":"NOT_IMAGE","idx":2},{"addr":140724227246865,"addr_info":"NOT_IMAGE","idx":3},{"addr":140724225688394,"addr_info":"NOT_IMAGE","idx":4},{"addr":140724225694341,"addr_info":"NOT_IMAGE","idx":5},{"addr":140724225685863,"addr_info":"NOT_IMAGE","idx":6},{"addr":140724225763036,"addr_info":"NOT_IMAGE","idx":7},{"addr":140724225757538,"addr_info":"NOT_IMAGE","idx":8},{"addr":140724226638892,"addr_info":"NOT_IMAGE","idx":9},{"addr":140724226638178,"addr_info":"NOT_IMAGE","idx":10},{"addr":140724226623093,"addr_info":"NOT_IMAGE","idx":11},{"addr":140724236877804,"addr_info":"NOT_IMAGE","idx":12},{"addr":140724236874735,"addr_info":"NOT_IMAGE","idx":13},{"addr":140724226839255,"addr_info":"NOT_IMAGE","idx":14},{"addr":140724227602786,"addr_info":"NOT_IMAGE","idx":15},{"addr":140724226978285,"addr_info":"NOT_IMAGE","idx":16},{"addr":140724227663173,"addr_info":"NOT_IMAGE","idx":17},{"addr":140724227662608,"addr_info":"NOT_IMAGE","idx":18},{"addr":140724227600009,"addr_info":"NOT_IMAGE","idx":19},{"addr":140724227597988,"addr_info":"NOT_IMAGE","idx":20},{"addr":140724227600670,"addr_info":"NOT_IMAGE","idx":21},{"addr":140724229139976,"addr_info":"NOT_IMAGE","idx":22},{"addr":140724229139396,"addr_info":"NOT_IMAGE","idx":23},{"addr":140724235602728,"addr_info":"NOT_IMAGE","idx":24},{"addr":140724235602451,"addr_info":"NOT_IMAGE","idx":25},{"addr":140725996955882,"addr_info":"NOT_IMAGE","idx":26},{"addr":140725996773046,"addr_info":"NOT_IMAGE","idx":27},{"addr":140725979784605,"addr_info":"NOT_IMAGE","idx":28},{"addr":140725996924792,"addr_info":"NOT_IMAGE","idx":29}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw","vavadallocationbase":140725996552192,"vavadallocationprotect":128,"vavadcommitsize":69632,"vavadmmfname":"\\Device\\HarddiskVolume3\\Windows\\System32\\ntdll.dll","vavadqueryresult":0,"vavadregionsize":2195456,"vavadregiontype":16777216},{"create":0,"func":"thread_create","id":548,"krn_pid":9228,"pid":9228,"threadid":3836,"time":134214929505107731,"trace_id":41,"type":"kernel"},{"callingprocesscreatetime":134214927009837747,"callingprocessid":9228,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836979257,"callingthreadcreatetime":134214927010343763,"callingthreadid":3836,"etw_event_id":19,"etw_pid":9228,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3836,"etw_time":134215253462780797,"event":"KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS","id":549,"operationstatus":0,"process_name":".\\redtest.exe  2","stack_trace":[],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw"},{"callingprocesscreatetime":134214927009837747,"callingprocessid":9228,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836979257,"callingthreadcreatetime":134214927010343763,"callingthreadid":3836,"etw_event_id":20,"etw_pid":9228,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3836,"etw_time":134215253462786612,"event":"KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS","id":550,"operationstatus":0,"process_name":".\\redtest.exe  2","stack_trace":[],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw"},{"create":1,"func":"thread_create","id":551,"krn_pid":4,"pid":9228,"threadid":3148,"time":134214930009918263,"trace_id":41,"type":"kernel"},{"create":1,"func":"thread_create","id":552,"krn_pid":9228,"pid":9228,"threadid":7804,"time":134214930010169515,"trace_id":41,"type":"kernel"},{"callingprocesscreatetime":134214927009837747,"callingprocessid":9228,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836979257,"callingthreadcreatetime":134214930009918809,"callingthreadid":3148,"etw_event_id":19,"etw_pid":9228,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3148,"etw_time":134215253967590769,"event":"KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS","id":553,"operationstatus":0,"process_name":".\\redtest.exe  2","stack_trace":[{"addr":140725996924752,"addr_info":"ntdll.dll:.text","idx":0}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw"},{"callingprocesscreatetime":134214927009837747,"callingprocessid":9228,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836979257,"callingthreadcreatetime":134214930009918809,"callingthreadid":3148,"etw_event_id":20,"etw_pid":9228,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":3148,"etw_time":134215253967595432,"event":"KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS","id":554,"operationstatus":0,"process_name":".\\redtest.exe  2","stack_trace":[{"addr":140725996924752,"addr_info":"ntdll.dll:.text","idx":0}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw"},{"callingprocesscreatetime":134214927009837747,"callingprocessid":9228,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836979257,"callingthreadcreatetime":134214930010171431,"callingthreadid":7804,"etw_event_id":19,"etw_pid":9228,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":7804,"etw_time":134215253967851442,"event":"KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS","id":555,"operationstatus":0,"process_name":".\\redtest.exe  2","stack_trace":[{"addr":140725996924752,"addr_info":"ntdll.dll:.text","idx":0}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw"},{"callingprocesscreatetime":134214927009837747,"callingprocessid":9228,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836979257,"callingthreadcreatetime":134214930010171431,"callingthreadid":7804,"etw_event_id":20,"etw_pid":9228,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":7804,"etw_time":134215253967854883,"event":"KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS","id":556,"operationstatus":0,"process_name":".\\redtest.exe  2","stack_trace":[{"addr":140725996924752,"addr_info":"ntdll.dll:.text","idx":0}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw"},{"callingprocesscreatetime":134214927009837747,"callingprocessid":9228,"callingprocessprotection":"unsupported","callingprocesssectionsignaturelevel":"unsupported","callingprocesssignaturelevel":"unsupported","callingprocessstartkey":1970324836979257,"callingthreadcreatetime":134214927009837781,"callingthreadid":11736,"etw_event_id":19,"etw_pid":9228,"etw_provider_name":"Microsoft-Windows-Threat-Intelligence","etw_tid":11736,"etw_time":134215260980487638,"event":"KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS","id":557,"operationstatus":0,"process_name":".\\redtest.exe  2","stack_trace":[{"addr":140725997212805,"addr_info":"ntdll.dll:.text","idx":0},{"addr":140725996902099,"addr_info":"ntdll.dll:.text","idx":1},{"addr":140725951112173,"addr_info":"KERNELBASE.dll:.text","idx":2},{"addr":140696170735872,"addr_info":"redtest.exe:.text","idx":3},{"addr":140696170736640,"addr_info":"redtest.exe:.text","idx":4},{"addr":140725979784605,"addr_info":"KERNEL32.DLL:.text","idx":5},{"addr":140725996924792,"addr_info":"ntdll.dll:.text","idx":6}],"targetprocesscreatetime":134214927009837747,"targetprocessid":9228,"targetprocessprotection":"unsupported","targetprocesssectionsignaturelevel":"unsupported","targetprocesssignaturelevel":"unsupported","targetprocessstartkey":1970324836979257,"trace_id":41,"type":"etw"}]